Information Security

Policy + Tools

In the News

News

Recent 2026 2025 2024 2023 2022

FBI Warns Generative AI Used for Financial Fraud

Generative artificial intelligence reduces the time and effort criminals must expend to deceive their targets. Since it can be difficult to identify when content is AI-generated, the FBI provided several examples of how criminals may use generative AI in their fraud schemes.

How AI is Helping to Spot Email Scams

Phishing attacks pose a significant threat in today's digital landscape, but artificial intelligence (AI) can be used to combat these scams. Genady Vishnevetsky, chief info security officer for Stewart Title Guaranty Co. and chair of ALTA's Information Security Work Group, discusses how this technology can be used to detect spoofed emails.

 9 Red Flags to Identify Deepfakes Targeting Financial Institutions

The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an alert to help financial institutions identify fraud schemes associated with the use of deepfake media created with generative artificial intelligence (GenAI) tools.

‘It Shocked Me’: Scammers Now Using AI Deepfakes to Fraudulently Sell Real Estate

It’s a sophisticated scam you may have never heard of—using AI technology to try and fraudulently sell property -- but it almost happened recently in Hallandale Beach. A would-be scammer used a missing woman’s photo to create an AI video image and used it to appear on a Zoom call with a title company.

Alert: Phishing Email Appears to Come From Ellie Mae Targets Title Industry

The fraudulent email has the subject line "You have a new Title & Closing request from the Encompass Title Center."

Revision to ALTA Best Practices Published as Final

The revisions have been made with the objective of allowing agents and direct operations to continue to optimize their practices and procedures to ensure financial safety, data security and operational stability, and to provide lenders with the assurances that their needs are being fulfilled by improved operations. Revisions address password management and closing transactions not involving state regulated title insurance policies.

 Mapping out Elements of a Robust Cybersecurity Implementation Program

The purpose of a cybersecurity plan is threefold: to ensure the security and privacy of sensitive customer data, to meet the strict regulatory requirements that exist to protect customers from fraud and ensure fair transactions, and to build and maintain client trust through appropriate risk management protocols. Read on as Shawn Fox of Premier One offers four key steps to consider when establishing a strong cybersecurity program.

ALTA Member Company Knight Barry Title Warns Fake Sellers Spoofing Title Company Websites

Knight Barry Title is warning its partners, industry colleagues and consumers about a “new twist” in tactics by cybercriminals engaged in seller impersonation fraud. Over the last month, the Wisconsin-based title company has thwarted multiple attempts by scammers to set up fake webpages to look Knight Barry's website. Read on to learn what the title company is doing to help uncover spoofed sites.

Hackers Leak 2.7 Billion Data Records With Social Security Numbers

Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases.

Posing as ‘Alicia,’ This Man Scammed Hundreds Online. He Was Also a Victim.

A multibillion-dollar cyberfraud industry operating out of Southeast Asia relies on forced labor and torture.

Criminals Try to Capitalize on Recent Crowdstrike Outage

The recent global Crowdstrike/Microsoft outage wasn't an intentionally malicious act. It was a bug in the software. However, threat actors quickly started using social engineering techniques to trick people across the globe into taking some action that could harm them or their company. 

 A Practical Cybersecurity Roadmap for Title Agents

By now, the message is clear for the title industry: Cyber threats are real, and no one is immune. Even if most agree that cyber defenses are critical, where does a title agent start—especially on a budget hampered by weak market conditions? Listen to this Stavvy-sponsored ALTA Insights webinar recording to get a practical, step-by-step guide to help your agency or law firm bolster its cyber defenses. Presenters offer tips to help small businesses dodge unnecessary expenses and leverage their budgets for maximum security.

The Hidden World of Money Mules

Money mules are typically individuals that criminals recruit to transfer illegally obtained money between different bank accounts. They can be witting or unwitting accomplices in these transactions. The promise of easy money might lure them in, or they may be completely unaware that they're participating in illegal activities.

Beware! Fake Chrome Error Messages Trick Users Into Installing Malware

Cybersecurity experts have warned that Google Chrome users are being targeted by a sophisticated scam, that tricks them into copying and pasting malicious malware onto their computers. The scam involves popup notifications falsely claiming an error has occurred while trying to open a document or web page. According to cybersecurity firm Proofpoint, the popup box instructs users to paste text into a PowerShell terminal or Windows Run dialog box.

Decoding the Tricks: An Analysis of Poisoned Domains in the SubdoMailing Attack

SubdoMailing is a domain takeover attack first discovered in February 2024. Malicious actors exploited poorly maintained Domain Name System (DNS) records to send fraudulent emails impersonating legitimate brands. Since February, Red Sift has conducted analyses of the attack and believes that multiple groups are using SudboMailing to send fraudulent mail on behalf of legitimate brands. Red Sift compiled an extensive dataset of poisoned domains, or domains included in the DNS of legitimate brands, that were exploited by malicious actors.

 Report Highlights Court Battles Over Wire Fraud Liability

There’s been an alarming rise in real estate wire fraud, and it’s having a devastating impact on the title industry as well as consumers. Those victimized by such scams are turning to the courts to seek damages after their life savings or business liquidity is stolen by scammers. In a new report, CertifID analyzed more than 100 real estate wire fraud cases, and concluded that it’s becoming clear that title companies, law firms, banks and real estate professionals may bear potential liability if client funds are diverted to fraudulent accounts. Read on for analysis of a bank's liability, recent legal battles involving title companies, takeaways from the court decisions and risk mitigation strategies.

The Alarming Rise of Scareware: A Malicious Tactic to Fear

In the ever-evolving landscape of cybersecurity threats, a sinister tactic known as "scareware" continues to emerge. Read on as Genady Vishnevetsky chief info security officer for Stewart Title Guaranty Co. and chair of ALTA's Information Security Work Group, highlights a few tactics criminals use to lure victims into their scareware.

Best Practices to Identify Phishing Email

Employees continue to be the weakest link when it comes to cybersecurity. According to reports, nine out of 10 data breach incidents were caused by employee mistakes. Phishing email is one way criminals attempt to garner sensitive information or data. Listen to this Closinglock-sponsored ALTA Insights webinar to learn best practices to help identify phishing attempts when reviewing emails. 

Premier One Introduces Cybersecurity Solution

Powered by Blackpoint Cyber, the cybersecurity solution tailored for small and medium-sized businesses combines managed detection and response (MDR), cloud Response for Microsoft 365 and managed application control (Zero Trust) to protect against a wide range of cyber threats.

The Hidden Dangers of YouTube

YouTube, a popular platform for entertainment and education, has unfortunately become a playground for cybercriminals. According to research by Avast, cybercriminals exploit the platform's automated advertising and user-generated content to propagate their harmful activities, making YouTube a significant channel for phishing and malware attacks. Read on as Genady Vishnevetsky, chief information security officer for Stewart Title Guaranty Company and chair of ALTA's Information Security Workgroup, details tactics criminals are using on YouTube.

Proof Launches AI-powered Fraud Detection Tool

Proof launched a fraud detection product powered by artificial intelligence (AI) built to combat the $81 billion in annual losses in the U.S. caused by falsified records, forged signatures, and identity theft.

CloseSimple Launches Integrated Identity Verification and Wire Fraud Solutions

Integrated into the CloseSimple portal, these features enable title companies and real estate attorneys to consolidate the consumer closing experience under one platform.

Settlor Launches Enhanced Security Features for Customer Portal

In addition to multifactor authentication via both email and phone, Settlor offers the ability to add wire instruction delivery details, providing safe access to view this sensitive information.

FNF Family of Companies Launches Tool to Detect Seller Impersonation

Called ionFraud, the tool allows title agents to verify a myriad of property information when they open a new order, including owner name, owner’s mailing address, occupancy, assessed value and estimated mortgage balance.

Nacha Rule Changes to Fight Authorized Payment Scams

New Nacha rules that take effect in mid-2026 are potentially a breakthrough for fighting scams that result in authorized payments. The rules attempt to bring a collaborative approach—enlisting the sending and receiving financial institutions and their ACH customers—into the fight against unauthorized transactions and authorized push payment scams.

Fresh Phish: Fake SharePoint Fax

It's important for title and settlement professionals to be aware of the latest phishing schemes. To help with this, ALTA has developed an infographic that highlights different phishing emails, details what the fraudsters are attempting to do and explains how to spot the bait. This "fresh phish" attempts to steal Office365 credentials so the phisher can sign in to user's email account or sell the information.

Best Practices to Spot Phishing Emails

With companies receiving phishing email every day, it’s best to keep in mind a few best practices when reviewing emails. Read on for tips from Kloud9.

Fresh Phish: U.S. Post Office Text Phishing Message

It's important for title and settlement professionals to be aware of the latest phishing schemes. To help with this, ALTA has developed an infographic that highlights different phishing emails, details what the fraudsters are attempting to do and explains how to spot the bait. This "fresh phish" attempts to get you to click on the phishing link and reply to the scam text message potentially infecting your cell phone or stealing your information.

Important Yet Affordable Cybersecurity Defenses

ALTA is dedicated to helping members safeguard their operations from the constant threat of cyber attacks. Read on for a collection of helpful links to cybersecurity resources provided by ALTA’s Information Security Work Group and other trusted sources.

Fresh Phish: Microsoft Authenticator

It's important for title and settlement professionals to be aware of the latest phishing schemes. To help with this, ALTA has developed an infographic that highlights different phishing emails, what the fraudsters are attempting to do and how to spot the bait. This "fresh phish" attempts to steal Office 365 credentials to sell them or gain access to your email account. It's important to never approve multi-factor authentication requests that you didn't initiate.

New Critical Microsoft Outlook RCE Bug is Trivial to Exploit

An ALTA member could receive a phishing email with a specifically crafted hyperlink in the body of the email that utilizes and takes advantage of this Outlook vulnerability. Clicking on the malicious link bypasses Outlook’s existing security mechanisms and can lead to the leakage of local NTLM credentials (protocol used in networks that require user authentication) and the potential for arbitrary code execution. Microsoft recommends applying the recently released security updates as soon as possible to mitigate this critical vulnerability.

 Fresh Phish: Microsoft OneDrive Document

It's important for title and settlement professionals to be aware of the latest phishing schemes. To help with this, ALTA has developed an infographic that highlights different phishing emails, what the fraudsters are attempting to do and how to spot the bait. This "fresh phish" attempts to steal Office 365 credentials to sell them or gain access to your email account. It's important to never approve multi-factor authentication requests that you didn't initiate.

Google Cracking Down Against Spammers to Protect Gmail Users

Starting in February, Google and Yahoo started requiring Domain-based Message Authentication, Reporting & Conformance (DMARC) policies to be enabled or they will start rejecting email. It's recommended ALTA members' IT managed service provider (MSP) or internal IT teams start checking their email domain policies to get a head of any potential Google or Yahoo email delivery issues.

Deepfake Video Conference Convinces Employee to Send $25M to Scammers

A deepfake phishing scam cost a multinational company more than $25 million after an employee was fooled by digital imitations of his colleagues on a conference call.

Phishing Guidance: Stopping the Attack Cycle at Phase One

Several federal agencies issued a guide outlining phishing techniques malicious actors commonly use and to provide guidance for both network defenders and software manufacturers. This will help to reduce the impact of phishing attacks in obtaining credentials and deploying malware. The guidance for network defenders is applicable to all organizations but may not be feasible for organizations with limited resources. Therefore, this guide includes a section of tailored recommendations for small-and medium-sized businesses that may not have the resources to hire IT staff dedicated to a constant defense against phishing threats.

Ivanti Warns of New Connect Secure Zero-day Exploited in Attacks

Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure andZTA gateways, one of them a zero-day bug already under active exploitation. Some ALTA members may utilize Invanti’s Connect Secure VPN (also known as Pulse VPN) or these other products, opening them up to significant cyber risk if not resolved.

Survey: Title Companies Report Increase in Cyberattacks But Mitigation Efforts Help

More than 90% of title insurance companies reported the volume of cybercrime attempts increased or remained the same over the past year, according to a Cybercrime & Wire Fraud Study sponsored by the ALTA Land Title Institute. Read on for more results.

Hackers Target WordPress Database Plugin Active on 1 Million Sites

Malicious activity targeting a critical severity flaw in the "Better Search Replace" WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. There may be some ALTA members running this plugin on their public website and could be impacted. Users are strongly recommended to upgrade to 1.4.5 as soon as possible.

Critical Cisco Unified Communications RCE Bug Allows Root Access

CISA Issues Emergency Directive on Ivanti Vulnerabilities

CISA has issued Emergency Directive (ED) 24-01 Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities in response to active vulnerabilities with Ivanti Connect Secure and Ivanti Policy Secure. Some ALTA members may use Invanti’s Connect Secure VPN (also known as Pulse VPN) and Ivanti Policy Secure opening them up to significant cyber risk if not resolved.

Apple Releases Security Updates for Multiple Products

Apple has released security updates for iOS and iPadOS, macOS, Safari, watchOS, and tvOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. How the scheme works: A criminal sends a text message or phishing email. If the URL link is opened on a iPhone, iPad or Mac, the person is sent to a website that has the vulnerability built into it. The individual’s Apple device then becomes compromised.

Regulators Say They Have the Tools to Address AI Risks

Bank regulators said that while they are actively exploring the risks that could emerge from financial institutions' reliance on artificial intelligence, existing tools and laws are sufficient to prevent those risks from harming consumers or the financial system.

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Citrix Warns of New Netscaler Zero-days Exploited in Attacks

The two zero-days (tracked as CVE-2023-6548 and CVE-2023-6549) impact the Netscaler management interface and expose unpatched Netscaler instances to remote code execution and denial-of-service attacks, respectively.

Cybersecurity Advisory from ALTA's Information Security Work Group

Considering the most recent cybersecurity incidents, ALTA's Information Security Work Group urges everyone to use extreme caution when opening emails containing links, attachments or requests for personal information, such as security credentials or authentication codes. Read on for additional guidance to improve cybersecurity protocols.