Phishing remains the most popular attack for hackers targeting the mortgage and real estate industries.
Both loan officers and mortgage managers continue to click on links in seemingly routine emails, ultimately giving fraudsters full access to lenders' systems and mortgage transactions. Such mistakes can cost companies millions of dollars and expose sensitive data on millions of customers.
Phishing schemes remain the most common prominent form of attack on the mortgage industry because hackers have many ways to plant themselves in a mortgage transaction, according to a panel of mortgage executives speaking at the Mortgage Bankers Association Solutions Conference technology& Expo 2022 this week in Las Vegas.
And these hackers are getting smarter every year.
Michele Buschman, chief information officer at American Pacific Mortgage said hackers insert themselves into a mortgage transaction, pretending to be either a real estate agent, escrow company or the LO, and send an email asking the borrower for a wire transfer, or send them a link that is required to be clicked on.
"It only takes one person in the transaction to compromise their email account, and they are able to mimic the LO's signature or the lender's logo," said Buschman. "They make it look so real that it's hard for a consumer to tell that it's a fake."
David Townsend, CEO of Agent National Title Insurance.Co., a national title insurance company, said the real estate agent is often the weak link in a phishing scheme.
"Believe it or not, many real estate agents are still using AOL emails," Townsend said. "Insecure emails are most prevalent among real estate agents, and they have their emails on their signs, so it's easy to get this easily identifiable information."
These emails can easily be spoofed and used for phishing schemes.
Adam Chaudhary, president of FundingShielda fintech for fraud prevention solutions, said data is unevenly distributed among lenders, title and production systems, and real estate companies, providing ample opportunity for hackers.
"You have multiple parties coming to a closing table with different levels of security and a single motivation to close this thing as quickly as possible … that presents cybersecurity challenges," Chaudhary said.
He noted that housing agencies have expressed an intention to better track cybersecurity breaches at lenders and their providers.
Chaudhary said that Freddy Mac recently sent FundingShield a letter demanding the fintech disclose any cyberattacks that may have impacted customers.
"We are so centrally located in the ecosystem that we offer protection across the landscape to lenders who use third-party services," said Chaudhary. "They want us to disclose if we have knowledge of a cybersecurity breach or a data breach, even if we think it might happen."
Freddie Mac did not immediately respond to a request for comment.
Buschman also noted that phishing attempts at APM have increased noticeably since the Russian invasion of Ukraine in late February. She added, however, that she could not say for sure if there was a connection.
In March, cybersecurity experts pointed to an increase in cyberattacks, with some speculating that those attacks came from Russia or China.
To prevent hacks, the panel recommended creating a "human firewall" by educating consumers and all parties involved in the mortgage transaction about the potential for spoofed emails.
The panel also said multi-factor authentication and patching outdated systems are a must.
The post The growing threat of phishing attacks on the mortgage industry appeared first on HousingWire.