Voice of the Title Agent (VOTA) Panel from the 2012 NSSCS – Part II – Outside Fraud
We recently fell victim to online fraud so we can speak with unfortunate authority and experience on this topic. It was something of which we had of course been aware but thought, foolishly, “that will never happen to us.”
One of our escrow officers happened to open an attachment in an email that came from the “Better Business Bureau.” The subject of the email was craftily worded – suggesting that someone had lodged a complaint against our company.
And then we received notice that someone was trying to send unauthorized wire transfers from our escrow account. Fortunately, our bank was able to shut down the efforts and we escaped with minimal damage. The thought of such a theft should strike you as horrific. There are few insurances for your commercial escrow accounts in cases like these. And, ultimately, the monies lost are not yours, which means that they must be repaid by someone.
Needless to say, we learned a lot about what we can do better to prevent this type of theft from happening again. Here are three takeaways for you.
Pay Attention & Train
There is absolutely no substitute for making certain that your staff are keenly aware of every threat out there. Take time during your staff meetings to discuss these threats with your people.
You may ask how you find out about them. I can think of three very helpful resources. The first is your bank. Their security department should be aware of most of the popular threats – be they phishing scams or hacking or something else; and they should be more than willing to share these with you in an effort to keep your accounts secure.
Second, your IT team should also be aware of these threats and should be able to provide counsel and training on preventative measures you and your team should take.
And finally, your underwriters’ bulletins are ordinarily quite instructive and should alert you to any recent or popular threats.
Maximize Your Security Systems & Procedures
One of our biggest mistakes which contributed to our experience with outside fraud was the failure to use every available line of defense for account security.
At the time of our theft, our escrow officer was able to transmit wire transfers online using two users and two passwords. That was obviously not enough, since the particular hack related to the “BBB” email allowed the online intruder to copy those credentials and initiate wire transfers from our account.
If you don’t already, demand from your banking institution the highest level of security to protect your accounts from similar attacks.
For example, we now use a similar log in process for online banking but before any wire transfer is initiated we must enter a unique token code that is made available on a keychain device. Hopefully you have these measures in place already. If not, call your banker now to find out how you can.
Insure to the Extent Possible
I was chagrined to find out after this episode that there were some insurances available against such attacks. Our IT company (we outsource our IT to a local tech firm) brought it to our attention that we could be added to their cyber-liability coverage. That would have been nice to have known before the attempted theft, but at least we are covered now.
We have also discussed similar coverages with our own business insurance agent and company. So there are options available and I would definitely encourage you to explore those options to the fullest extent possible.
Please share your thoughts in the comments section below if you have more helpful suggestions on avoiding outside fraud.
Thanks for reading! Tomorrow, I’ll be talking about the Marketplace & Business Improvement. You can reach me on Facebook.com/WingedFootTitle and Twitter.com/WingedFootTitle or just call 239.985.4142.