When wire fraud occurs, the loss of funds can be deeply distressing. That pain is now often compounded by the legal baseline for 鈥渞easonable care鈥� dramatically shifting. Courts no longer view wire fraud or deepfakes as unavoidable cyber events or tragedies.

Title agents now face escalating legal risks and negligence liability. Cybercriminals are increasingly leveraging deepfakes in social engineering and business email compromise (BEC) to orchestrate real estate wire fraud and seller impersonation schemes.

If an agency fails to use basic, reasonable defenses like multi-factor authentication or automated ID and bank verification platforms, judges are increasingly finding them liable for lost funds under negligence and breach claims.

In addition to the security measures used, a court or jury will likely also consider the overall reasonableness of the title company鈥檚 wiring procedures. They will review the steps agencies took to safeguard wire transfers and verify their authenticity.

Did the agent double-check the sender鈥檚 email address? Did the agent follow proper procedures to detect communication peculiarities, like grammatical errors or whether an unsecured email was used? Did more than one employee review the communication? Did they confirm the wiring instructions in a second, alternative mode of communication? These are just a few questions that a court might ask when assessing liability.

Agencies can reduce their exposure by strictly adhering to procedure. Carefully reviewing and authenticating all communication not only minimizes susceptibility to wire fraud schemes but also the chances that a court or jury will find the agent negligent.

All agents are at risk of ID and wire fraud-related cybercrime. Whether they are direct victims of the fraud or simply involved in a fraudulent transaction, agents face a real possibility of being held liable. Wire fraud schemes also continue to grow more pervasive and sophisticated with each passing year, which makes reasonable and prudent anti-fraud controls critical to prevent financial losses. Some best practices include:

• Requiring two forms of communication/authentication before issuing a wire;
• Using multi-factor authentication;
• Using an anti-fraud tool on every transaction;
• Educating and training employees in data security and maintaining evidence records; and
• Using secure, encrypted email with passwords and digital signatures for messages.

Using these precautions decreases the risk of fraud and makes it easier to defend against civil litigation should your agency unfortunately fall victim to one of these schemes. Title agents should also carry standalone, comprehensive cyber insurance. This adds an essential, additional layer of protection against both fraud-related crimes and their resulting liabilities.

Have questions about strengthening your agency鈥檚 wire fraud prevention practices or technology due diligence? Contact Tom Weyant at tweyant@alliantnational.com.

The post Wire Fraud and the Rising Standards of Tech Due Diligence appeared first on 星空传媒 星空传媒 Title Insurance Co..

Cyber insurance can be an important protection for title agencies, but it is not a guarantee that every fraud-related loss will be covered. A recent federal case, (S.D. Ohio Mar. 13, 2026), offers a useful reminder of how quickly coverage issues can arise when a title agency experiences a wire fraud incident and waits too long to notify its cyber insurer.

The case involved a buyer who was defrauded out of more than $480,000 after receiving spoofed wiring instructions that appeared to come from the title agency. The buyer later sued the agency for negligence. Although the agency carried cyber insurance, the cyber insurer denied coverage. The court agreed with the insurer, finding that the claim was not reported within the required timeframes and that the agency had prior knowledge of the incident.

The agency was aware of the incident when it occurred, or shortly after, but waited until it was sued by the buyer before notifying its cyber insurer. By that time, the cyber-policy period in place when the incident occurred had ended, and a new cyber-policy period had begun. Even though the same insurer issued the follow-on policy, the court found that the agency had not satisfied the policy鈥檚 reporting requirements.

The result reinforces that strict compliance with policy conditions 鈥� especially prompt notice and timing requirements 鈥� is essential for coverage to apply.

Cyber insurance does not automatically cover fraud losses

Many title agencies may assume, 鈥淲e have cyber insurance, so we鈥檙e protected.鈥� That assumption can be dangerous.

Cyber coverage depends on the specific terms of the policy. In this case, the agency鈥檚 coverage turned on policy wording, timing and reporting requirements. The loss involved a fraud scheme tied to spoofed wiring instructions, but that fact alone did not determine the outcome. The court focused on whether the agency complied with the policy鈥檚 conditions.

The bottom line is straightforward: cyber insurance is not a general safety net. It is a contract with strict rules that agencies need to understand and follow.

Timing can determine whether coverage exists

Most cyber policies issued to title agencies are 鈥渃laims-made and reported鈥� policies. This typically means that the claim must be made during the policy period and reported during that same period, or within another timeframe set by the policy.

In this case, the fraud occurred in March 2024. The lawsuit against the title agency was not filed until October 2024, and the agency reported the claim at that time. By then, the policy period in place when the incident occurred had already expired.

The agency also had a subsequent policy with the same cyber insurer. But that did not solve the problem. The result was that there was no coverage under the earlier policy, and the later policy did not pick up the incident simply because it was issued by the same insurer and began immediately after the prior policy ended.

For agencies, this is one of the most important lessons from the case. The claim should have been reported during the same policy period in which the incident occurred, and within the timeframe required by the policy. A policy renewal does not reset the clock on an incident the agency already knows about. Each policy period stands on its own.

Report potential incidents early

The agency鈥檚 delay in reporting was central to the coverage dispute. The title agency discovered the fraud in March 2024 and investigated internally, but waited until November 2024 to notify its cyber insurer. The policy required notice within 30 days of discovering a potential issue.

That word 鈥� potential 鈥� matters. The reporting obligation was not dependent on a lawsuit being filed. It was also not dependent on months of attempts to resolve the issue or recover the funds. The obligation was triggered when the agency became aware that something had gone wrong, or that something may have gone wrong.

The lesson is that agencies should not wait for perfect information before giving notice. When something seems wrong, the clock may already be running.

鈥淲e were not hacked鈥� may not be enough

Another important point from the case is that cyber risk is not limited to a direct breach of an agency鈥檚 computer systems.

The title agency argued that its systems had not been compromised, and its IT vendor confirmed there had been no intrusion. But that did not change the outcome. The claim centered on email spoofing, fraud carried out through impersonation and the agency鈥檚 alleged failure to prevent the scam.

That distinction matters. Fraudsters can infiltrate real estate transactions without directly hacking an agency鈥檚 systems. They may use email spoofing, social engineering, fake wiring instructions or other methods designed to exploit trust and urgency. These schemes can be difficult to avoid even when best practices are followed.

Even where an agency鈥檚 systems are secure, it may still face liability for email fraud, wire fraud schemes and social engineering attacks. Cyber risk extends beyond traditional hacking.

Prior knowledge can defeat coverage

The court also addressed the agency鈥檚 attempt to rely on the later policy period. That effort failed because the agency already knew about the incident before the new policy began.

Most policies exclude known incidents that existed before coverage started. That is why an agency generally cannot wait until renewal and expect a new policy to cover an old problem. If the agency has prior knowledge of a loss, claim, circumstance or potential issue, that knowledge can become a coverage barrier.

The lesson is clear: an agency cannot rely on renewing its policy to cover past problems. Report potential claims in the policy period in which the issue arises, and do so within the timeframe required by the policy.

Know who owes coverage

The title agency sued both the cyber insurer and the insurance producer. The court ruled that only the insurer had contractual obligations under the policy. The producer did not have a duty to provide coverage.

That means agencies should understand who issues the policy, who handles claims and who actually owes coverage. The producer may help place coverage and answer questions, but the insurer issues the policy and bears the contractual coverage obligations. When a claim occurs, agencies need to know exactly where notice must be sent, who must receive it and what the policy requires.

Because the producer did not owe coverage, suing the producer did not advance the agency鈥檚 coverage position and, from a practical standpoint, was a waste of time, money and effort.

Bad faith claims are difficult when policy terms are clear

The agency also argued that the insurer acted in bad faith. The court disagreed because the denial was based on clear policy terms and the timeline supported the insurer鈥檚 position.

If an agency misses a policy deadline or fails to satisfy a reporting condition, a bad faith argument is not likely to change the outcome. The better course is to understand the policy requirements and follow them from the beginning.

What title agencies should do now

The case offers several practical steps for title agencies. First, create a 24-to-48-hour reporting rule. The first 24 to 48 hours after a suspected incident are often the most important for taking action to optimize the chances of a successful recovery. If your agency sees a suspicious email, wire fraud attempt, client complaint or possible misdirected funds, notify your cyber insurer immediately. Do not wait for confirmation or legal action.

Agencies should also contact 星空传媒 星空传媒鈥檚 Fraud Hotline at FraudHotline@alliantnational.com without delay. Early notice alerts and enables the 星空传媒 星空传媒 team to provide assistance when time is critical and when agencies most need advice and direction on next steps.

Second, train staff to recognize fraud red flags. Most losses involve familiar patterns: email spoofing, fake wiring instructions and social engineering. Staff should always verify wiring instructions verbally by calling a known and confirmed phone number. Email changes should be treated as suspicious. The mindset should be simple: VERIFY, THEN TRUST: Every file, every party, every time.

Third, review your cyber policy in plain English. Ask your broker what counts as a claim, when reporting must occur, whether social engineering losses are covered and what exclusions apply. Agencies should understand both their coverage and their obligations before a problem occurs.

If the policy language is unclear, ask questions now. Be proactive with your cyber insurer鈥檚 insurance producer and the cyber insurer about what is covered under the policy you are purchasing and what actions may affect coverage. Even if there is no cyber-insurance coverage for a particular incident, the title agency may still be found responsible and held financially liable for the loss.

Fourth, document everything immediately. When an incident occurs, record dates, timelines, emails, communications, internal actions and any steps taken to investigate or respond. Documentation can directly affect coverage eligibility.

Finally, do not assume that renewal fixes a problem. A new policy does not reset obligations under a prior policy and generally does not cover known incidents that happened during a preceding period. Each policy and coverage period stands on its own. Agencies should also ask their cyber insurer鈥檚 insurance producer about extended reporting period options, sometimes called 鈥渢ail鈥� coverage, and retroactive date coverage for prior incident protection when renewing policies.

The bottom line

The biggest lesson from this case is simple: cyber insurance only works when agencies follow the policy requirements exactly. Agencies do not always lose coverage because they lack insurance. They may lose it because they report too late, misunderstand what triggers coverage or assume that a lawsuit matters more than early warning signs.

If you take just one action after reading this, build plans for immediate reporting and documentation. That single change can determine whether your policy protects you or leaves you exposed to a six-figure loss.

Additionally, 星空传媒 星空传媒 offers a complimentary cyber insurance gap review for our agents. It is designed to assist title insurance agents in reviewing their cyber insurance coverage to identify gaps, limitations, subjectivities, and potential risks that may not be fully covered.

For more information on the service or to request this gap review, please contact Tom Weyant: tweyant@alliantnational.com  

The post When Wire Fraud Happens, Your Cyber Policy Clock May Already Be Running appeared first on 星空传媒 星空传媒 Title Insurance Co..

Every wire fraud defense expert agrees on one thing: the number one factor in recovering diverted funds is time. Every minute counts once fraud is detected, and hesitation or delays can make it harder to track down and restore lost funds.

That鈥檚 why a wire fraud response plan is imperative for every title agent.

The American Land Title Association (ALTA) recommends that every title company develop, document and train every staff member in the critical first steps for effective responses to wire fraud incidents. , can help agencies prepare to respond quickly and effectively as outlined in key points highlighted in this article.

Elements of a Wire Fraud Response Plan

The first step in preventing fraud is maintaining strong policies and procedures for verifying the identities of parties to the transaction and wire instructions to protect all parties: Buyer, seller, lender, underwriter and title agent. 星空传媒 星空传媒 agents are urged to implement procedures making sure to Verify, then Trust – every file, every party, every time.

But if the unthinkable happens, the most successful response strategies are those established in advance and clearly communicated to all staff members, banking partners and transaction participants.

Like a well-trained sports team, every member of your organization should understand their role and be ready to act immediately if fraud is detected.

General protocols

• Establish a close relationship with your bank representatives and maintain regular communication about emerging fraud threats and response procedures.
  • Make sure you have a phone contact that is not an 鈥�800 number鈥� to avoid delays.
• Discuss wire retrieval scenarios with your bank and establish emergency contacts in the bank鈥檚 fraud department that can be reached immediately if fraud is suspected.
  • Share this information with every employee as first reactions are critical.
• Establish and document emergency contacts across your response network, including bank fraud departments, law enforcement, legal counsel and your underwriter.
  • The local FBI office and the Secret Service office in your region should be included in this contact network.

Rapid response actions

• Your staff should be trained to immediately alert company management and the ageny鈥檚 internal wire fraud response team if a suspicious or potentially fraudulent transfer is detected.
  • Encourage transparency as delay or fear of retaliation for errors can cause losses to increase.
• Contact the sending bank鈥檚 fraud department immediately and request a recall of the wire transfer due to suspected fraud. Ask the bank to initiate the FBI鈥檚 鈥淔inancial Fraud Kill Chain Process鈥� if applicable.
• Notify the receiving bank鈥檚 fraud department and request that the account receiving the funds be frozen pending investigation.
• Report the incident to appropriate law enforcement agencies, including your local police department, the FBI field office serving your jurisdiction, as well as Secret Service teams.
• File a complaint with the FBI鈥檚 Internet Crime Complaint Center (IC3) as quickly as possible via their website, .
• Inform the parties to the transaction using known, trusted phone numbers and established communication channels.
• Notify your underwriter and coordinate next steps. 星空传媒 星空传媒鈥檚 Claims Team and Underwriting Counsel are available to assist agents in evaluating and responding to suspected fraud events.
• Contact your own agency legal counsel to assess potential liability and assist with recovery efforts.
• Depending on the circumstances, notify appropriate insurance carriers such as cyber liability, escrow security bond or errors and omissions insurers.
  • Do not delay these notifications as missed deadlines on notices can result in a claim denial and financial losses for your agency.

Putting all of these resources in motion immediately is critical to securing the support of professionals or organizations with tools that could assist you in recovering the diverted funds.

The FBI鈥檚 Internet Complaint Crime Center, , is one of your most important contacts. According to the FBI鈥檚 2024 Internet Crime Report, the IC3 Recovery Asset Team initiated the Financial Fraud Kill Chain on 3,020 complaints involving $848.4 million in attempted theft[i]. Financial institutions were able to freeze $561 million of those funds, representing a 66% success rate.

The effectiveness of this process depends heavily on how quickly fraud is reported, which is why having a response plan in place and acting immediately is critical.

Even the most vigilant companies may fall victim to fraud, but having a clear response plan and trained team in place can significantly improve the chances of recovering lost funds.

As always, immediately reach out to your 星空传媒 星空传媒 Claims Team and Underwriting Counsel if you have any questions or concerns. Together we can fight fraudsters, but always remember to take the steps to stop fraud and Verify, then Trust – every file, every party, every time.

The post When Wire Fraud Happens, Minutes Count appeared first on 星空传媒 星空传媒 Title Insurance Co..

By: Elyce Schweitzer, 星空传媒 星空传媒 Regulatory Compliance Officer

Artificial intelligence has made fraud more convincing and more difficult to spot. As we explored in our earlier piece on deepfake-enabled fraud, today鈥檚 bad actors can impersonate real parties, voices, and documents with a level of sophistication that would have been unimaginable just a few years ago.

In response, lawmakers and regulators are strengthening the legal tools available to prosecutors, civil enforcers, and courts. These developments don鈥檛 rewrite core fraud principles, but they do change how those principles apply to real estate closings 鈥� and they reinforce the value of careful verification.

Understanding this evolving landscape helps explain why it鈥檚 so important to Verify, Then trust 鈥� every file, every party, every time.  

Fraud and Impersonation: Statutory Tools That Matter

States are updating their criminal and civil fraud statutes to make it clearer that impersonation using modern technology is not a technical loophole but a prosecutable offense.

For example, in Texas, (effective September 1, 2025) amended Chapter 32 of the Texas Penal Code by adding Sections 32.56 and 32.57. Section 32.56 makes it an offense, with intent to enter or remain on real property, to knowingly present to another person a false, fraudulent, or fictitious document purporting to be a lease agreement, deed, or other instrument conveying real property or an interest in real property. Section 32.57 makes it a first-degree felony to knowingly list, advertise, sell, rent, or lease residential real property without legal title or authority.

In practice, these sections clarify that impersonation involving falsified property documents constitutes fraud, even when the deception relies on digital or AI-assisted tools. Notably for title agents, when such cases are investigated or litigated, the analysis may extend beyond the fraudulent act itself to examine how the transaction progressed, including what steps were taken to confirm identity and authority before reliance occurred.

The Role of Notarization and Remote Online Notarization

Notarization has become a critical built-in safety mechanism for property transactions. States that authorize Remote Online Notarization (RON) typically require defined identity-verification procedures, which may include multi-factor authentication, recorded sessions, and retained audit logs.

These requirements do more than check a box. They create layers of verification that are observable after the fact. When fraud does occur, prosecutors, judges, and civil litigants may scrutinize whether these verification layers were followed.

In other words, notarization statutes don鈥檛 replace professional diligence 鈥� but they codify expectations for how identity and intent should be confirmed and documented.

Expanding Definitions of Deceptive Communication

Other states have updated their fraud laws to explicitly cover realistic representations made with advanced technologies. , effective April 2, 2025, defines 鈥渄eceptive audio or visual media鈥� as the use of highly realistic representations of speech, conduct, or writing where the subject did not actually engage in that conduct. The statute criminalizes generating, soliciting, disclosing, or using deceptive audio or visual media for the purpose of attempting or furthering the commission of a crime or offense, or with knowledge it will be used for that purpose.

takes a broader approach by recognizing that sophisticated communications techniques, including those enabled by technology, play a central role in modern fraud schemes. The statute consolidates fraud and organized fraud offenses, aligns state law with federal mail and wire fraud precedents, and includes enhanced penalties for certain first-degree felony offenses. It also provides civil remedies related to identity misuse and sets limitation periods and tolling rules that account for defendants who are absent from the state or lack an ascertainable address.

These statutory definitions reinforce something title professionals already know from experience: fraud is not defined by medium but by intent and effect. A voice message, video call, or carefully worded email can be just as fraudulent as a forged signature on paper. What matters is whether it induces action based on false representations.

Federal Reporting and Awareness Efforts

At the federal level, activity has focused on understanding and reporting on the risks associated with AI technologies. For example, legislation passed in connection with the 2021 星空传媒 Defense Authorization Act (NDAA) the Department of Homeland Security to produce annual reports on digital content forgery technology. 鈥� the core technology behind deepfakes.

For those of you who enjoy reading more technical material, the is available for your enjoyment.  A review of the report makes it clear that the technology and its potential for harm to our industry is complicated.

These federal efforts help catalog the risks and raise awareness across industries, but they do not change state criminal or civil liability in property transactions. Instead, they improve the information environment in which professionals and regulators operate.

What This Means for Title Professionals

When closings are reviewed after fraud occurs, the focus will likely shift to whether steps were taken to verify identity, authority, and intent, and whether those steps were reasonable under the circumstances. This reflects how fraud is often evaluated after the fact: technology may enable new methods of deception, but it does not change the underlying wisdom: Verify, Then Trust before acting.

The Bottom Line

Regulatory and statutory changes are not abstract developments. They reflect how lawmakers and enforcers are applying long-established fraud principles to modern threats.

Deepfakes and AI-enabled impersonation present real risks in real estate transactions. The truth is, when fraud is investigated or litigated, attention will likely shift beyond the technology itself to how the transaction unfolded, including whether identity and authority were meaningfully confirmed before reliance occurred.

For agents who incorporate verification as a routine part of their workflow, 鈥淰erify, Then Trust鈥� functions as a practical risk-management framework. It aligns with the way fraud is examined after the fact and supports defensible decision-making when transactions are questioned. Applied consistently, this approach helps protect the transaction, the parties involved, and the professionals responsible for bringing the deal to completion.

The post How New Fraud and Notarization Laws Affect Real Estate Closings appeared first on 星空传媒 星空传媒 Title Insurance Co..

By Mauri Hawkins, Chief Claims Counsel, 星空传媒

Title pros know that fraud is a big problem in our industry, but the available data is still eye-popping. In 2024, the American Land Title Association (ALTA) reported that fraud and forgery claim costs averaged over $143,000 per incident.[i] Such losses can significantly impact a typical agency鈥檚 business, which makes prevention your best defense. To help, we鈥檝e outlined 2026鈥檚 top fraud threats as well as strategies for spotting them early and protecting every file, every party, every day.

Why redouble our focus on fraud in 2026?

Fraud in 2026 harms businesses in a way that goes beyond dollars and cents. Fraud can also inflict major reputational damage, leading to lost referrals and, quite possibly, the closure of your business itself. In short, fraud and forgery can derail your company鈥檚 goals and prospects in both the short and long term. These serious consequences highlight why we must scrutinize the details of every file that comes across our desks鈥攑articularly from the insidious schemes we will explore below.

Seller impersonation is a danger

First up is seller impersonation. Increasingly common, seller impersonators pose as property owners and sell properties out from under the real owners without their even knowing. Given how widespread it has become, agents must never eyeball ID documents. ID-verification tools must be used on every file, every party, every day instead. Agents must also take time to scrutinize notary seals and the notaries themselves. When possible, avoid mail-away closings and use a reputable remote online notarization (RON) provider. Also, validate IDs at the time you receive an order, as this helps stop fraud in its tracks! And finally, educate your real estate agents, lenders and consumers on the very real risk of losing their money.

Vacant land sales pose a real threat

Vacant land remains another top fraud target in 2026. It is driving a huge share of claims nationwide and can get wildly expensive.

To cut down on these claims, ID-verification tools are again your best friend. Apply them to every file at the beginning of each order. That way, you can properly verify the parties involved and not waste time on bogus deals.

You should also always contact vested owners at a trusted address, whether by email or by mail, to confirm the sale. Finally, stay on guard for red flags like recent address changes or sudden changes to entity information located in the Secretary of State records. Those are go-to moves that sophisticated fraudsters love to deploy.

Fight back against payoff fraud

At 星空传媒 星空传媒, we are also seeing a sharp rise in payoff fraud. These involve bad actors injecting themselves into the payoff process and rerouting funds away from the real lender or servicer and into their own bank accounts. Fraudsters have gotten good at compromising payoff mechanisms鈥攆rom email to fax. Given that, the principle of Verify, Then Trust matters more than ever before.

Some best practices to remember include:

• Never accept payoff info from a party to the transaction.
• Prior to sending funds, confirm with the lender, using independently verified contact information, the wire information or payment address.
• Follow the verified lender instructions exactly and double-check payment details before disbursing.
• Treat any last-minute changes or 鈥渘ew鈥� payoff directions as a major red flag, and contact the lender directly at the independently verified contact information before taking any further action.

For more best practices, managers should review  on handling payoffs securely and share it with their agents.

Staying cyber smart

No conversation about fraud in 2026 would be complete without touching upon cybersecurity concerns, particularly from phishing emails. Cyberattacks are one of the most common ways fraudsters can attack our industry. In fact, data reveals that over $16 billion in losses resulted from cybersecurity issues alone.[ii]

The silver lining is that we have a powerful way to prevent cybercrime and stem these losses. The numbers show that one of the most consistent reasons why a cyberattack is successful has to do with human error. Implementing security awareness training for your agency can reduce the likelihood of a fraudster pulling a fast one by 70-90%.[iii]

Strong cyber insurance is also essential for agencies to protect themselves from fraudsters. Review your policy鈥檚 terms and conditions thoroughly, institute processes and procedures for the team to follow in each transaction, and document each file with the actions taken to show that the processes and procedures were followed. This is highly important for when a claim is made under the cyber insurance policy.

You have a partner in the fight against fraud

At 星空传媒 星空传媒, we鈥檙e here to support you in the fight against fraudsters. We have resources that can help:

• 星空传媒 星空传媒 Crime Watch Program: If an 星空传媒 星空传媒 agent鈥檚 employee spots and prevents possible fraud, agency management can nominate that employee to receive an award. Find more information here about the program.
• The 星空传媒 星空传媒 Fraud Prevention Tips: Find handy best practices for spotting and stopping fraud with this tip sheet.
• ID Verification Tools: Explore today鈥檚 top platforms and make sure your team is trained on the right policies and best practices. 星空传媒 星空传媒 agents, for example, 鈥攁 leading identity verification provider.

You鈥檙e ready to face fraudsters

Armed with these tools and knowledge of 2026鈥檚 top fraud threats, you鈥檙e ready to spot bad actors and act before a scheme escalates into a loss.  Just remember to never take anything at face value and to verify before you ever extend your trust. By approaching your files with the mantra of 鈥淰erify, Then Trust鈥� in mind, you can rest easy knowing you鈥檝e protected every file, every party, every day.  

[i]

[ii]

[iii]

The post Top Fraud Concerns to Watch Out for in 2026 appeared first on 星空传媒 星空传媒 Title Insurance Co..

Wire fraud is evolving fast, driven by sophisticated criminals using AI tools. How can you protect your business? Join Tom Weyant, Risk Management & Data Privacy Officer at 星空传媒 星空传媒, and Jerome Magana, Owner and President of Select Specialty Insurance Services as they unpack the latest trends in cybercrime and emerging threats specifically targeting real estate transactions. Learn why traditional defenses might be falling short, how insurance coverage requirements are changing, and practical steps you can immediately take to safeguard your business.

The post Protect Your Business: A Video Conversation On Cyber-Fraud In Real Estate appeared first on 星空传媒 星空传媒 Title Insurance Co..

Our story begins with an innocuous email delivered to our homebyer on June 18, which appeared to come from the lender鈥檚 office. The email informed our buyer that a representative from Paramount Title would call her to confirm receipt of the funds to close.

Someone called the buyer, but it wasn鈥檛 us. A fraudster named 鈥淛immy鈥� on the other end of the line confirmed wire instructions for a specific bank account, with the account name referencing Paramount Title, and instructed our buyer to send funds in the amount of $130,000.

Our buyer wired the funds.

The following day our buyer checked her account and saw the wire had been returned to her account. She replied to the email thread with the fraudster from the previous day asking if she knew what happened and why the funds were returned.

The fraudster told her the company鈥檚 escrow account was under its annual tax audit and that is why her funds were returned. Then he gave our buyer new wiring instructions for another bank account. Our buyer called 鈥淛immy,鈥� who confirmed the new writing instructions were correct.

Our buyer wired the funds again.

On June 20, our buyer received another email from the fraudster stating there was an issue with the wire. The fraudster asked our buyer to call her bank and request a hold be lifted off the wire. Tragically, our buyer called her bank and obtained the federal reference number for the wire.

The next day a representative from the receiving bank called to say they flagged her wire transfer and they were not going to release the funds yet because it looked suspicious.

That鈥檚 when our buyer decided to look up the title company. She then called us, the real Paramount Title, and shared her story. Our office confirmed we don鈥檛 employ anybody by the name of 鈥淛immy鈥� 鈥� and this was most definitely a case of wire fraud.

This is where Amy swoops into the picture.

Amy was quick to discuss all options for our buyer to report the crime, including offering to report the issue on her behalf. Amy contacted our US Secret Service agent (YES, we actually have a US Secret Service agent in our rolodex to help us in these 鈥渟pecial鈥� circumstances), finally reaching him at 10 o鈥檆lock at night to discuss the details of the file.

Amy wanted to see if the agent could provide any assistance on what our buyer could do to get her money back. She conferenced in our buyer, so she could speak directly with the agent. The agent then offered to call the 鈥渇raudsters鈥� bank and see how they could help. 

On June 22, thanks to Amy鈥檚 tireless efforts driven by a passion to protect, the full amount of the wire was returned to our buyer. Our buyer closed on her home two weeks later.

鈥淚 spoke with the client shortly after the ordeal was over, and she expressed to me how good it felt that someone had her back through the process,鈥� said Andrea Somers, Compliance Officer for the Florida Agency Network. 鈥淎my truly goes above and beyond in everything that she does.鈥�

But our story doesn鈥檛 end there, because Amy went above and beyond to ensure no customer of hers would ever fall victim to wire fraud again.

First, she implemented the website 鈥�,鈥� a message we now we blast everywhere we can. When we receive a new contract, our customer is informed of this very real threat. When a customer receives an email from us, they see the Inquire Before You Wire image. It doesn鈥檛 matter how small, or big, the transaction is.

She also implemented additional processes where phone calls are made to the contacts on each file, to discuss wire fraud, the current fraud trends being seen in our industry and to lay out exactly how the client will receive wire instructions. 

What鈥檚 more, Amy decided to go one step further by achieving the Certified Anti-Money Laundering Specialist (CAMS) certification. This achievement demonstrates Amy鈥檚 commitment and leadership in protecting our clients and our industry. Amy feels we have a duty to protect and serve the clients. 

Amy鈥檚 passion to protect pushes our team to uphold the same standard of care, to protect and try to prevent tragic situations involving wire fraud from occurring on our watch again. 

The post Inquire Before You Wire appeared first on 星空传媒 星空传媒 Title Insurance Co..

Some warnings are common sense: delete suspicious-looking emails, don鈥檛 give away banking information or social security numbers, never wire anyone money without triple checking 鈥� and then checking again.

We鈥檙e committed to ensuring that all independent agents have every new (and standard) information source available, even as the rules and the threats multiply and expand almost every month.

In this first installment of a multi-part series on Flagging Fraud, we take a look at some of the red flags involving parties to a real estate transaction.

Red Flags

Learn or at least become familiar with red flags that could well indicate something is awry in any real estate transaction.

Some title fraud may be detected by agents before the transaction closes.

Rather than memorize, regularly reviewing this list will help you and all those involved in your transactions be aware of potential fraudulent components:

1. Releases of prior mortgages recorded before or independently of the closing of a new loan with no source of payoff funds.
2. Many recent transactions and/or re-recordings.
3. Recent change in title, especially one without concurrent financing.
4. Releases recorded out of sequence.
5. Sale of property subsequent to or concurrent with a divorce.
6. Quitclaim deeds with no consideration.
7. 鈥淚ntra-family鈥� deeds.
8. Parties to the transaction are affiliated.
9. Document not prepared by an attorney or title company.
10. Document looks non-standard.
11. Power of attorney with Grantee signing as Attorney-in-Fact.
12. Prior signatures indicate failing health or physical deterioration followed by a healthy, strong signature.
13. Bargain purchases鈥攑olicy amount much higher than purchase price.
14. New mortgage amount much higher than purchase price.
15. Property seller is an LLC/entity/corporation.
16. Appraisal looks questionable (e.g. indicates recent sale/listing activity at significantly lower price; comparable sales are previously flipped properties).

The post Flagging Fraud (Part 1): Know These Indicators of Transaction Fraud appeared first on 星空传媒 星空传媒 Title Insurance Co..

A cyberattack is a malicious and deliberate attempt by and individual or an organization to breach the information system of another individual or company, seeking benefit from the disruption, ransom, or theft of data.

This electronic threat is increasing in frequency and complexity and has become very expensive to remediate or to recover from.

Here鈥檚 the surprise 鈥� almost 90 percent of cyberattacks are caused or allowed by human error from the internal staff of the entity attacked.

This includes failure to follow security rules and protocols, sharing passwords, using weak or default settings, and falling victim to social engineering.

Even the large events such as the hacking at Equifax and Target, were caused by failure to follow the rules regarding administrative password settings, human error.

So whether your business is large or small, you need ongoing, strong training and testing to counter the threats.

Recent survey results of a survey of title insurance professionals by the American Land Title Association show a surprisingly small amount of agents are conducting ongoing staff training, and most do it once when they hire an employee.

This is a recipe for eventually becoming a victim of electronic fraud.

There are simple yet effective steps to take to counter the increasing threats by taking a strong defense, and it starts with regular training and testing to remove or reduce the human error element.

Here is what to do to put a training and test plan into action:

• Ensure new hires are introduced to and educated on information and data security policies and procedures as well as how to protect nonpublic personal information (NPI) and sensitive information. Emphasize to them the 鈥渨hy鈥� so they fully understand the shared responsibility nature. This should be a core part of their orientation and on-boarding.
• Set and schedule ongoing training for all employees at every level commensurate with the size of the staff and complexity of your business. This should be monthly, quarterly or semiannually.
• At a minimum, cover controls over access (passwords; pass phrases; multi-factor authentication), network and data distribution (including never using non-secured networks for conducting business such as those in cafes/hotels/airports), phishing and spear-phishing, and never use a general email service like Yahoo or Gmail when sending NPI or sensitive information; social media and social engineering.
• Require security measures for smart devices (smart phones, and in particular Androids, account for a large percentage of data breaches).
• Explain the implications of data loss, which includes reputational hits and potential fines and penalties and law suits.
• Focus on all media forms 鈥� hardcopy as well as electronic 鈥� and include proper handling and protection from receipt through handling to secured destruction.  
• Training may be done with internal documents or you may use a third party to conduct the training (i.e. Data Shield; KnowBe4).
  
• After the training, use a quiz to gauge how well your employees understood the material.
• Develop or use a third party to conduct ongoing, regular internal testing such as phishing or spear phishing testing (i.e. KnowBe4 is one vendor who can provide you this tool). Depending on the results, you may then make appropriate changes and re-focus your training to deal with any weak or weaker topics or areas.
• Provide a single point of contact the employee may turn to with questions or to report any suspected suspicious attempts to obtain information or data (electronic or by phone).
• Keep records of the training and attendees and testing results. This will be needed to demonstrate good faith, to meet many state requirements 鈥� and it鈥檚 a best practice.

Last, keep up-to-date on emerging threats and vulnerabilities and provide updated training to employees to be sure they understand new risks or new controls and why they are important; employees must know how to recognize and report threats to stay vigilant.

This will keep your training and testing current and fresh and serve as a continual reminder to your staff. Remember, this is a marathon, not a sprint. Threats are constantly evolving and your training and testing must also evolve to counter these threats and keep your defense robust.

The post Increased Risk Means We Need to Increase Training appeared first on 星空传媒 星空传媒 Title Insurance Co..

We all want a smooth, efficient transaction for everyone involved. Unfortunately, our desire to be helpful and to keep things moving makes us a prime target for wire fraud.

So, how careful do we need to be when verifying the legitimacy of an email or even an incoming phone call?

Very careful.

Fraudsters know about us. They know how busy we can be, and they know how to prey on our traits to overcome our data and escrow security training.

They aren鈥檛 just looking to trick us. They aren鈥檛 practical jokers. They are truly insidious 鈥渟ocial engineers.鈥�

They use every scrap of information they can find, every pretext they can imagine and all the dark arts of the hacker to whittle down our firewalls 鈥� electronic and human. For the overseas criminal, wire fraud is a low-risk, high-reward strategy. Until that changes, the threat will persist.

We need good policies and procedures to address the threat, but even this isn鈥檛 enough. Anyone who鈥檚 been hit with a wire fraud loss will tell you that fraudsters can find ways to keep people from following the best policies and procedures.

Addressing this kind of threat requires something additional 鈥� a healthy dose of skepticism for one. But more than this, each member of the team needs to feel a sense of empowerment.

Each one of us has the ability to hand over the 鈥渒eys to the kingdom鈥� when it comes to data and escrow security, so each one must also feel empowered to pause the process when any suspicion of fraud arises.

Here are a few steps you and your team can take when an email or other communication just doesn鈥檛 feel right:

• Go with your gut: Don鈥檛 hesitate to pause the process if you suspect fraud.
• Do not give in to pressure: If you feel threatened or pressured by any communication, treat this as a red flag and immediately escalate the situation to management.
• Don鈥檛 trust 鈥� verify: Verify via telephone the legitimacy of any wire instruction, or any suspect communication. Encourage all parties to the transaction to do the same.
• Don鈥檛 click: Do not open or hover your cursor over unknown or unverified hyperlinks.

The post Don’t Even Hover Your Cursor Over an Unknown Link if You Want to Stay Safe from Wire Fraud appeared first on 星空传媒 星空传媒 Title Insurance Co..