Title Agents lose millions due to Cyber Attacks: Protect Your Agency

In the past few months title agents have had hundreds of thousands of dollars illegally wired from their escrow accounts due to a not so new form of cyber crime-Botnet. There are many forms of Botnet.

RynohLive Blog ::

Commercial banking is a target too large for criminals to ignore, and they are stealing hundreds of millions of dollars in schemes that attack online banking computers. The title agent is a prime target. It is a pervasive problem that is proliferating. A Botnet is a malicious software (malware) that can steal information, and among other things be used to wire funds from your escrow account! The primary culprit for the title agent is the ZeuS Botnet. The ZeuS Botnet is commercially available over the internet and may be “purchased” for as little as $3,000.00. The latest version of this cybercrime toolkit, which starts at about $3,000, offers a $10,000 module that can let attackers completely take control of a compromised PC. For the title agent, the hacker uses ZeuS to steal financial credentials and initiate fraudulent transactions primarily in the agent’s online banking portal. The hacker also can access automated clearing house (ACH) networks and payroll systems. Zeus is a very sophisticated Botnet variant. that spreads by concealing itself in many formats (email, drive-by downloads and open Internet Browsers). ZeuS and other Botnet variants have taken over hundreds of thousands of desktops and sometimes servers. Your typical spyware and antivirus programs will not necessary protect you. More often than not the Botnet remains undetected. Once the ZeuS Botnet has infected your computer, it sends instructions to the criminal(s) waiting to access your account using the collected credentials. Cyber-criminals masquerade as the agent to execute wire transfers to on/off-shore banks. Even the use of an RSA* token will not prevent a successful Cyber attack! (*An RSA token is a random number generator that is used to reduce wire fraud). Once the money has moved offshore the likelihood of recovery is nil.

I have spoken with agents that have recently lost money from their escrow accounts due to the ZeuS Botnet. There has been one common factor for each of the agents experiencing the fraudulent wire. They did not use dual controls and best practices for initiating wire transfers. This problem is especially prevalent in small agencies. I have surveyed small agents at recent NS3, ALTA and VLTA meetings. A very large percentage of them only use single wire controls because: a) They would never steal from their escrow account! or b) It is a “real imposition” for them to use dual controls. They really do not fully appreciate the magnitude of the problem. It is really a bigger imposition to lose $200,000 or more. They must at a minimum adopt the best practices (Best Practices) in order to “harden” their on-line banking process. There are also other products that are available today to combat the Zeus Botnet and other malware (IronKey). Traditional anti-virus products do not afford foolproof protection!

RECENT INCIDENTS

In April a Missouri Agent lost $400,000. A post mortem with the company disclosed that they were only using a single individual for the online bank wiring process. Had it not been for RynohLive, their Escrow account would have been drained. They lost $400,000. RynohLive was only able to alert the agent after the fact. A wire transfer is instantaneous. For the Missouri Agent, they were able to notify the bank before the Zeus Botnet came back the next day to further drain the account. RynohLive’s alert prevented a subsequent loss in excess of $800,000

From speaking at length with a Virginia agent after a very recent $200,000K loss, what was most telling was that the agent was using an RSA token! The ZeuS Botnet still got into their online banking system and sent the money. But then again that is what it does. When I had asked if they were using dual controls, the response was in the affirmative. It was their understanding that the token was the ”second or dual control” in the process, and that that they were protected! Sadly that was not the case. Dual control is two separate individuals from separate computers. What really was required was that second individual with another token and computer, and while that is significantly more secure it is by no means entirely fool proof. That distinction should have been explained to him by his banker. Additionally, the agent was “locked” out of their account during the several days that the cyber attack was occurring! DON’T JOIN THE GROWING LIST OF VICTIMS

Richard M. Reass
President
RynohLive

Rating:

1068 words | 3243 views | 2 comments | log in or register to post a comment

	Cyber Liability for Title and Escrow Agents
	Your post on theft of a company's escrow funds is intriguing and certainly worth noting the risk associated with operating on the internet and handling cash on behalf of others. Title agents and escrow agents should purchase cyber liability and commercial crime policies. Cyber liability policies are a type of errors and omissions insurance designed protect against unauthorized access to a company’s computer systems including first party notifications that information has been compromised and also costs incurred in paying for credit reporting and forensic accounting related to the incident. Commercial Crime insurance protects companies from the actual theft of assets you mentioned. Both policies are a critical part of the risk management of any title agent or escrow agent. Mike Smith Axis Insurance Services, LLC www.axisins.com
	by Mike Smith \| 2010/08/09 \| log in or register to post a reply

	Liability for lack of controls
	Came across this three year old article and it still rings true. What's interesting is the extreme escalation in liability for theft of customer funds. With the target breach continuing to play out we are seeing most states aggressively passing legislation and prosecuting even the most minor issues.
	by Tom Firestine \| 2014/03/25 \| log in or register to post a reply

RynohLive Blog

Links