Phishing and Fraud Risks in the Mortgage Industry
March 5, 2018
There's a lot of money in the mortgage industry. Unfortunately, that money attracts bad actors from time to time. Mortgage fraud is a serious issue that can affect real estate professionals as well as home buyers and sellers. To protect your real estate transactions, it's important to be aware of the most common fraud and phishing scams and avoid them by always following some common-sense advice. Here's a look at what to watch out for and how to stay one step ahead of fraudsters.
Recent Trends
While such risks will always be something to watch out for, now is a particularly good time to review the issue. Recent reports suggest scammers are becoming more sophisticated and targeting new vulnerabilities.
An Increase of General Mortgage Fraud
There was a "relatively large increase" in CoreLogic's National Mortgage Application Fraud Index between the second quarter of 2016 and the second quarter of 2017, Bridget Berg, principal of fraud solutions strategy at CoreLogic, told Credit Union Times Magazine. CoreLogic released its most recent Mortgage Fraud Report in September, identifying 13,404 mortgage applications with indications of potential fraud, up from 12,718 a year earlier. While less than one percent of mortgage applications are fraudulent, the problem can still be costly to financial institutions. The challenge of the mortgage fraud problem is a difficult one, in that scams are possible from many angles. A small percentage of mortgage borrowers may make material misrepresentations on mortgage documents. This is a serious form of fraud, but the FBI has said it prioritizes another type of case. These are "fraud for profit" scams, where a small minority of ill-intentioned industry insiders use their specialized knowledge or authority to quietly steal cash and equity from lending institutions as well as home owners. The Credit Union Times reports another concern on the horizon is the potential targeting of purchase loans and cash-out refinance transactions, which are both expected to surge over the next few years.
A Profound Shift in Modern Cybercrime
Another recent report from PhishLabs, a cybersecurity services firm, reveals that modern phishing and fraud scams are evolving, using the internet to become much more sophisticated and harder to stop. In their 2017 Phishing Trends and Intelligence Report, PhishLabs notes that there has been a "profound shift" in the way scammers conduct their crimes online in the past few years. On the surface, it looks like good news for the mortgage industry, as the targeting of financial institutions is trending down. However, cyberattacks on cloud services and software-as-a-service (SaaS) providers is trending up and will likely become the largest share of cybercrime in the next few years. That's bad news for the mortgage industry, which is increasingly digitizing and moving "into the cloud," to offer more streamlined loan services to consumers from their home computers and mobile devices. The PhishLabs report notes that scammers have latched onto the widespread acceptance of email addresses as user IDs and account sign-ins. Many people reuse the same passwords across various online accounts, making it easy for easy for criminals to gain access to high-value accounts with an email address and an unoriginal password choice, notes the report.
The Emergence of Down Payment Wire Fraud
One of the most recent and most alarming evolutions of scammers has been to target down payment funds for electronic theft. In a recent op-ed, Joseph Murin, chairman of JJAM Financial Services and a former president of Ginnie Mae, described the scam: Each case tends to involve a combination of email hacking, identity fraud, and wire fraud. A scammer hacks the sensitive data of an impending mortgage transaction, assumes the identity of a party involved (such as a real estate agent or title/closing professional), and attempts to convince another party to change the down payment wiring instructions so that the down payment is sent to the fraudster's account. Murin goes on to say that the speed and sophistication of scammers and the international nature of this scam make it difficult to track and stop. In fact, such scammers have even found ways around "call and verify" safeguards, using phone porting technologies to make scammer phone numbers resemble those of authorized parties to the transaction.
Effects on Consumers
Mortgage borrowers may be particularly alarmed by the risk of fraud and phishing scams having to do with their home loan. This is because consumers have less experience with the issue than real estate professionals. And while consumers do get targeted, scammers tend to prefer bigger fish. The PhishLabs report notes that both phishing attacks and ransomware primarily target large institutions. In the first instance, scammers hope to steal login details and information about a large number of individuals to be used in future small-scale scams. That requires hacking into a business's database, not unlike the recent hack of Equifax. When it comes to ransomware attacks, where a user's computer files are encrypted and held for "ransom," big institutions are again preferred, as some businesses may find it faster to pay the ransom to unlock crucial files. Still, the primary way that fraudsters impact consumers is that the cost of mortgage crime and crime prevention makes products and services more expensive for the consumer. Frank McKenna, chief strategist of PointPredictive, a risk management and fraud detection firm, told the Credit Union Times that mortgage lenders are now especially diligent, verifying and scrutinizing nearly every piece of information filed with mortgage applications. The time and resources invested in such measures have an indirect cost to the consumer. McKenna also told the news outlet that even though mortgage fraud involved only 0.82 percent of all mortgage applications in 2017, it's still costly to lenders, who can lose hundreds of thousands of dollars in a single instance of fraud. Finally, there are occasions where consumers are directly targeted for fraud. In one recent case, a fake homeowners association (HOA) filed real liens against more than 30 homes in a Kansas City, Mo., suburb, after fake HOA bills went unpaid. According to a local FOX4 news report, neighbors got in the habit of bringing new residents up to speed on the long-running scam. The scammer would send out notices that HOA dues were past due; however, the neighborhood didn't have an HOA. Nevertheless, the scammer recently filed real liens of $445 each against the home owners for nonpayment. The liens were dismissed, but not before home owners were forced to hire an attorney.
Identifying Phishing Scams
Knowing that phishing scams and fraudsters are out there is half the battle, but there are more steps that consumers and real estate professionals can take to ensure that their home purchase, home sale or refinance goes through without a hitch. For real estate professionals, following the latest industry best practices for security is paramount. Many phishing attempts will try to gain access to the credentials of a trusted transaction partner first. PhishLabs notes that email messages, convincing-looking landing pages, and shared Microsoft Office documents were popular methods of hackers in 2016. Joseph Murin noted that real estate professionals should pay special attention to the security measures of vendors and service providers. Many hands handle such transactions, not only lenders and brokers, but also title companies, closing professionals, vendor managers, and more. Fraud is most likely to happen where there's a weak link in the chain. Finally, for consumers, education about the mortgage process seems to be key. Well before closing, borrowers should find out about the lender's closing process. Many have a policy not to request sensitive information through ordinary email. If an email looks suspicious, call directly to confirm its authenticity. Email attachments should be handled with care, as this is a prime vehicle for spreading malware. Borrowers should talk to their bank about wire instructions, as this may help detect fraud early while ensuring funds get to the intended beneficiary. Consumers should also follow up on transactions. Ensure the title company or escrow attorney received the intended funds. An immediate call to your bank may be able to open a request to recall the wire. If any fraud does occur, contact the authorities promptly, especially the state Attorney General, the FBI and the FTC.
Final Thoughts
In all likelihood, your next real estate transaction will close without any problems. Fraud is still relatively rare, despite the volume of U.S. real estate deals and the high-dollar values often involved. However, you can ensure your next transaction is even more safe and secure by staying up to date on fraud and phishing trends and knowing what to do to stay safe.