If a settlement agent believes cybersecurity is something only the big banks and other high profile financial institutions need to be concerned with, think again. Small businesses have a big target on their backs. In fact, the 2016 State of SMB Cybersecurity Report reveals that 50% of SMBs have been breached in the past 12 months.

Scammers want money and often they start the illegal scheme by phishing for information. Phishing scams targeting homebuyers have become so commonplace that the Federal Trade Commission issued a warning earlier this year. But it’s not just the homebuyer being attacked.

Earlier this year a hacker obtained access to a title company’s server and ended up absconding with $1.57 million of buyers’ money in an event that will have a long-lasting impact on the title company.

Most commonly, the title agent is targeted with an email stating that there has been some event at the bank requiring the agent to confirm or change the login credentials by clicking on an embedded link. The redirect page is designed to resemble the actual bank login page.  If the agent follows the link and enters his or her credentials, the attackers gain access to the bank account.  In most cases, funds are then channeled out of the trust account via electronic transfers. Because the design of the portal is so similar to  the real thing, there is nothing suspicious so no questions are asked.

Another common phishing attack scheme is in some ways more damaging, because the effects can linger a long time on the target computer. In this scheme, an email is sent to the settlement agent as if sent from a party to a transaction. This is most commonly associated with revised loan documents, revised CDs, and wire instructions but the attacker’s creativity for illegal efforts leaves nothing untouchable.

The illicit email typically contains what appears to be an embedded document. Opening or downloading that document results in what’s called a “key logger” (a program that records the keystrokes on a computer and sends them back to the attacker) or a trojan virus that automatically installs on the settlement agent’s computer.  While it does not immediately provide access to the trust account, it allows the attackers to collect logins and passwords for various programs used by all who access the infected computer, including passwords for settlement systems, bank accounts, and on premise secure document portals.

While title and settlement agents do their best to catch forgeries and illegal cyberattacks, there are cases when an email is so perfectly counterfeited it’s nearly impossible to thwart having the wool pulled over your eyes. If the email is an impeccable copy of a recent transaction or references a recent event at the bank, it’s nearly impossible not to fall prey to this scheme. 

But it’s time to disprove the argument put out by Hemu Nigam, founder of SSP Blue theory that small businesses are hard hit because “they don't have the resources to put in high-end cybersecurity protection and they may not be consciously aware they are a target."

If you’re lucky enough to catch fraud, immediately change your password. And whenever possible, add two-factor authentication with your bank. This may be a text to your phone with a temporary code, a fingerprint or even facial recognition like the one being discussed on the soon to be released iPhone and already available on some Android models.  

In addition to two-party authentication, there are steps that should be put into place to monitor account activity and quickly catch unauthorized transactions.  For example, the best title and closing platform will offer auto-clearing functionality. This feature links a settlement agent’s bank accounts with the system for up-to-date transaction matching.  Daily data .bai or .csv uploads to a real estate title and closing platform are also an option. At the very least, the labor-intensive manual transaction matching should be performed at a regular basis in addition to the monthly 3-way reconciliation.

Whichever way chosen, the result is a report uncovering unmatched transactions appearing as exceptions. These need to be reviewed daily to quickly spot any discrepancies. In addition, it’s important to perform a daily two-way reconciliation. Finalizing daily reconciliations allows settlement agents to confirm that the book records and the bank records match, monitor outstanding receipt and payments, and offer the additional benefit of locking cleared items in the register. This prohibits an erroneous void or a change in date or amount.  

Installing and regularly updating a modern anti-virus program is a must for every company dealing with sensitive data.  Even with the best anti-virus systems, however, companies cannot protect against every threat.  The best protection policy is to ‘think before the click’. Ask yourself:

  • Am I expecting this document? 
  • Is this method of delivery consistent with other methods? 
  • Have I received a password for an encrypted document?
  • Does the sender’s email address match email addresses on file, letter-for-letter? 
  • Does the email have a signature block? If so, does the information match what’s on file or in a prior communication? 

Answering these simple questions can help identify fraudulent emails and prevent a cyber attack.

Armed with basic security procedures, training and tools can go a long way but never let your guard down. Hackers are always pushing the envelope for a criminal win. Keep your team up to date on the latest phishing techniques and stand steady with the best tools to keep your client information safe. It’s essential to maintaining your accounts, your reputation and customer satisfaction.