When wire fraud occurs, the loss of funds can be deeply distressing. That pain is now often compounded by the legal baseline for 鈥渞easonable care鈥� dramatically shifting. Courts no longer view wire fraud or deepfakes as unavoidable cyber events or tragedies.

Title agents now face escalating legal risks and negligence liability. Cybercriminals are increasingly leveraging deepfakes in social engineering and business email compromise (BEC) to orchestrate real estate wire fraud and seller impersonation schemes.

If an agency fails to use basic, reasonable defenses like multi-factor authentication or automated ID and bank verification platforms, judges are increasingly finding them liable for lost funds under negligence and breach claims.

In addition to the security measures used, a court or jury will likely also consider the overall reasonableness of the title company鈥檚 wiring procedures. They will review the steps agencies took to safeguard wire transfers and verify their authenticity.

Did the agent double-check the sender鈥檚 email address? Did the agent follow proper procedures to detect communication peculiarities, like grammatical errors or whether an unsecured email was used? Did more than one employee review the communication? Did they confirm the wiring instructions in a second, alternative mode of communication? These are just a few questions that a court might ask when assessing liability.

Agencies can reduce their exposure by strictly adhering to procedure. Carefully reviewing and authenticating all communication not only minimizes susceptibility to wire fraud schemes but also the chances that a court or jury will find the agent negligent.

All agents are at risk of ID and wire fraud-related cybercrime. Whether they are direct victims of the fraud or simply involved in a fraudulent transaction, agents face a real possibility of being held liable. Wire fraud schemes also continue to grow more pervasive and sophisticated with each passing year, which makes reasonable and prudent anti-fraud controls critical to prevent financial losses. Some best practices include:

• Requiring two forms of communication/authentication before issuing a wire;
• Using multi-factor authentication;
• Using an anti-fraud tool on every transaction;
• Educating and training employees in data security and maintaining evidence records; and
• Using secure, encrypted email with passwords and digital signatures for messages.

Using these precautions decreases the risk of fraud and makes it easier to defend against civil litigation should your agency unfortunately fall victim to one of these schemes. Title agents should also carry standalone, comprehensive cyber insurance. This adds an essential, additional layer of protection against both fraud-related crimes and their resulting liabilities.

Have questions about strengthening your agency鈥檚 wire fraud prevention practices or technology due diligence? Contact Tom Weyant at tweyant@alliantnational.com.

The post Wire Fraud and the Rising Standards of Tech Due Diligence appeared first on 星空传媒 星空传媒 Title Insurance Co..

Cyber insurance can be an important protection for title agencies, but it is not a guarantee that every fraud-related loss will be covered. A recent federal case, (S.D. Ohio Mar. 13, 2026), offers a useful reminder of how quickly coverage issues can arise when a title agency experiences a wire fraud incident and waits too long to notify its cyber insurer.

The case involved a buyer who was defrauded out of more than $480,000 after receiving spoofed wiring instructions that appeared to come from the title agency. The buyer later sued the agency for negligence. Although the agency carried cyber insurance, the cyber insurer denied coverage. The court agreed with the insurer, finding that the claim was not reported within the required timeframes and that the agency had prior knowledge of the incident.

The agency was aware of the incident when it occurred, or shortly after, but waited until it was sued by the buyer before notifying its cyber insurer. By that time, the cyber-policy period in place when the incident occurred had ended, and a new cyber-policy period had begun. Even though the same insurer issued the follow-on policy, the court found that the agency had not satisfied the policy鈥檚 reporting requirements.

The result reinforces that strict compliance with policy conditions 鈥� especially prompt notice and timing requirements 鈥� is essential for coverage to apply.

Cyber insurance does not automatically cover fraud losses

Many title agencies may assume, 鈥淲e have cyber insurance, so we鈥檙e protected.鈥� That assumption can be dangerous.

Cyber coverage depends on the specific terms of the policy. In this case, the agency鈥檚 coverage turned on policy wording, timing and reporting requirements. The loss involved a fraud scheme tied to spoofed wiring instructions, but that fact alone did not determine the outcome. The court focused on whether the agency complied with the policy鈥檚 conditions.

The bottom line is straightforward: cyber insurance is not a general safety net. It is a contract with strict rules that agencies need to understand and follow.

Timing can determine whether coverage exists

Most cyber policies issued to title agencies are 鈥渃laims-made and reported鈥� policies. This typically means that the claim must be made during the policy period and reported during that same period, or within another timeframe set by the policy.

In this case, the fraud occurred in March 2024. The lawsuit against the title agency was not filed until October 2024, and the agency reported the claim at that time. By then, the policy period in place when the incident occurred had already expired.

The agency also had a subsequent policy with the same cyber insurer. But that did not solve the problem. The result was that there was no coverage under the earlier policy, and the later policy did not pick up the incident simply because it was issued by the same insurer and began immediately after the prior policy ended.

For agencies, this is one of the most important lessons from the case. The claim should have been reported during the same policy period in which the incident occurred, and within the timeframe required by the policy. A policy renewal does not reset the clock on an incident the agency already knows about. Each policy period stands on its own.

Report potential incidents early

The agency鈥檚 delay in reporting was central to the coverage dispute. The title agency discovered the fraud in March 2024 and investigated internally, but waited until November 2024 to notify its cyber insurer. The policy required notice within 30 days of discovering a potential issue.

That word 鈥� potential 鈥� matters. The reporting obligation was not dependent on a lawsuit being filed. It was also not dependent on months of attempts to resolve the issue or recover the funds. The obligation was triggered when the agency became aware that something had gone wrong, or that something may have gone wrong.

The lesson is that agencies should not wait for perfect information before giving notice. When something seems wrong, the clock may already be running.

鈥淲e were not hacked鈥� may not be enough

Another important point from the case is that cyber risk is not limited to a direct breach of an agency鈥檚 computer systems.

The title agency argued that its systems had not been compromised, and its IT vendor confirmed there had been no intrusion. But that did not change the outcome. The claim centered on email spoofing, fraud carried out through impersonation and the agency鈥檚 alleged failure to prevent the scam.

That distinction matters. Fraudsters can infiltrate real estate transactions without directly hacking an agency鈥檚 systems. They may use email spoofing, social engineering, fake wiring instructions or other methods designed to exploit trust and urgency. These schemes can be difficult to avoid even when best practices are followed.

Even where an agency鈥檚 systems are secure, it may still face liability for email fraud, wire fraud schemes and social engineering attacks. Cyber risk extends beyond traditional hacking.

Prior knowledge can defeat coverage

The court also addressed the agency鈥檚 attempt to rely on the later policy period. That effort failed because the agency already knew about the incident before the new policy began.

Most policies exclude known incidents that existed before coverage started. That is why an agency generally cannot wait until renewal and expect a new policy to cover an old problem. If the agency has prior knowledge of a loss, claim, circumstance or potential issue, that knowledge can become a coverage barrier.

The lesson is clear: an agency cannot rely on renewing its policy to cover past problems. Report potential claims in the policy period in which the issue arises, and do so within the timeframe required by the policy.

Know who owes coverage

The title agency sued both the cyber insurer and the insurance producer. The court ruled that only the insurer had contractual obligations under the policy. The producer did not have a duty to provide coverage.

That means agencies should understand who issues the policy, who handles claims and who actually owes coverage. The producer may help place coverage and answer questions, but the insurer issues the policy and bears the contractual coverage obligations. When a claim occurs, agencies need to know exactly where notice must be sent, who must receive it and what the policy requires.

Because the producer did not owe coverage, suing the producer did not advance the agency鈥檚 coverage position and, from a practical standpoint, was a waste of time, money and effort.

Bad faith claims are difficult when policy terms are clear

The agency also argued that the insurer acted in bad faith. The court disagreed because the denial was based on clear policy terms and the timeline supported the insurer鈥檚 position.

If an agency misses a policy deadline or fails to satisfy a reporting condition, a bad faith argument is not likely to change the outcome. The better course is to understand the policy requirements and follow them from the beginning.

What title agencies should do now

The case offers several practical steps for title agencies. First, create a 24-to-48-hour reporting rule. The first 24 to 48 hours after a suspected incident are often the most important for taking action to optimize the chances of a successful recovery. If your agency sees a suspicious email, wire fraud attempt, client complaint or possible misdirected funds, notify your cyber insurer immediately. Do not wait for confirmation or legal action.

Agencies should also contact 星空传媒 星空传媒鈥檚 Fraud Hotline at FraudHotline@alliantnational.com without delay. Early notice alerts and enables the 星空传媒 星空传媒 team to provide assistance when time is critical and when agencies most need advice and direction on next steps.

Second, train staff to recognize fraud red flags. Most losses involve familiar patterns: email spoofing, fake wiring instructions and social engineering. Staff should always verify wiring instructions verbally by calling a known and confirmed phone number. Email changes should be treated as suspicious. The mindset should be simple: VERIFY, THEN TRUST: Every file, every party, every time.

Third, review your cyber policy in plain English. Ask your broker what counts as a claim, when reporting must occur, whether social engineering losses are covered and what exclusions apply. Agencies should understand both their coverage and their obligations before a problem occurs.

If the policy language is unclear, ask questions now. Be proactive with your cyber insurer鈥檚 insurance producer and the cyber insurer about what is covered under the policy you are purchasing and what actions may affect coverage. Even if there is no cyber-insurance coverage for a particular incident, the title agency may still be found responsible and held financially liable for the loss.

Fourth, document everything immediately. When an incident occurs, record dates, timelines, emails, communications, internal actions and any steps taken to investigate or respond. Documentation can directly affect coverage eligibility.

Finally, do not assume that renewal fixes a problem. A new policy does not reset obligations under a prior policy and generally does not cover known incidents that happened during a preceding period. Each policy and coverage period stands on its own. Agencies should also ask their cyber insurer鈥檚 insurance producer about extended reporting period options, sometimes called 鈥渢ail鈥� coverage, and retroactive date coverage for prior incident protection when renewing policies.

The bottom line

The biggest lesson from this case is simple: cyber insurance only works when agencies follow the policy requirements exactly. Agencies do not always lose coverage because they lack insurance. They may lose it because they report too late, misunderstand what triggers coverage or assume that a lawsuit matters more than early warning signs.

If you take just one action after reading this, build plans for immediate reporting and documentation. That single change can determine whether your policy protects you or leaves you exposed to a six-figure loss.

Additionally, 星空传媒 星空传媒 offers a complimentary cyber insurance gap review for our agents. It is designed to assist title insurance agents in reviewing their cyber insurance coverage to identify gaps, limitations, subjectivities, and potential risks that may not be fully covered.

For more information on the service or to request this gap review, please contact Tom Weyant: tweyant@alliantnational.com  

The post When Wire Fraud Happens, Your Cyber Policy Clock May Already Be Running appeared first on 星空传媒 星空传媒 Title Insurance Co..

By Bryan Johnson, IT Director, 星空传媒

Keeping your agency鈥檚 data and digital assets safe these days can often feel like a never-ending battle. Unlike you and your team, fraudsters and other criminals never take a day off. They don鈥檛 go on vacation, and they never get sick. Because of this, your agency needs a cybersecurity policy that is also always-on. While this requires many moving pieces all working harmoniously together, today we are going to focus on just one important element: passkeys.

What are passkeys and why do they matter?

You may already be familiar with passkeys. If you have an iPhone, you may have seen prompts to save a passkey for a supported app or website. If you choose to do so, you often won鈥檛 need to enter your password again on that device. Instead, you approve the sign-in with Face ID, Touch ID, or your device passcode, and the passkey authenticates you to the app or site.

Passkeys use what is known as 鈥減ublic-key cryptography.鈥� In plain English, that means that passkeys create two linked digital keys鈥攁 public key, stored by the website or app, and a private key, which stays safely on your device. These keys work together upon sign-in to verify your access, all while never exposing a password that a hacker can pick off and weaponize.

This is obviously a nice thing for consumers from a convenience perspective, but passkeys also hold numerous security advantages. Traditional passwords are more vulnerable to thieves because users often reuse them across sites鈥攎aking them easier to guess. Passkeys, on the other hand, cannot be reused, rendering that security concern irrelevant.

In addition, passkeys are never 鈥渉oused鈥� in the systems of a website or app. They stay safe on your local machine. This means that even if a company experiences a data breach (an all-too-common occurrence these days) there will be no sensitive user information to steal.

Perhaps most importantly, passkeys greatly reduce the prospect of a user getting 鈥減hished鈥� by a criminal. Phishing is one of the most common cybersecurity concerns out there. It works so well because human error often happens online and hackers have gotten very, very good at tricking people into handing over their sensitive information.

Passkeys largely negate that concern. If a cybercriminal tricks someone into going to a fake website, for example, a user鈥檚 passkey will not work on it. Or to put it another way, with passkeys, users are not at risk of accidentally giving away a reusable asset that can be exploited. In fact, they are not giving away an asset at all, but half an asset that requires the other key to work.

Make passkeys central to your cybersecurity approach

Clearly, passkeys can be just as valuable to businesses as they are to individual users, especially businesses like title agencies that must routinely protect sensitive data and user information. There are multiple systems and touchpoints where deploying this technology would reinforce your overall security posture, such as employee email, escrow and transaction systems, document portals, and any client-facing accounts where closing information may be shared.

Once you鈥檝e made the decision to deploy passkeys, the best way to start is with the systems you are using every day. Many agencies, for example, use some variation of Microsoft 365 or Google Workspace to handle employee emails and other business applications. Within these platforms, you can turn on passkey support and then start testing internally to see how it works. Once you get the lay of the land, you can expand it throughout the rest of your team.

You can, of course, build your own system, but it is generally not recommended unless you have strong identity management experience on staff. Creating your own passkey server can be expensive and time-consuming, and unless you know exactly what you鈥檙e doing, it can lead to a critical security incident.

Taking the bait

Our digital-first world is an amazing place, but it can also be a fatiguing one. While people can and must take breaks, our security systems cannot afford to. The criminals and hucksters out there are always circling, looking for a weak point in your defenses. While passkeys can鈥檛 keep all these threats at bay on their own, they can do a lot of good. Passkeys eliminate some of the most common methods thieves utilize to attack your team, harm your agency and steal your data. They disrupt routine phishing methods. And they ensure that even if you wind up taking their bait once in a while, there is nothing worth reeling in.

The post Deploy Passkeys in 2026 for Better Security appeared first on 星空传媒 星空传媒 Title Insurance Co..

By Mauri Hawkins, Chief Claims Counsel, 星空传媒

Title pros know that fraud is a big problem in our industry, but the available data is still eye-popping. In 2024, the American Land Title Association (ALTA) reported that fraud and forgery claim costs averaged over $143,000 per incident.[i] Such losses can significantly impact a typical agency鈥檚 business, which makes prevention your best defense. To help, we鈥檝e outlined 2026鈥檚 top fraud threats as well as strategies for spotting them early and protecting every file, every party, every day.

Why redouble our focus on fraud in 2026?

Fraud in 2026 harms businesses in a way that goes beyond dollars and cents. Fraud can also inflict major reputational damage, leading to lost referrals and, quite possibly, the closure of your business itself. In short, fraud and forgery can derail your company鈥檚 goals and prospects in both the short and long term. These serious consequences highlight why we must scrutinize the details of every file that comes across our desks鈥攑articularly from the insidious schemes we will explore below.

Seller impersonation is a danger

First up is seller impersonation. Increasingly common, seller impersonators pose as property owners and sell properties out from under the real owners without their even knowing. Given how widespread it has become, agents must never eyeball ID documents. ID-verification tools must be used on every file, every party, every day instead. Agents must also take time to scrutinize notary seals and the notaries themselves. When possible, avoid mail-away closings and use a reputable remote online notarization (RON) provider. Also, validate IDs at the time you receive an order, as this helps stop fraud in its tracks! And finally, educate your real estate agents, lenders and consumers on the very real risk of losing their money.

Vacant land sales pose a real threat

Vacant land remains another top fraud target in 2026. It is driving a huge share of claims nationwide and can get wildly expensive.

To cut down on these claims, ID-verification tools are again your best friend. Apply them to every file at the beginning of each order. That way, you can properly verify the parties involved and not waste time on bogus deals.

You should also always contact vested owners at a trusted address, whether by email or by mail, to confirm the sale. Finally, stay on guard for red flags like recent address changes or sudden changes to entity information located in the Secretary of State records. Those are go-to moves that sophisticated fraudsters love to deploy.

Fight back against payoff fraud

At 星空传媒 星空传媒, we are also seeing a sharp rise in payoff fraud. These involve bad actors injecting themselves into the payoff process and rerouting funds away from the real lender or servicer and into their own bank accounts. Fraudsters have gotten good at compromising payoff mechanisms鈥攆rom email to fax. Given that, the principle of Verify, Then Trust matters more than ever before.

Some best practices to remember include:

• Never accept payoff info from a party to the transaction.
• Prior to sending funds, confirm with the lender, using independently verified contact information, the wire information or payment address.
• Follow the verified lender instructions exactly and double-check payment details before disbursing.
• Treat any last-minute changes or 鈥渘ew鈥� payoff directions as a major red flag, and contact the lender directly at the independently verified contact information before taking any further action.

For more best practices, managers should review  on handling payoffs securely and share it with their agents.

Staying cyber smart

No conversation about fraud in 2026 would be complete without touching upon cybersecurity concerns, particularly from phishing emails. Cyberattacks are one of the most common ways fraudsters can attack our industry. In fact, data reveals that over $16 billion in losses resulted from cybersecurity issues alone.[ii]

The silver lining is that we have a powerful way to prevent cybercrime and stem these losses. The numbers show that one of the most consistent reasons why a cyberattack is successful has to do with human error. Implementing security awareness training for your agency can reduce the likelihood of a fraudster pulling a fast one by 70-90%.[iii]

Strong cyber insurance is also essential for agencies to protect themselves from fraudsters. Review your policy鈥檚 terms and conditions thoroughly, institute processes and procedures for the team to follow in each transaction, and document each file with the actions taken to show that the processes and procedures were followed. This is highly important for when a claim is made under the cyber insurance policy.

You have a partner in the fight against fraud

At 星空传媒 星空传媒, we鈥檙e here to support you in the fight against fraudsters. We have resources that can help:

• 星空传媒 星空传媒 Crime Watch Program: If an 星空传媒 星空传媒 agent鈥檚 employee spots and prevents possible fraud, agency management can nominate that employee to receive an award. Find more information here about the program.
• The 星空传媒 星空传媒 Fraud Prevention Tips: Find handy best practices for spotting and stopping fraud with this tip sheet.
• ID Verification Tools: Explore today鈥檚 top platforms and make sure your team is trained on the right policies and best practices. 星空传媒 星空传媒 agents, for example, 鈥攁 leading identity verification provider.

You鈥檙e ready to face fraudsters

Armed with these tools and knowledge of 2026鈥檚 top fraud threats, you鈥檙e ready to spot bad actors and act before a scheme escalates into a loss.  Just remember to never take anything at face value and to verify before you ever extend your trust. By approaching your files with the mantra of 鈥淰erify, Then Trust鈥� in mind, you can rest easy knowing you鈥檝e protected every file, every party, every day.  

[i]

[ii]

[iii]

The post Top Fraud Concerns to Watch Out for in 2026 appeared first on 星空传媒 星空传媒 Title Insurance Co..

Wire fraud is evolving fast, driven by sophisticated criminals using AI tools. How can you protect your business? Join Tom Weyant, Risk Management & Data Privacy Officer at 星空传媒 星空传媒, and Jerome Magana, Owner and President of Select Specialty Insurance Services as they unpack the latest trends in cybercrime and emerging threats specifically targeting real estate transactions. Learn why traditional defenses might be falling short, how insurance coverage requirements are changing, and practical steps you can immediately take to safeguard your business.

The post Protect Your Business: A Video Conversation On Cyber-Fraud In Real Estate appeared first on 星空传媒 星空传媒 Title Insurance Co..

Yet despite this welcome increase in awareness and understanding, it can still be difficult to know exactly when your network has suffered a breach 鈥� which can have serious consequences for your business. That鈥檚 because the faster you can detect a malicious incident, the faster you can begin remediation, prevent financial or reputational fallout, and get your agency back on track. Let鈥檚 explore what potential breaches can look, feel and sound like. We will also examine steps you can take to respond in the unfortunate event of an incident.

What does a breach look like?

One of the biggest warning signs that something is amiss with your business network is simply unusual activity that you can typically see within your technology or security software. While this can sound like vague advice, it really isn鈥檛 when you know what to look for, including:

• Strange or unrecognized logins.
• Odd purchases made through business accounts.
• Unauthorized changes to your account settings.
• Unfamiliar devices connecting to your systems or network.
• Abnormal spikes in data use or activity.

What does a breach feel like?

The warning signs of a breach are not solely visual. You can also be tipped off by how your network feels and the way your software performs. A cyberattack may result in a dramatic slowdown in performance. There is no universal experience, of course, but some of the common performance problems include:

• Slow network speeds or crashing applications.
• General connectivity problems.
• Inefficient CPU or system memory usage.
• Poor customer experience.

What does a breach sound like?

When it comes to network breaches, it may feel a bit odd to talk about warning signs that you can hear. While your technology systems aren鈥檛 typically going to tip you off this way, your agency鈥檚 human stakeholders might. Keep your ears open for feedback from those who interact with your digital assets and infrastructure. Their thoughts, feelings and experiences may prove crucial to discovering a breach and taking corrective action. Some comments that you need to take very seriously are:

• Reports of increased phishing attempts or other suspicious emails.
• Complaints from customers about using your digital assets.
• Increased IT support desk tickets, depending on if you have managed security in place.
• Occasionally, albeit rarely, compromised devices can also emit auditory signals that suggest something has gone wrong.

A four-point plan to respond to breaches

If you notice these abnormal activities, don鈥檛 brush them off! Instead, take the following four actions to contain the potential damage and reestablish your security perimeter.

• First:聽Secure your compromised accounts, which can involve switching passwords and establishing multi-factor authentication if you don鈥檛 have it in place already. You should also disable affected accounts, notify all affected stakeholders, and begin preserving evidence of what has occurred.
  
• Second:聽Focus next on investigating the malicious activity. Develop an overview of the incident by assessing the 鈥渨ho,鈥� 鈥渨hat,鈥� 鈥渨hen,鈥� and 鈥渨here鈥� of the network breach. The purpose of this exercise is two-fold: You want to determine the scope of the problem while also determining the root causes so you can ensure it doesn鈥檛 happen again.
  
• Third:聽Build a plan to improve the long-term security of your IT systems and to prevent similar breaches. Conduct a comprehensive review of your vulnerabilities. Implement stronger access controls, encryption protocols and cybersecurity approaches. Finally, update training programs to keep employees apprised of security changes and reinforce security standards across your organization.
  
• Fourth:聽Don鈥檛 forget to adhere to all relevant standards and requirements regarding data breach notification. Then, conduct a review of your compliance obligations to ensure you are taking appropriate due diligence and properly protecting sensitive personal information.

A thrilling yet threatening business era

Seven decades into the information age, more people than ever are aware of both the promise and the perils of using digital systems in both life and work. Yet while cybersecurity awareness has never been more widespread than it is today, some of the common signs and symptoms of a data breach are not that widely known. Learning more about them and keeping your co-workers and team apprised is a great way to sharpen your defenses and respond decisively should the need arise.

The post Breach Detection: Top Signs Your Business Has Been Hacked appeared first on 星空传媒 星空传媒 Title Insurance Co..