Given the way information is shared in the digital space, CertifiD, a real-time identity platform’s recent white paper notes that mortgage payoffs are prime targets for fraudsters. The report found a steep rise in the use of spoofed mortgage payoffs by cybercriminals in the title and settlement industry. Perpetrators take advantage of information sent via fax to create payoff statements that look identical to those issued by the lending institution, leading to easy access to details including loan account number, current loan balance, interest rate, closing date, per diem interest and late payment fees.
The report highlighted five areas of risk associated with payoff statements:
Spoofed lender payoff portals - Hackers take advantage of lenders offering the ability to originate mortgage payoffs directly from their website. Fraudsters create websites that are outwardly identical to that of the mortgage company and replicate payoff statements, eventually leading to a loss of money. The report suggests the use of encrypted emails instead of relying on online portals to tackle this issue.
Lender payoff statements - Roughly 90 percent of all pay off statements are generated electronically after receiving borrower authorization. Interestingly, the same percentage of payoff statements get sent via fax, pointing to the fact that the industry places a high degree of trust in faxing documents–a practice easily exploited by hackers. Stricter measures to confirm the identity of the individual sending the information as well as the accuracy of the information itself is imperative in preventing wire frauds, the report indicated.
Pay off received from current borrower - In several cases, fraudsters aware of requests put in by the current borrower find ways to access the borrower’s email account to obtain a copy of the real payoff instructions, which is then replaced with a spoofed payoff. To deal with this issue effectively, the report emphasized the importance of confirming bank account credentials before wiring, the identity of the borrower in real-time before taking any action and not establishing contact based on the forwarded information.
Land Contract Payoffs, Seller-Held Mortgages, and Other Third-Party Payments -
Seller-held mortgages, land contract payoffs, judgment liens, tax liens, divorce settlements, and other similar encumbrances provide a window for cybercriminals to access information exchanged between transaction participants which are often unencrypted and easy to tamper with. Extra caution while dealing with pay off instructions received from a third party, taking extra time to confirm identity and reviewing bank credentials is imperative to avoid breaches in such cases, per the report findings.
Payoff trolling - Fraudsters monitoring multiple listing services (MLS) postings in real-time remain alert to active property transactions that move from a “listing” to a “pending” status, giving them an average of 43 days to prepare to defraud someone in a transaction.
information to deploy next-level fraud schemes. Educating all parties in a transaction about the need to authenticate information before acting on it and flagging off any new or revised payoff information before transferring funds is an important step to help prevent fraud cyber impersonation, the report added.
As newer methods of hacking evolve, it is important for organizations to create a sophisticated and multi-layered approach to combat cyber threats through training, infrastructure, and policies and procedures to ensure data security.