FRAUD ALERT

In our ongoing efforts to keep our agents informed of potential threats to their business enterprise, we will be sending Fraud Alerts so that you are aware of potential threats and can take any steps you feel necessary to guard against them.

 

 1)     REPLACEMENT WIRING INSTRUCTIONS SCAM

 

The scam involves the interception of unencrypted emails, the scanning of those emails for wiring instructions, the creation of a new string of emails from an email address that is very similar to the email address of the original sender, and, finally, the provision of revised wiring instructions.  The result: funds from a closing land in the account of a cyber-criminal and not the intended recipient. 

 

The scam:

  

 a)     A cyber-criminal intercepts a collection of unencrypted emails. The cyber-criminal reviews the collection of emails for wiring instructions and a significant sum of money to be wired.

  

b)    The cyber-criminal then sends "revised" instructions, including a new ABA routing number and account number.  The email would generally come from a similar (but different) sender's email address; to wit: paralegal@trustworthyfirm.com would be changed to paralegal.trustworthyfirm@gmail.com (This is just an example, but it is always a different domain).  Sometimes the true email address is embedded (e.g. Paralegal paralegal.trustworthyfirm@gmail.com), which could mask the true email address, further hiding the true identity of the sender.

 

c)     The cyber-criminal has the previous email from the legitimate source, so the cyber-criminal's email will look in form and substance just like the previous legitimate email. 

 

d)    Not noticing a different email address, the recipient wires the funds to the incorrect account and a significant loss is experienced.

 

How can you protect yourself or your firm against this scam?

 

Take the steps necessary to encrypt emails containing wiring instructions.  Additionally, you should exercise a high degree of suspicion for any wiring instructions that you receive that do not come through encrypted email from a trusted source, especially if they replace existing wiring instructions.  It is recommended that you confirm by telephone that the intended recipient did in fact send or change its wiring instructions. 

 

2)     IMPERSONATION OF TITLE UNDERWRITER IN EMAIL SCAM

The scam:

a)     You receive an email purporting to be from National Investors or Investors Title that contains a request for information.  This information could purport to relate to any of the following:

 

1.     An open or closed file (including opinions, commitments, ICLs, policies).

2.    A claim file.

3.     Approval and/or renewal information to be an approved provider.

(This is not an all-inclusive list.)

 

b)    The email may request a return response that, by hitting "REPLY", goes to the email address that originally sent the fraudulent email and not National Investors or Investors Title.  All National Investors or Investors Title emails will include the domain "@nititle.com" or "@invtitle.com".

 

c)    The email may request that you click on a link to supply the information.  Generally, National Investors  or Investors Title or does not

collect Non-Public Personal Information through its general website.

 

1.     Sometimes clicking on such a link will allow malicious code to be opened on your computer. 

2.    Other times, clicking on such a link will take you to a website and ask you to voluntarily enter private information.

 

In either case, the link will probably be masked http://WebSite.com <a href="http://malicioussite.com">.  You can tell the actual website address by holding your mouse over the link (WITHOUT CLICKING) and view the destination website and confirm its true address.

 

How can you protect yourself or your firm against this scam?

 

National Investors and Investors Title uses encrypted email for your protection.  Should you receive any email containing Non-Public Personal Information from a party alleging to be National Investors or Investors Title or that is not encrypted, you should be suspicious of that communication and verify it by telephone.

 

To be safe, you can right click on the email address and see if it is the same.

 

If you have received any emails of this type or other suspicious communications, please delete them immediately and notify your staff to do the same.  Furthermore, you should notify whoever is in charge of information technology for your office to make sure that there were not any breaches in your security protocols due to these email scams.

 

 

 

------------------------------------------------------------------------------------------------------

We are interested in alerting our agents of any and all external and internal threats and fraud scams.  In the event that you become the target of a fraud scam, please share that with us so that we may alert others.  You may email the facts about the attempted fraud scam to riskmanagement@invtitle.com.

 

This Fraud Alert is a service of National Investors.  If you have any questions about this Fraud Alert or the contents hereof, please feel free to contact Jonathan Biggs, Vice President of Risk Management and Education at riskmanagement@invtitle.com. 

 

 

Teresa Frost, CTIA

teresa.frost@nititle.com

 

 

 

National Investors
5900 Shepherd Mountain Cove, Building II, Suite 220
Austin, TX 78730
877.256.8098
www.tx.nititle.com

National Investors Title Insurance Company | 5900 Shepherd Mountain Cove | Bldg. II, Suite 220 | Austin | TX | 78757