Cyber insurance can be an important protection for title agencies, but it is not a guarantee that every fraud-related loss will be covered. A recent federal case, (S.D. Ohio Mar. 13, 2026), offers a useful reminder of how quickly coverage issues can arise when a title agency experiences a wire fraud incident and waits too long to notify its cyber insurer.

The case involved a buyer who was defrauded out of more than $480,000 after receiving spoofed wiring instructions that appeared to come from the title agency. The buyer later sued the agency for negligence. Although the agency carried cyber insurance, the cyber insurer denied coverage. The court agreed with the insurer, finding that the claim was not reported within the required timeframes and that the agency had prior knowledge of the incident.

The agency was aware of the incident when it occurred, or shortly after, but waited until it was sued by the buyer before notifying its cyber insurer. By that time, the cyber-policy period in place when the incident occurred had ended, and a new cyber-policy period had begun. Even though the same insurer issued the follow-on policy, the court found that the agency had not satisfied the policy鈥檚 reporting requirements.

The result reinforces that strict compliance with policy conditions 鈥� especially prompt notice and timing requirements 鈥� is essential for coverage to apply.

Cyber insurance does not automatically cover fraud losses

Many title agencies may assume, 鈥淲e have cyber insurance, so we鈥檙e protected.鈥� That assumption can be dangerous.

Cyber coverage depends on the specific terms of the policy. In this case, the agency鈥檚 coverage turned on policy wording, timing and reporting requirements. The loss involved a fraud scheme tied to spoofed wiring instructions, but that fact alone did not determine the outcome. The court focused on whether the agency complied with the policy鈥檚 conditions.

The bottom line is straightforward: cyber insurance is not a general safety net. It is a contract with strict rules that agencies need to understand and follow.

Timing can determine whether coverage exists

Most cyber policies issued to title agencies are 鈥渃laims-made and reported鈥� policies. This typically means that the claim must be made during the policy period and reported during that same period, or within another timeframe set by the policy.

In this case, the fraud occurred in March 2024. The lawsuit against the title agency was not filed until October 2024, and the agency reported the claim at that time. By then, the policy period in place when the incident occurred had already expired.

The agency also had a subsequent policy with the same cyber insurer. But that did not solve the problem. The result was that there was no coverage under the earlier policy, and the later policy did not pick up the incident simply because it was issued by the same insurer and began immediately after the prior policy ended.

For agencies, this is one of the most important lessons from the case. The claim should have been reported during the same policy period in which the incident occurred, and within the timeframe required by the policy. A policy renewal does not reset the clock on an incident the agency already knows about. Each policy period stands on its own.

Report potential incidents early

The agency鈥檚 delay in reporting was central to the coverage dispute. The title agency discovered the fraud in March 2024 and investigated internally, but waited until November 2024 to notify its cyber insurer. The policy required notice within 30 days of discovering a potential issue.

That word 鈥� potential 鈥� matters. The reporting obligation was not dependent on a lawsuit being filed. It was also not dependent on months of attempts to resolve the issue or recover the funds. The obligation was triggered when the agency became aware that something had gone wrong, or that something may have gone wrong.

The lesson is that agencies should not wait for perfect information before giving notice. When something seems wrong, the clock may already be running.

鈥淲e were not hacked鈥� may not be enough

Another important point from the case is that cyber risk is not limited to a direct breach of an agency鈥檚 computer systems.

The title agency argued that its systems had not been compromised, and its IT vendor confirmed there had been no intrusion. But that did not change the outcome. The claim centered on email spoofing, fraud carried out through impersonation and the agency鈥檚 alleged failure to prevent the scam.

That distinction matters. Fraudsters can infiltrate real estate transactions without directly hacking an agency鈥檚 systems. They may use email spoofing, social engineering, fake wiring instructions or other methods designed to exploit trust and urgency. These schemes can be difficult to avoid even when best practices are followed.

Even where an agency鈥檚 systems are secure, it may still face liability for email fraud, wire fraud schemes and social engineering attacks. Cyber risk extends beyond traditional hacking.

Prior knowledge can defeat coverage

The court also addressed the agency鈥檚 attempt to rely on the later policy period. That effort failed because the agency already knew about the incident before the new policy began.

Most policies exclude known incidents that existed before coverage started. That is why an agency generally cannot wait until renewal and expect a new policy to cover an old problem. If the agency has prior knowledge of a loss, claim, circumstance or potential issue, that knowledge can become a coverage barrier.

The lesson is clear: an agency cannot rely on renewing its policy to cover past problems. Report potential claims in the policy period in which the issue arises, and do so within the timeframe required by the policy.

Know who owes coverage

The title agency sued both the cyber insurer and the insurance producer. The court ruled that only the insurer had contractual obligations under the policy. The producer did not have a duty to provide coverage.

That means agencies should understand who issues the policy, who handles claims and who actually owes coverage. The producer may help place coverage and answer questions, but the insurer issues the policy and bears the contractual coverage obligations. When a claim occurs, agencies need to know exactly where notice must be sent, who must receive it and what the policy requires.

Because the producer did not owe coverage, suing the producer did not advance the agency鈥檚 coverage position and, from a practical standpoint, was a waste of time, money and effort.

Bad faith claims are difficult when policy terms are clear

The agency also argued that the insurer acted in bad faith. The court disagreed because the denial was based on clear policy terms and the timeline supported the insurer鈥檚 position.

If an agency misses a policy deadline or fails to satisfy a reporting condition, a bad faith argument is not likely to change the outcome. The better course is to understand the policy requirements and follow them from the beginning.

What title agencies should do now

The case offers several practical steps for title agencies. First, create a 24-to-48-hour reporting rule. The first 24 to 48 hours after a suspected incident are often the most important for taking action to optimize the chances of a successful recovery. If your agency sees a suspicious email, wire fraud attempt, client complaint or possible misdirected funds, notify your cyber insurer immediately. Do not wait for confirmation or legal action.

Agencies should also contact 星空传媒 星空传媒鈥檚 Fraud Hotline at FraudHotline@alliantnational.com without delay. Early notice alerts and enables the 星空传媒 星空传媒 team to provide assistance when time is critical and when agencies most need advice and direction on next steps.

Second, train staff to recognize fraud red flags. Most losses involve familiar patterns: email spoofing, fake wiring instructions and social engineering. Staff should always verify wiring instructions verbally by calling a known and confirmed phone number. Email changes should be treated as suspicious. The mindset should be simple: VERIFY, THEN TRUST: Every file, every party, every time.

Third, review your cyber policy in plain English. Ask your broker what counts as a claim, when reporting must occur, whether social engineering losses are covered and what exclusions apply. Agencies should understand both their coverage and their obligations before a problem occurs.

If the policy language is unclear, ask questions now. Be proactive with your cyber insurer鈥檚 insurance producer and the cyber insurer about what is covered under the policy you are purchasing and what actions may affect coverage. Even if there is no cyber-insurance coverage for a particular incident, the title agency may still be found responsible and held financially liable for the loss.

Fourth, document everything immediately. When an incident occurs, record dates, timelines, emails, communications, internal actions and any steps taken to investigate or respond. Documentation can directly affect coverage eligibility.

Finally, do not assume that renewal fixes a problem. A new policy does not reset obligations under a prior policy and generally does not cover known incidents that happened during a preceding period. Each policy and coverage period stands on its own. Agencies should also ask their cyber insurer鈥檚 insurance producer about extended reporting period options, sometimes called 鈥渢ail鈥� coverage, and retroactive date coverage for prior incident protection when renewing policies.

The bottom line

The biggest lesson from this case is simple: cyber insurance only works when agencies follow the policy requirements exactly. Agencies do not always lose coverage because they lack insurance. They may lose it because they report too late, misunderstand what triggers coverage or assume that a lawsuit matters more than early warning signs.

If you take just one action after reading this, build plans for immediate reporting and documentation. That single change can determine whether your policy protects you or leaves you exposed to a six-figure loss.

Additionally, 星空传媒 星空传媒 offers a complimentary cyber insurance gap review for our agents. It is designed to assist title insurance agents in reviewing their cyber insurance coverage to identify gaps, limitations, subjectivities, and potential risks that may not be fully covered.

For more information on the service or to request this gap review, please contact Tom Weyant: tweyant@alliantnational.com  

The post When Wire Fraud Happens, Your Cyber Policy Clock May Already Be Running appeared first on 星空传媒 星空传媒 Title Insurance Co..

By Amanda Berry, Senior Claims Counsel, 星空传媒

The real estate market is currently experiencing record low transaction volume, driven by mortgage and affordability pressures. Given these conditions, one might assume that fraud rates have similarly decreased鈥攜et the data show the opposite. According to ALTA, scams like seller impersonation fraud remain a growing problem. 28% of title insurance companies, for instance, have experienced at least one seller impersonation fraud attempt in recent years.[i] A Milliman claims analysis shows fraud and forgery accounted for 21% of all dollars spent on claims expenses and losses. These numbers suggest that fraudsters are becoming more coordinated and sophisticated, leading to successful schemes even amid lower transaction rates. These schemes exploit common fears and insufficient verification practices to generate huge claims. Refinance transactions are particularly susceptible due to how much of their risk sits outside the public records and inside the transaction workflow itself.

From one-offs to multi-layered attacks

How do we explain this? Well, in 2026, real estate fraud is no longer primarily isolated, one-off scams. Layered and sophisticated attacks are becoming increasingly common. ALTA notes that title professionals are now confronting schemes ranging from wire fraud, seller impersonation, identity theft and forged deeds, while spending substantial time each month on fraud prevention. Many of today鈥檚 top schemes also cannot be detected through public-record searches and require stronger identity verification, monitoring and communication safeguards to keep pace. 

To make a long story short, just as high-tech cybercriminals often attack a target鈥檚 network through multiple vectors, today鈥檚 real estate fraudsters will seek to infiltrate a transaction through several touchpoints at once. These criminals are highly adept at appearing to be a legitimate party in the transaction. That is what makes these attacks multi-layered: they may involve compromised communications, false identities, forged documents and payoff confusion, rather than one obvious red flag. This assessment comports with Milliman鈥檚 data, which indicates that nearly 30% of losses could not have been prevented by consulting public records.[ii]

Refinances are particularly vulnerable

These dynamics make refinances particularly vulnerable to fraudsters. Refinance deals may look fine at first but include problems that resurface later. Some of these include impersonations, forged signatures, mortgage payoff fraud, or communication and closing misfires. These elements often cannot be detected via public records, which means a standard search alone often will not catch them.

Title agency workflows can also make refinance transactions vulnerable. Payoffs appear in more than 90% of transactions, and issues related to obtaining them can often slow the closing process.[iii] Communication between multiple parties may be required, and when a transaction requires handoffs between multiple parties, bad actors have an additional opportunity to insert themselves into the process. 

Milliman鈥檚 2025 analysis of claims and claims-related losses in the title industry confirms how successful fraudsters have been at targeting these transactions. Their analysis states that the 鈥渁verage claim severity is higher for refinances than for purchases鈥�[iv] and that 40% of those claims were made up of instances of fraud and forgery.[v]

Go the extra mile to safeguard transactions

With such high stakes involved, title agents should always treat refinance transactions as high risk and apply extra scrutiny to these files. Payoff and impersonation fraud can be easy targets for criminals. Agents must have procedures in place and always follow them: Verify, then Trust鈥攅very file, every party, every time. Always independently confirm payoff details and wire instructions, and treat all last-minute changes with extreme skepticism. The same goes for communications. When communicating about a refinance deal, do not take any change requests at face value. Instead, be sure to confirm changes through other channels. Use identity verification tools to confirm whether a person is who they say they are. By following these steps, you will be better positioned to prevent losses and claims.

Extra checks prevent extra costs

Time is always of the essence in any business, and perhaps nowhere more so than in real estate, where thousands or even millions of dollars can be on the line. Yet the unfortunate reality is that fraudsters are evolving their methods and targeting real estate transactions for this very reason. This is particularly true for refinances, with sources showing that the average claim now costs $206,976, including nearly $68,199 in defense costs.[vi] Slowing down and verifying refinance transactions that come across your desk is worth it if you can prevent that kind of financial damage. While no agent wants to face a fraud claim, be prepared if one does occur and have a response plan in place.

[i]

[ii]

[iii]

[iv]

[v] Ibid

[vi] Ibid

The post The Changing Face of Fraud听 appeared first on 星空传媒 星空传媒 Title Insurance Co..

It is difficult to admit it, but we are all getting older 鈥� day by day. For many of us, and for our family members, we must actively think about how we may want to distribute our assets when we pass away. Our assets may include personal property, financial accounts, investments such as stocks and bonds, and real property 鈥� just to name a few. For this article we will concentrate our discussion on real property.

Unless there is a legal tool established to have an asset avoid probate, typically when a person holds title to real property and passes away, their interest may be addressed through a probate of that person鈥檚 estate. From formal, informal, summary administration, or ancillary administration of a person鈥檚 estate, a review of the written wishes of the decedent鈥檚 distribution of assets or through the intestate succession laws of the state will identify the heirs and beneficiaries and how to correctly distribute any real property.

As an example, in Florida, under Chapter 5 of The Uniform Title Standards, Estates of Decedents, Standard 5.1 discusses an intestate decedent and homestead property.  Here is one comment from that standard:

Section 732.101(2), Fla. Stat. provides that the decedent鈥檚 death is the event that

vests the heirs鈥� right to the decedent鈥檚 intestate property. However, for title to be

marketable, Florida probate or similar judicial proceedings are necessary to

establish the identity of the heirs. In addition, in order to preserve a permanent

record of the probate proceedings for future marketability purposes, it is strongly

recommended that certified copies of the pertinent excerpts be recorded in the

official records of the county where the real property is located. 鈥�

Under 搂搂 733.607(1) and 733.608, Fla. Stat., the decedent鈥檚 real property, except

protected homestead, is subject to the possession and control of the personal

representative for such purposes as the payment of devises, estate and inheritance

taxes, claims, charges, and expenses of the administration and obligations of the

decedent鈥檚 estate.

Protected homestead does not become an asset within the possession and control of the personal representative. Spitzer v. Branning, 135 Fla. 49, 184 So. 770 (Fla.

1938); Public Health Trust of Dade County v. Lopez, 531 So. 2d 946 (Fla. 1988).

Therefore, during the administration of the estate, a conveyance from the heirs

would not create a marketable title unless: (1) a final order determining the

property to be protected homestead had been entered, or (2) the personal

representative relinquishes control, or potential control over the asset by quitclaim

deed, certificate of distribution or other similar instrument, and estate taxes cleared.

So, in Florida, beyond just being the decedent鈥檚 asset, there is also an evaluation of whether the real property was their homestead property. Such a determination matters and may necessitate different steps for the distribution of the real property.

For a person that has a will (i.e. testate) which is duly admitted to probate and does not specifically identify the property as one to be devised, then the distribution of the real property most likely will have to be addressed through the probate court to determine the rightful heirs or beneficiaries of that property.

It is also worth mentioning that depending on your state, there may be other statutory mechanisms to assist with the distribution of real property without probate proceedings, when done properly, such as an Affidavit of Heirship, Life Estate / Beneficiary deed, Trusts, Survivorship deed, and others.

From a claim鈥檚 perspective, the team typically addresses heir and beneficiary issues that involve someone who was not identified in the probate proceedings, the person was not named in the nonjudicial evidence of an Affidavit of Heirship, or the person was named but a conveyance deed was not obtained and recorded.

To avoid missing an heir or beneficiary, it is important to review an obituary (if available), ask questions about the decedent鈥檚 family, and if heirs or beneficiaries are identified, obtain a deed from each person. To expand on the last-mentioned situation, we occasionally see that a decedent鈥檚 heir or beneficiary is also deceased. However, you cannot ignore their particular interest as their interest goes to this person鈥檚 heirs and beneficiaries and deeds still need to be obtained to resolve their interest.

Here are a few scenarios involving a decedent鈥檚 property:

Scenario #1

Q: A family member of an intestate decedent who passed away a year ago enters your office and says that he has a Power of Attorney to manage and sell the property. Will the Power of Attorney work in this situation?

A: No.  A power of attorney automatically terminates upon the death of the principal. Thus, a probate must be open to determinate the heirs and the distribution of the asset.  

Scenario #2

Q: The daughter of an intestate decedent visits your office. She states she is the only child that her single father acknowledged at the time of his passing. However, her two brothers have been 鈥渄isowned by the family鈥� and there is no need to probate her father鈥檚 estate. Is the daughter able to convey full fee simple title without her brothers?

A: No. To address any interest in the asset a probate proceeding should be open in that state or non-judicial evidence of heirship provided, if available in your state. In either case, it would be necessary to have all decedent鈥檚 heirs execute a conveyance deed.

Scenario #3

Q: The nonresident decedent owns real property in Florida. A probate of the decedent鈥檚 estate was handled in Nevada.  A son comes to your office with the Nevada probate proceedings and states that he can sell the property. Can you proceed with only a Nevada probate?   

A: No.  Nevada does not have jurisdiction over the Florida property. A probate should be filed in Florida to address the distribution of the asset and a conveyance deed obtained from the heir(s).

Conclusion

This article provides a broad, high-level discussion of a limited area of estate and probate as it applies to real property. As you can see, the complexities of estate administration for each state must be analyzed thoroughly and accurately to ensure that the proper parties are conveying title and to prevent ownership challenges. Remember to check your state resources, speak with your underwriter, or discuss with your legal counsel to properly identify and resolve any interest being held by an heir or beneficiary.

Resources:

Justia. 2024 Colorado Revised Statutes, Title 15 鈥� Probate, Trusts, and Fiduciaries, Colorado Probate Code, Article 11 鈥� Intestate Succession and Wills – .

Justia. 2023 North Carolina General Statutes, Chapter 28A 鈥� Administration of Decedents鈥� Estates; Chapter 28B 鈥� Estates of Absentees in Military Service; Chapter 28C 鈥� Estates of Missing Persons; Chapter 29 鈥� Intestate Succession; Chapter 30 鈥� Surviving Spouses; Chapter 31 – Wills  – .

Justia. 2024 Texas Statutes, Estates Code, Title 2 鈥� Estates of Decedents; Durable Powers of Attorney, Subtitle E 鈥� Intestate Succession, Chapter 203 鈥� Nonjudicial Evidence of Heirship – .

Missouri Revisor of Statutes, Title XXXI Trusts and Estates of Decedents and Persons Under Disability, Chapter 461 Nonprobate Transfers Law – .

The Uniform Title Standards, A Publication of the Florida Bar Real Property, Probate & Trust Law Section 鈥� Chapter 5 – Estates of Decedents (September 2010) – .

This blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on this blog.

The post Estates And Probates: Are All The Heirs Present? appeared first on 星空传媒 星空传媒 Title Insurance Co..

In my last blog article, I discussed how deepfake fraud is a growing threat in the real estate industry and what you can do to combat it in your workplace. This time, I thought it would be helpful to take a deeper dive into some of the latest AI tools on the market that may be able to assist in these efforts. Of course, careful consideration is warranted before implementing any new solution, and it鈥檚 important to consult with your IT and security team to ensure it aligns with your business needs and data security standards. With that said, let鈥檚 dig in!

What is deepfake fraud?

Deepfake fraud has exploded in recent years, with some reporting showing an increase of over 2,000%. Scammers are using AI-generated videos and voices to impersonate real people convincingly. To combat this technology, experts have developed cutting-edge tools and techniques to recognize and stop deepfakes.

What are people doing about it?

Here are some of the latest detection methods that your agency might consider to keep deepfake fraudsters at bay. Here鈥檚 how they work.

• AI-powered detection tools听are designed to analyze videos and images in real time to detect whether they have been manipulated. Just a couple promising tools include:
  
  • HONOR鈥檚 AI Deepfake Detection 鈥撎�Launching April 2025
    HONOR鈥檚 deepfake solution can be thought of as a built-in lie detector for images and videos. The technology scans media in real time and alerts users if something seems fake. This could help businesses and individuals avoid being misled by AI-generated content.[i]
    
  • Reality Defender听鈥撎�Real-time Deepfake Detection for Video Calls
    In a world of constant video meetings, it has unfortunately become possible for someone to get on a call with you and pretend to be your boss or a family member by using deepfake technology. Reality Defender combats this type of fraud by scanning facial movements, voice patterns and subtle glitches in real time. If anything is flagged, the technology alerts the user so they don鈥檛 become victims of scams.[ii]
    
• Lightweight AI models听are another tool people are deploying to deal with the rise of deepfakes and other fraudulent activity. These AI detection tools offer unique advantages to users. For one thing, they require far less computing power than other models, but they are still capable of effectively detecting deepfakes. Let鈥檚 look at a specific example:
  
  • Tiny-LaDeDa 鈥撎�A mini AI model with 96% accuracy
    Unlike traditional AI models that suck up an inordinate amount of power, Tiny-LaDeDa can sniff out deepfakes even while running on smaller devices. Despite being lightweight, it still claims to detect 96% of deepfake videos out there by analyzing tiny details in the way faces and voices are generated.[iii]

Comprehensive benchmarking frameworks

Given that deepfake technology is always evolving, cybersecurity researchers are not resting on their laurels. The industry has been developing standardized testing platforms to improve detection tools and ensure that security solutions can keep up with even the most creative of fraudsters. Let鈥檚 take a peek at some of the most notable:

• DF40 鈥撎�A giant deepfake training library
  The DF40 library can be thought of like a gym for deepfake detectors. It contains thousands of deepfake samples created using 40 different AI techniques. Researchers can train and test tools against a wide variety of fake content, which enables them to get far better at spotting new ones as they come online.[iv]听
  
• DeepfakeBench 鈥撎�A fair testing ground
  As with many cybersecurity tools, not all deepfake detectors are created equal. Additionally, some detectors are good at spotting one type of fraud but perform poorly when dealing with another. DeepfakeBench seeks to remedy this by ensuring that every detection tool is tested under the same conditions. It is an important solution for those who want to compare different products and assess which ones are the most effective.[v]

Smarter deepfake detection techniques

Sometimes, deepfake detectors can cause more problems than they solve. For example, certain tools may focus too much on 鈥渇ake-looking鈥� elements instead of checking if a person鈥檚 identity is real by cross-referencing IDs against verified data or analyzing biometric consistency. Luckily, there are many researchers currently working hard to fix this problem:

• Rebalanced Deepfake Detection Protocol (RDDP)
  RDDP improves deepfake detection by making sure tools don鈥檛 just look for obvious digital artifacts like weird lighting or blurry patches. This prevents hackers from bypassing detection by using better-quality deepfakes.[vi]

Government and military efforts

Governments are also stepping into the fight against deepfake fraud, especially because deepfakes can pose a considerable risk to national security and election integrity.

• Defense Advanced Research Projects Agency (DARPA)
  DARPA is an agency within Defense Department that focuses on investigating emerging technologies. As part of that effort, it is investing in AI tools that go beyond simple detection and combat deepfakes on a forensic level. The agency sees this work as a critical piece of the puzzle in dealing with everything from misinformation and identity fraud to protecting against AI-generated impersonations.[vii]听
  

Tools for real estate transactions

While deepfake technology is advancing, so too are the tools designed to prevent all types of fraud in real estate transactions.

• SecureMyTransaction庐 from 星空传媒 星空传媒
  SecureMyTransaction (SMT) leverages AI-driven facial recognition to verify identities by comparing ID photos with selfie images, helping ensure that parties involved in a transaction are legitimate. In addition, SMT helps verify bank accounts and business entities to add multiple layers of security. By integrating these advanced fraud prevention tools into the title and escrow workflow, SMT provides an important safeguard against deepfakes and other fraud tactics. Learn more at.

Final thoughts

Scammers are increasingly using AI-powered deepfakes to target real estate transaction stakeholders鈥攚hich makes them a major threat to our industry. But thankfully, new detection technologies are pushing back on these ambitious criminals. For title agencies, it is imperative to understand how these solutions work and how they may enhance your cybersecurity posture. The threat landscape is always evolving, but by staying apprised of the most cutting-edge solutions out there, you can fight fraud and keep your agency moving forward.

[i] 

[ii] 

[iii] 

[iv] 

[v] 

[vi] 

[vii] 

The post Deepfake Dangers Part 2: How AI Is Fighting the Fraudsters appeared first on 星空传媒 星空传媒 Title Insurance Co..