Email Security: Wire Fraud, Phishing and Spoofing

Wire fraud, phishing and spoofing continue to be a big concern for title and real estate professionals. Ensuring the security of your email account is a top priority for RamQuest and recognizing and knowing how to avoid these security threats is critical to keeping your email secure. So let’s start with a few definitions...

• Wire fraud: financial fraud involving the use of telecommunications or information technology.
• Phishing: fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
• Spoofing: situation in which one person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage.

It’s likely that everyone knows someone who has been the target of phishing. Even if you personally haven’t encountered a phishing scheme yet, you most likely will in the future. But, because phishing emails are often generic in nature, we’ve learned to identify, detect and ignore or delete these attempts.

Spear Phishing...It’s Getting Personal
Spear phishing is a special type of phishing that can be much harder to detect. In our industry, these spear phishing emails often include specific information about a real estate transaction. The spear phisher may be spoofing an email address for someone who is associated with one of your real estate transactions. Or, the phisher may have gained access to the email account of that individual and is sending emails that appear to come from a buyer/seller, real estate agent, mortgage broker or lender with information specific to one of your transactions. As you can imagine, this can be much more difficult to identify as phishing.

You must be vigilant to protect yourself and your customers. If a perpetrator were to gain access to your email account, they could use it to send fraudulent wiring instructions to a party of one of your real estate transactions. And to make matters worse, the perpetrator may wait weeks or months to strike, using that time to gather very specific data about your transactions. As a result, you may not even realize that your account has been compromised until it's too late.

How to Prevent Unauthorized Access to Your Email
Your ability to recognize spear phishing schemes coupled with a healthy amount of skepticism are some of the best tools for prevention. Another measure that will help prevent unauthorized access is using multi-factor authentication for your email account. This feature is available for our customers that have a RamQuest/op2 managed Office 365 email account and we strongly encourage you to enable it. When you're ready, just contact Support and we'll walk you through the steps!

How Do I Know If My Account Has Been Compromised?
Here are several things that you can watch for that may suggest your email account has been compromised:

• Have you clicked on a link or opened an attachment that prompted you for your password?
• Have you received calls from people not involved in your transactions?
• Do you have missing emails or are emails being redirected to folder other than your Inbox?
• Have your business partners received emails that appeared to come from you that you didn't send?
• Are you receiving bounce back messages from recipients that you didn’t send messages to?

What If I Think My Account Has Been Compromised?
First and foremost, change your password if you are able and make it stronger (no birthdays, addresses, kids' names, dogs' names maiden names or anything else that could be found on your Facebook or other social media pages). In addition, we suggest that you:

• Check for email forwarding in Office 365. This link will help you know what you're looking for. If you find any forwarding that you have not set up, delete them immediately.
• Check for Inbox rules in Office 365. As with email forwarding, if you find a rule and it's not yours, delete it immediately.

As an op2 customer, if your email access is blocked and you cannot change your password or you need any additional help, we're here for you! Contact your RamQuest Support Team at 214.291.1616.


Additional Resources from ALTA
Here are some additional resources for some good information on prevention and best practices.

• Wire Fraud (ALTA Membership required)
• Best Practices (ALTA Membership may be required to access some content)

It’s also a good idea, if you haven’t already, to check with your underwriter for any additional resources they may have about wire fraud, spoofing or phishing.