Five Common Threats to Business Cybersecurity

Technological advances, such as the mainstream availability of Artificial Intelligence (AI) and the rise of instant payment options, mean that cybercriminals continue to grow in their scope and sophistication. According to the Federal Bureau of Investigation (FBI)’s most recent Internet Crime Report, over $12.5 billion in potential losses from cybercrime were reported in 2023, a 22% increase from the $10.3 billion reported in 2022.

Cybercriminals don’t discriminate when choosing their victims, and businesses and organizations especially must remain vigilant with their cybersecurity measures. Without established protocols in place, you may not realize you have a security risk until it’s too late. Here, we highlight five common cybersecurity threats to the title and real estate industry, and how you can help protect yourself and your organization.

FIVE COMMON CYBERSECURITY THREATS

1. Phishing, a type of cyberattack that combines email and social engineering to entice victims, remains the top cybercrime reported to the FBI in 2023. Phishing emails often appear to come from a familiar organization or individual, tricking the recipient into clicking on a link or opening an attachment that contains malicious code. Once this code runs, the computer may become infected with malware. Phishing schemes have branched out from email and may also arrive in the form of a text message (smishing), voice message (vishing) or QR code (quishing).

2. Business Email Compromise (BEC) is a scam that targets both businesses and individuals performing transfer of funds. Originally a scheme in which a cybercriminal hacks or “spoofs” a legitimate business email to request that wire payments go into a fake bank account, BECs historically scammed businesses with requests for W-2 information, claims of gift card purchases, or targeted compromised vendor email accounts.

BEC fraud continues to evolve with ever-changing technology, and 2023 saw an increase of cybercriminals targeting cryptocurrency exchanges, third-party payment processors and investment accounts. The quick dispersal of funds in cryptocurrency platforms makes them especially vulnerable to fraud, emphasizing the importance of implementing security measures like two-factor or multi-factor authentication. BEC fraud was the second-costliest crime reported in 2023, with 21,489 complaints amounting to $2.9 billion in reported losses.

3. Ransomware is a type of malicious software that is so destructive it merits its own category. Ransomware is a type of malware that takes over your computer and encrypts your data, refusing you access to it until a ransom is paid. Ransomware attacks are on the rise across the world, with notable impacts to the title industry. The FBI reports emerging ransomware trends in 2023, such as deployment of multiple ransomware attacks against the same victim and data-destruction threats to pressure victims to negotiate. Reported losses rose 74%, from $34.3 million in 2022 to $59.6 million in 2023. Ransomware can be introduced through phishing emails or infected websites, so always avoid clicking on suspicious links in both email and text messages.

4. Wire fraud is a type of fraud involving telecommunications or the internet, including phone calls, faxes, emails, texts or social media messages. CertifID, a wire fraud protection firm, reports $2.4 billion in suspected wire fraud activity in 2023, a year-over-year increase of 56%. Inflation in 2023 led to higher interest rates, lower inventory and a slowed pace in home sales, causing many buyers, sellers and real estate agents to feel more pressure to achieve fast turnarounds, creating the perfect environment for wire fraud to flourish.

Based on its survey of 650 consumers who recently participated in the closing process, CertifID reports that nearly one in four were targeted with suspicious or potentially fraudulent wire fraud activities. The report concludes that buyers and sellers will increasingly choose to do business with real estate agents who prioritize security measures to protect their money.

5. Title fraud, a form of identity theft, occurs when a fraudster illegally transfers the title to real property without the actual owner’s knowledge or consent. Some examples of title fraud include:

Vacant land fraud, in which a fraudster searches through public records to find properties that are free of mortgages or liens. They identify the owner of the property, pretend to be the owner, and contact a real estate agent to sell the property. Such a fraudulent “seller” may dupe real estate professionals by claiming to have no social security or TIN number, claiming to be abroad for business, or living in a foreign country or state from their listed mailing address.

Seller impersonation fraud occurs when the fraudster searches for property that is free and clear of a mortgage or other liens, mainly targeting vacant land and rental properties owned by foreigners or the elderly. The fraudster then poses as the property owner and uses an internet request, email or text message to hire a real estate agent. The fraudster offers excuses not to appear in person and requests a mobile notary. Then, often impersonating the notary as well, the fraudster delivers falsified documents to the title company or closing agent. Upon closing, the buyer’s funds are unknowingly wired to the fraudster’s bank account.

Notary fraud occurs when a fraudster impersonates a Notary Public and forges notary seals to create a fraudulent deed. Most counties have notaries available for certifying documents for public records, but there are no firm regulations for verifying the legitimacy of a notary seal, making it easier for criminals to forge them. The fraudster will likely refuse to meet in person for a closing and all communication will be done via email.

PROTECTING YOUR BUSINESS

To protect yourself and help prevent cybercrime from attacking your business, be sure to take proactive steps like the ones below:

  • Train your employees: Train your employees how to do things like spot phishing emails and texts, avoid suspicious downloads, protect sensitive information and create strong passwords.
  • Secure your networks: Safeguard your information by using a firewall, encryption and secure wi-fi network.
  • Require strong passwords: Improve your cybersecurity with password requirements, such as 10 characters or more and a mix of uppercase and lowercase letters, numbers and special characters.
  • Use multifactor authentication: Require additional information to access sensitive information, such as a security code sent to your phone.
  • Invest in a cybersecurity team: One of the best ways to protect your business is by employing professional help. Finding and maintaining employees dedicated to keeping your company digitally secure is a huge step toward long-term cybersecurity.

REGULATORY OUTLOOK

Federal and state-level regulators for financial service organizations are urgently updating cyber-related regulations to keep up with evolving cybercrime. In 2023, the U.S. Securities and Exchange Commission expanded its cyber-related regulations by requiring certain entities to establish, maintain and enforce transparency with written policies and procedures reasonably designed to assess cybersecurity risks. Under these new cybersecurity rules, covered entities are now required to implement the following:

  • Periodic assessments of cybersecurity risks associated with the Covered Entity’s information systems and written documentation of these assessments;
  • Controls designed to minimize user-related risks and prevent unauthorized access to the Covered Entity’s information systems;
  • Measures designed to monitor the Covered Entity’s information systems, protect it from unauthorized access or use, and oversee service providers that receive, maintain, or process information or are otherwise permitted to access to the information systems;
  • Measures to detect, mitigate and remedy any cybersecurity threats and vulnerabilities within the Covered Entity’s information systems; and
  • Measures to detect, respond to and recover from a cybersecurity incident by documenting, in writing, any such incident and the response to and recovery from the it.

To learn more about cybercrime and tips from the FBI about protecting your businesses, click here. Title and real estate professionals can also find valuable tools and resources for preventing wire fraud from the American Land Title Association