Title Now

Cyber Fraud 2022: Protect Yourself

 

Melissa Jay Murphy interviews CertifID CEO Tom Cronkright and a Secret Service Agent about cyber fraud/security.

Length: 45:49
Published: 04/12/2022

Listen In: Apple Podcasts or Google Podcasts

Learn the latest on sophisticated schemes targeting businesses like yours and what you can do to protect yourself.

Melissa Jay Murphy 00:06
Hello, everyone, welcome to the Title Now Pop-up webinar. I'm Melissa Murphy with The Fund and I am relaunching these webinars after taking a fairly significant break. So, thank you for tuning in. Because it's been several months since I hosted a webinar, I thought that I would make sure that all of you know we also have a podcast I feel very modern and with it. The podcast is also called Title Now and I generally push the audio from these webinars to the podcast and will be doing that with today's presentation. The podcast is available through all of the typical channels so sign up and take advantage of all the great content that we have in the podcast.

 So, what are we talking about today? We're talking about cyber fraud and why cyber fraud because it is the number one threat to our industry. It's the number one threat to your business. Despite that reality I fear that so many people in the closing business have heard about cyber fraud over and over and over again and I know I nag about cyber fraud over and over again. You've become sort of resigned to it. You've made minimal gestures toward protecting yourself perhaps setting up some procedures you've made minimal efforts to really keep up to date with what's going on out there in the world of cyber fraud. You're basically rolling the dice on whether you will be the next victim and honestly in today's market, unless you have $400,000 or $500,000 set aside in your rainy-day fund, you are really taking a chance. So, I feel like because this threat to our industry has evolved over the past year. Things have changed and in who's behind this and how they're, what their business plan is, what their workflow model is. And those changes are not good for us. The criminals have figured out that preying on our industry is pretty darn lucrative and apparently not that hard. So, I thought it was a great time to revisit this topic give you an opportunity to learn more about who is behind this crime, how they view our industry and how they have identified our weak points and how they can get in.

We have two gentlemen with us today that are on the frontlines of this war and yes, it's a war. They're going to share their knowledge, expertise, and advice on what the industry and you need to understand and what you need to do to address this threat. So first, I have with me, Tom Cronkright. Tom's an attorney in Michigan, but much more importantly than that Tom is in a closing business. He has a title agency Sun Title, it's a high-volume agency, and he also has a company CertifID, that's in the business of safeguarding money in real estate deals and through this process through this life experience, Tom has become one of the real estate industry's leading experts on cyber fraud and he is committed to solving the largest problem in real estate. And he's so good at this, that the Secret Service has partnered with him. We have Steven Dougherty here from the Secret Service. And as you can see from his impressive background, he's with the Global Investigations Operation Center for the Secret Service.

Tom and Steven, let's get started. What's happening in the world of cyber fraud, business email fraud? What do we need to know?
 
Tom Cronkright 4:28
Steven, I'll let you take this but Melissa, thanks for taking the time and just spreading more and more awareness on this topic. You do such a nice job, appreciate the tee up. But Steven, why don't we read you in we've had a very very active year and a half together and as far as combating BEC, or business email compromise and wire fraud. But as Melissa mentioned, a little bit more background but I'm a wire fraud victim as well. So as an attorney, title agent, I've been through this process. Unfortunately, in 2015, it cost me nearly $200,000 and ended up in a high-profile federal trial down in Tampa. So, when Melissa mentioned that I've become a subject matter expert, I just paid a lot of tuition in this realm that these are courses I did not want to take. As a title agent or lawyer, I don't remember a cyber fraud and money laundering class in law school. I remember tax and corporations secure transactions, but that's it. Steven, you could be read the group into what we're seeing at a high level and how that starts to work its way down into the real estate.
 
Steven Dougherty 05:40
Yes, where I sit in a very unique position here. I'm at Secret Service headquarters in Washington DC. I'm in a desk here called our business email compromised mission desk, in which my unit gets in pretty much real time aggregative incidences cyber enabled financial fraud affecting every industry. These guys are threat actors are targeting every industry out there where financial transactions are taking place. You know, every industry has it, but where's it most visible? It's most visible in the real estate sector. So, they've really turned their sights on the real estate sector for the past several years and they continue to focus on it because there's so many different transactions involved in real estate transactions. You have your closing, you have your mortgage payoff, you have your earnest money deposit. All of these things are being targeted by our threat actors, and it is driven by one thing. The intersection of what I call contemporaneous and privileged information between your buyer and seller, your real estate and closing attorney they will be the only the ones you would think would have the information like the Closing Disclosure, mortgage payoff documents, anything involving the transaction, but that gets intercepted by our bad actors. And then they weaponize that against you. To get you to redirect transfers of funds, send a payment somewhere you shouldn't stuff like that.

Tom Cronkright 7:03
Steven when you say that they're visible. What do you mean that real estate transactions are uniquely visible?
 
Steven Dougherty 07:10
Just the information is out there, due to the real estate sector types of reporting information. Tom, you know, you and I have talked about this a lot about how much of open-source information is available for us to go get or for our threat actors to go find. They can use that, piece it together and then uses that to do a very, very targeted attack. That's so specific that fools even the most complex or educated individuals to spend their money.
 
Tom Cronkright 7:38
Yeah, what we've seen I want to layer on it mostly, if you don't mind. I went two minutes on this because I think the framework of where we are right now creates unique vulnerabilities than when I was hit in 2015 as an agent. So, if we think about the multiple listing service, all of our real estate partners that feed us deals that we're codependent on have an obligation to post up activity on the MLS. That MLS has contracts with Zillow and Trulia and a realtor typically for money to syndicate or buy that data in real time. So, what's interesting is real estate, being now the largest asset of people's lives, and there's not a close second given appreciation. I don't know if you guys saw the NICU from ALTA this morning, but home prices went up another 15% last year. That not only is that the largest asset of people's lives, it's the most visible transaction that we have in the United States. Car purchasing and other high value assets those are happening between, you know, kind of behind the curtain but not real estate. Because of the open market process that a listing agent has to conduct to get highest best use or highest best value for a property and then the fraudster just mine these deal boards. Say “Oh, looks like Norma is listing her house” and “Steve is listing his house” and listing you know, my whatever it happens to be. And then through phishing strategies, these real estate agents have the security of a dumpster essentially, on a super warm day. And they're just exposing us and I'm just going to say it because look, not every time but let's just say in most cases, and then we don't know that all the information that Steven is saying contemporaneous and privileged is being scraped and analyzed overseas, to then trick a homebuyer.

And again, let's talk about homeownership right now. There is no inventory. We fell below 1 million listings last month there are more licensed real estate agents in the country than there are homes for sale for the first time that they've been tracking inventory levels. Run the math. By about a few 100,000, we have 3,800 licensed real estate agents in Greater Grand Rapids. This morning we had 900 listings. So, what does it take to buy a parked property? I've got an employee right now at CertifID. She missed out on three offers. She's been through 12 homes she was high fiving me last night almost crying in a text. “Oh my gosh, we got one right.” They’re going to do anything they can to close that. When they get to the end three weeks from now and are asked to transfer money, if they're not set up for success, that buyer anxiety and that buyer fatigue, at a time when we need them more protected, I would argue creates more vulnerability because look I'm not going through that process again. So, I'm going to do whatever you need. If you're saying I don't need to bring a check anymore and I’ve got a wire funds. Tell me where to send that wire. Steven, I think you'll agree we saw that over and over and over and continue to every week that we're involved in recovery efforts.

Steven Dougherty 10:56
Yes. Talking to you touch on some really good points. So, let's talk about how these compromises are actually occurring. How are they actually getting in and getting this information out? What they do is through multiple different means either through already having your password for your email account that's already on the dark web through a data breach compromise. You guys actually go to a website Have I been pwned? https://haveibeenpwned.com They've been your email address and see if that email address was involved in any of the large-scale data breach compromises. They'll take that information, find your old password, try to use that to log into your account. That's one way to do it.

Another way they'll attack is through a targeted phishing email, where they'll send you an email with a document to click on for some reason. You click on it because you think you're supposed it brings you to a web page. You type in your email address and password and boom are bad actors now your email address and password. And once they have that information, they go in and they log into your email account. They only log in one time. Generally, what they do is they'll go to your settings, and they'll set up an email rule to auto forward out any email you receive. So, you get an email from your client or homebuyer saying, “Hey, I've been told to close yeah, these are the details I have. What do you have?” Now our threat actor has all that information. That's how they get it. They only log in once, they setup the email rule, and the emails are built around that.
 
Melissa Jay Murphy 12:29
Steven, I'd had a question on the chat for you. Oh, Tom already responded to the question. He is spot on. So, we have put in the chat the website that you go to see whether or not your email has been compromised and is out there on the dark web. https://haveibeenpwned.com So that's all.
 
Steven Dougherty 12:50
Yeah, essentially, essentially, it's a website that conglomerates a bunch of different data breaches, and you know, going back for years, so your email address was involved in one of these. It will ping that and show you. That's why it's important to really keep your passwords updated, use new passwords, and don't repeat passwords. These threat actors, they just see that information, and they just start trying it in different places and they get lucky.
 
Tom Cronkright 13:20
Steven let's stay on email accounts because they just seem to be the genesis of all things bad when they're compromised. Not only complex password, but can you speak a little bit about the importance of email settings and analyzing email settings. I think if this industry is ever going to set up Lunch and Learns this year is training our referral partners to identify whether their email accounts have been breached. This is one way but within the email account have rules been set up where their email account is being monitored in real time. They just don't know it and how you prevent it.
 
Steven Dougherty 13:58
So essentially, like I said, these guys log into your email account just once, they go into your settings and they set up a setting or filter to auto forward out of all your emails that way and it’s not only that, they're deleting everything that gets auto forwarded out.  They can tailor it to be very specific that you'd have it say you know, any email that uses the word “wire” or “account” or “payment”. I want you to filter that out to another email account and then delete it. So, it is very targeted with that. What we recommend and what you really should be doing along with changing your passwords very regularly, as you change your password every time go in and check those settings and make sure no unauthorized settings have been set up. You can also actually automate that through different your IT groups if you have them. Your IT groups can even, especially if you're using suite like Office 365, can be set up a way to monitor all email rules that are set up on your system to prevent unauthorized roles being set up. So that's one thing is very important. You guys got to check on that just as much as you can get your password. If you do review your rules, you will be able to see the rules set up. Most of the time, these are set out as user generated rules that you can see in those settings. Pretty easy to do. Particularly in Outlook go up to the gear on the right, click that drop it down, go to Settings, go to rules and alerts if anything's been set up there.
 
Tom Cronkright 15:56
Yeah, I mean specifically any forwarding rules, any autodelete rules, any rules that scan for keywords in emails, all of those you can see either in Outlook 365 version or a desktop or native environment. Also in Google, Yahoo. All the different platforms have essentially these rule settings. The challenge is if the rule is set up, you could change your password every single day. The fraudster is still moving that communication into other accounts. So, you just got to make sure you kick him out of that. Then you reset the password and then you enable two factor or what's called multifactor authentication. Multifactor authentication is an additional security setting. So, you have your username, you have your password. We use a complex password manager here at our all of our organizations. That is LastPass. (https://www.lastpass.com) In a complex password manager you create this super secure master password and then for every site that you link for your email accounts, they create some ridiculous password that like you'd never know it. When you enable multifactor, multifactor is one more layer of security that provides a unique code each and every time that you send in a request to access the account. This adds a little bit more friction. But again, we're balancing friction with user security and data security. As attorneys the bar for us is always higher. There's no difference in court when we're standing up and someone's on the other side saying “Let me get this straight. You didn't check a box of multifactor that could have prevented this whole thing because this seems to be the proximate cause of where we're landing here.” Either your IOLTA account or escrow account was drained. Or I've got a consumer facing the loss of life savings. So that's just the brutal truth of it guys. Then using secure email, judges really don't understand secure email, but secure email is essentially a rail that provides security layer between one server and another server. So, you're sending the email on more secure basis.  What we're talking about is making sure that that destination point isn't compromised. Because if the destination point is compromised, secured email doesn't do any good at all. Okay, the secure email secures it in transit, not what they call “at rest.” So, you got to do both.
 
Melissa Jay Murphy 18:03
So, it seems to me that these additional safeguards and procedures are all a result of the increasing sophistication and increasing numbers of attempts. So, you know, I just don't think this is somebody in a gray hoodie in a Starbucks anymore. So, who is it that's behind this now because hasn't that change?
 
Steven Dougherty 19:13
She's stole my line or she stole our favorite line. The line is that these are not your lone wolf hackers sitting in their grandma's basement drinking Mountain Dew and eating Cheetos, their favorite lives. That's what people think when they think you know, computer hackers, cyber fraud. But no, it's definitely not these guys operate what I refer to as the enterprise business model. It's a top-down business with a C suite and all set up with people below them to work these very complex organizations. They are transnational organized crime organizations. With the C suite you have your CEOs, then they call themselves that Mr. CEO, Mr. Chairman, and they're the ones that are kind of dictate how they want to do their attacks. Then they realize okay, I need somebody to pull off my phishing attack. So, they'll go hire somebody to do that. Then they're gonna be like, “Alright, cool, the phishing attacks good. I have the good information. I know when this transaction is going to be done, and I'm going to redirect it.” So now it's redirecting to another bank account. So now they need the launder that money. They need to get that money to themselves to do that they go and set up a sort of financial director wing. That is this expansive network of global money mules that just constantly are transmitting money back and forth. This problem has gotten really bad. We're seeing a lot of money mules actually be picked from some romance scams prior. So, they are unwitting money mules. They don't know what they're doing. They're just told by someone they met online, that they're going to receive money and help them for construction project or something like that. Then afford those funds on. It is a sprawling network of money mules here. It gets even more granular you have sort of an admin team that helps maintain spoof domains that they need to carry out their attacks or monitor, maintain email addresses or pull off other types of fraud such as unemployment, insurance fraud, even ransomware is tied into this now to kind of bolster up the organization. So, you really have a robust organization you're dealing with here, and they're very complex. They're very efficient, and as they make more money from these frauds, they only get better. Now they can afford more money mules. They get afford better malware. So, it's just momentum that they've developed and it's a momentous problem.
 
Melissa Jay Murphy 20:51
I know that they're targeting title agents because title agents are receiving and sending money, but the source of most wire diversions and claims that I am seeing amongst Fund Members involve that mortgage payoff and they're intercepting the mortgage payoff when it's being sent to the title agent? Are they sort of hoping that there's an easier way that they can get to that mortgage information and scale it up? Do you think that that's on the horizon?
 
Steven Dougherty 21:37
Yes. Or it may have already happened, in some instances where they're getting in and they're getting pure information fed to them before it reaches its destination. Tom and I are seeing something very similar. We can't speak about specifics, but Tom if you want to touch on it.
 
Tom Cronkright 21:55
You're exactly right. Melissa, I ran a statistic. The average open mortgage balance at the beginning of this month was just over $299,000 across the country. Okay, we haven't seen those levels ever. Again, that's because of the accelerated increase in home prices. So, a few years ago, mortgage payoff fraud really was I'm sitting in the real estate agent’s account. I'm seeing the closing attorney send over the mortgage payoff between the client they're sitting somewhere and they're obtaining the original copy of the mortgage payoff. They're taking that PDF, they're using software to doctor that up and then spoofing typically, the loan servicer or the lender saying, “Hey, we had to make a correction. Here's an updated payoff.” So, they're we're using it as kind of an updated payoff scam. But what they're realizing now is to say, “Wait a second, what if we could distribute your original payoff into the email system of the party requesting it, and it's fraudulent from the beginning, like the first one has been tampered with?” So, we saw this early on in the Nashville area mid-summer. And then we just saw in the state of Texas, where the fraudsters again appear to have compromised the electronic fax account of the title company or title companies using the fax to receive mortgage paths. Look, I'm in the industry, 98% of these come over by “fax”, but it's not the fax of days passed because that was a machine that telephonically printed out something on a piece of paper. We said we can't do that anymore. We need the fax to be converted to a PDF and an email and then have that sent into our general stream of communication. So, they figured out I call it the note of distribution. They figured out that to your point well that's that's a great phrasing. We can compromise these at scale. If we could get access to the eFax, GFI FaxMaker. It doesn't matter guys, but if they get in there, they can reroute traffic from the originating servicer where the payoffs being sent from, doctor that up, and push it right through the same rail down in the email. Fascinating scam, and we've seen them do it unfortunately at scale as recently as a couple of weeks ago.
 
Melissa Jay Murphy 24:44
What I hear you saying is that in those situations, it doesn't matter if the criminal has put email forwarding rules in my account, or not, because they're in there before it even gets to me. So, they're not even diverting any information from my account. They, you know, they've moved on to a much more sophisticated scheme.
 
Tom Cronkright 25:16
That's 100%, right. If you look at what 80% by definition of our disbursement obligations, sit at the mortgage payoff. We can't adequately insure it. The most insurance you're going to get is 250,000 per and that's assuming you did 15 things and a COVID test and a blood test to show them that you did everything to mitigate the insurance company's risk, which if you did that, you wouldn't have the fraud. And I think the other thing that we're seeing is, you just simply can't trust mortgage payoffs that are coming from in either direction from the fax right now, from a closing attorney that you relied upon to gather that because you're the dispersing agent, not the rep representing the seller. And if you don't mind, I'll touch on this. It comes down to essentially three things. One you have codified somewhere a trusted list of mortgage payoff information. Treasury templates are the best way to do it. That's stored on your bank server wall. So, you start to set up the wire. You type in Bank of America and all of a sudden, a bunch of known trusted accounts pop up, you compare it to what you have, you release the wire. Some people do that on spreadsheets. I've seen people that have had folders of PDFs that check, check and date. However, you do it, history can be a very, very good guide on what is true versus things that are not true. When it comes to mortgage payoffs. Calling to verify any new account information is even harder than it was before. It’s hard enough to get them to initiate the payoff. It's even harder right now to confirm just general bank account information for a wire but you have to do it or you just send a check, add some per diem, send a check but that's why it's important to get the mortgage payoff early in the process. Let's just think about mortgage payoff risk. Unless I'm sorry, this is going to breach some underwriting standard. The risk only goes down because the worst case is they made another payment. So, let's just get it out in the open. Let's get it before the fraudster has visibility to it. We can always ask for an update or they'll settle that out with the borrower at the end if for some reason they're radio silent on the verification. Know that we're in the process and we will be launching at CertifID an insured mortgage payoff database for spring market. So, we're in the process of analyzing over 300,000 trusted mortgage payoff records right now. We'll be piloting this in the next two weeks with a group and then we'll be launching this out. This is the number one threat. This is the threat guy that keeps me up at night. Because I know that any loan, commercial, there the table stakes could get large very quick where I'm out of business as a Title Agency in one single wire. We were involved last year in a 22 and a half million dollar, about $21 million commercial payoff wire recovery that landed in the money mule’s account. One wire that would have been lights out.

Steven Dougherty 28:28
So, if these do happen to you, and there's a very good chance that it may just due to the threat landscape that's out there. The one thing that's extremely important here, time is money. If you discover this, you need to report it as quickly as you possibly can. There are numerous ways to report it. You can report it through any secret service field office, you can just Google “secretservice.gov and field offices.” You guys I believe are all in Florida, right for the most part. So, while our Orlando Tampa and Miami offices are all very active, very good offices, you can reach out directly to them. Or you can also go to FBI’s IC3, the IC3.gov. www.ic3.gov It’s the Internet Crime Complaint Center. You can also report it there. I'll put the link to the Secret Service field offices in the chat here in a second. But time is money, Tom, I mean, you know you get live streams of victims to you, and you get them to me and how fast have you seen money move within hours. So, we need to stress that time is money.

Tom Cronkright 29:27
Yeah, what used to be touted as you know, 72 to 96 hours with the advent of cryptocurrency and just the sophistication. So, what happens in most cases is that when fraudulent wiring instructions are sent, they are typically sent from somewhere overseas. They're sent from the syndicate running the fraud play, but domestically, they have a series of money mules that either know what they're doing or wrapped up in something they're not even aware of that take money in and then quickly move it out. They can withdraw it in cashier's checks. They can withdraw it in cash. They can buy gift cards. Most insidious is that they move into crypto wallets. Then those wallets move and then they move out into other fiat currencies in different countries, and they can move those funds while the Federal Reserve is closed. So, as we're trying to digitize and make it more convenient, these rails of moving money, that are we would look at as kind of nontraditional, it's just a superhighway for them to launder funds and almost completely avoid detection. So, if you're two or three days in, and you haven't triggered a response from federal law enforcement and notified the banks, I mean the to your points Steven we've seen money move within hours. But we've also had instances where the money was in the bank branch. We notified the bank through our efforts, and they were stopped cold. I love stories like that. But it's harder. It's harder to reclaim the money after it's been stolen because they understand the gravity of how quickly they have to move the funds.
 
Melissa Jay Murphy 31:13
So let me go back and let's try to make this really clear to our audience. The moment that you realize that either a mortgage payoff has been diverted or perhaps the sellers’ proceeds have been diverted. You contact a secret service field office, you email the IC3 website and file a notification. You must I assume contact your sending bank and the receiving bank and who do you ask to speak to at both the sending bank and the receiving bank?
 
Tom Cronkright 31:59
So, before you answer, Steven, here's the point of this. What he's about to say needs to be done in advance. These relationships in this pathway needs to be groomed before you have an incident because what we found is that when crisis hits, people freeze and you're burning daylight, that could mean the difference between something coming back and everything being lost. So, I didn't need to step on you there Steven, but what we're about to say is do not wait. This playbook should be set in the organization before there's an incident.
 
Steven Dougherty 32:41
The way I prioritize it is first you should actually contact your financial institution that sent the wire. They generally will on your behalf send a wire recall or a swift message that it was due to a fraudulent means or compromise. If you contact the receiving bank directly if you're not a client for them, oftentimes they won't help you because you're not their client or customer. That's just a caveat. But immediately contact your financial institution and tell them what happens and see if they can put a wire recall in. The next step is to contact federal law enforcement or local law enforcement really whatever you're comfortable with. But what Tom's point was great is you need to have an incident response plan in place before these happen. You need to know who to call to help you. Local law enforcement can help with this. State law enforcement to help and federal law enforcement. So, it's whoever you're comfortable with who you developed a relationship with. You can just Google obviously I provide the Secret Service field offices link you can also Google FBI field offices. HSI Homeland Security also plays in this space.  IC3.gov is just a place to report that these happened. Even if there's an attempt, report and attempt. Even if you stop it, please report it to the IC3.gov because what that does is it now gives us meat to go after because there's still the bank account that was used to divert the funds, or the spoofed emails used to send the attack email. We can go add to that as well. So please, the biggest steps are to have an instant response plan in place where you know who to contact and how, and two report everything you can wherever you see because not only does it protect yourself it protects the entire community.
 
Tom Cronkright 34:24
Yeah, well, what I've what I've been most surprised by when I'm most surprised, but one of the surprising things Steven I've involved in well over 100 recoveries last year for 35 to 36 million victims. And I say that because each one has a little uniqueness to it. One thing that seems to be bubbling up is if you're banking with a credit union or a community bank, maybe a smaller regional bank. You might be surprised, and you don't want to be surprised when you're going through it, that they don't have a fraud desk, they don't have somebody that understands how to send an alert through the Fed wire system or notify the receiving bank which is typically a money center bank. So, it's leaving a small bank. I mean, 9 times out of 10 it's hitting one of the big guys, because of the coordination they have globally. So, if they don't have their own incident wire fraud communication, all those channels. I mean, I had to educate bank presidents on what an indemnification and hold harmless looks like going to a money center bank, to allow the funds to come back to a victim. It's surprises me as a lawyer. So just don't be surprised. You run this. Sit down with your banker and make sure you know exactly who to call and the information that they will that will require. If they in turn, have the rails set up to protect you and get the documentation that the receiving bank is going to need to put a suspension on the account, freeze the movement of money, and hopefully work that back to you or your customer. And Melissa, it's worth noting it's not just the disbursement wires, yes, those were a direct hit to the closing attorneys. But it's the risks that buyers face when the closing attorney is spoofed. They haven't been educated. They haven't been engaged on this issue. They haven't received wiring instructions. And all of a sudden at the closing table we realize that there's no certified check in hand because their life savings was wired a few days ago. And I'm going to say this it does not matter to tell the people we don't receive wired we only receive certified checks. We have seen time and time again. The fraudster redirecting through communication the requirement that “Nope, can't have a check now because I've got an OMICRON outbreak or something's going on. I need your wire and I need your wire today.” It's just we've seen it unfortunately.
 
Melissa Jay Murphy 37:05
It does seem to me that reverting to what we call the old-fashioned way of conducting business has some role here, has some advantages here. Some of the questions on the chat or have to deal with these new fax systems that do come straight to your computer versus more of a phone line that's sitting on the desk behind you. But is it better to use an old-fashioned fax machine to send and receive things? The problem is a buyer, the normal consumer, out there doesn’t have a fax machine sitting on their desk if they have a fax number? It's something tied to their computer, but certainly for the purpose of receiving a payoff from a lender. An old-fashioned fax machine seems like it might give you some level of protection. Then in dealing with for example, buyers that need information about where to send their cash due at closing. I don't know what the average homeownership is now, but you know, it's five to seven years, maybe. People don't do this on a daily basis the way we do and so they're not sophisticated and educated about this cyber fraud and rather than communicating with them via email it seems like a reliable form of communication is the good old-fashioned phone. Do you agree? Is that something real practical piece of advice?
 
Steven Dougherty 39:01
You know for customers; this is not a muscle memory transaction for them. Just to put it out there, everybody puts disclaimers at the bottom of their email saying, “wire fraud is real.” Well, guess what? People don't read anything below your signature line in your email. They read the content. That's it, they're not reading and paying attention to that. So, you really have to engage your clients and customers on a very sort of vigorous basis. Tom, you agree that you should do it upfront and throughout the entire process. Let them know, this is the process, and fraud exists, this is how we combat it.

Tom Cronkright 39:44
We didn't create this threat. The threat is not going away. It's only getting worse. So, what do we do in response? My argument has been to the industry, to my staff, to our community here in West Michigan primarily is that this isn't going to happen on our watch. And if it does happen, we as transaction participants as advisors, lending, real estate, title and closing that we've done everything we could. We met the standard of care as is being defined in the courts, unfortunately, federal and state as to what success looks like for a consumer to be protected. The challenge is we're not driving them to the bank. We're not over their shoulder when they're opening online banking. A lot of them are banking with an eBank and there's no bank branches. That's the other realization with this economy we're in. We're not in a good fun state. So, I don't have to take wires and if I put my title owner hat on, I don't have to take wires in for cash to close. Now don't have to send wires out, pursuant to the state of Michigan. But what I need to do is educate the consumer that this thread is out there. They can strike at any point and we're going to set you up for success. So, the first thing we do is when we issue the title commitment, we send our wiring instructions along with a wire fraud notice to every consumer. We send it through CertifID. You may even say I'm going to send it through secure email; however, you send it just make sure that you have confirmation that they're the ones that actually received it. Because in a vacuum you can say “Look, no wires only checks. Got it great. We'll see you at closing” and then they get tricked after and it's simply not enough. The other thing that we've done is educate them of the closing scheduled. “Hey, remember if you are going to wire only those instructions that were sent earlier can be trusted.”  With regard to enrolling the real estate agents and the referral partners. This is the key. This is where you can multiply the message and multiply this yourself in this conversation because guess who they trust? They trust the real estate agent because they're typically the one driving the traffic. You're being fed off them. Everyone is kind of beholden or codependent on the real estate agent. There's an opportunity there that at the agency formation, this knowledge transfer takes place. So, through notices, we've provided what we call a “day zero document” that our real estate agents put in Dotloop and DocuSign that we have the customer sign because they might start working with a buyer six weeks ago trying to find houses. We've been involved in wire fraud recoveries where the purchase agreement wasn't even countersigned by the seller in the entire cash to close amount was wired to a fraudster by the buyer. Purchase Agreement wasn't even consummated yet. That's how early they can get approached. So, educating the real estate agent, you know, showing them what you're doing to protect the consumer to protect them, and then getting them as part of the lexicon of how they do their business. Wire fraud becomes this conversational piece, not something that we hide behind or act like it's not happening. That in my opinion, is how you drive sustainable engagement. You can't do it all yourself.
 
Melissa Jay Murphy 43:16
Interesting. I think thiss has been an incredible source of information. So, thank you to Tom and Steven. I think that we might have raised some questions that we have not been able to answer and those have been reflected in the chat. So, what I am going to try to do along with my team is look at the issues and questions created by the chat. Review the information that Tom and Steven have shared with us. Try to make some organizational sense to it and try to push something out to Fund Members to update them on the best way to deal with this. Nothing about what you do when you realize there's been a crime is really different than what's on our website right now, Fund Members. We have the IC3 website. The Secret Service connection is something that's a little bit new. And so, we're definitely going to add that kind of information to our webpage. https://www.thefund.com/information-center/information-security.aspx Steven, so thank you for that.
 
Steven Dougherty 44:35
On that website, you can actually go back to do investigations. And there's actually numerous pieces, there's PDFs, there's documents that help prepare for a cyber incident and give updated information on cyber stuff that you can definitely pull down and link to on your website. www.ic3.gov
 
Melissa Jay Murphy 44:54
We will definitely look into that. So, with that I am going to thank Tom and Steven again. I'm going to thank all of you 190 people that participated in this webinar. Thank you so much for your time and attention. Don't forget we're going to push this out on the podcast. And so that's another way you can listen to this webinar again in the information. We will make sense of the comments and information that has been posted in the chats and push that out to you. And as I always do when I wrap up one of these is thank you above all, thank you for your support of The Fund.