Mortgage Mayhem

Susan Cole PhD February 20, 2019
Connect--But, be very careful

Lessons Learned about ongoing hacking challenges in the real estate market

I recently moved across the country. Being a good parent, I decided I should update my will for the laws in my new state. During the discussion with the lawyer, he asked what I do. And the following conversation opening my eyes. And prompted me to do a bit of research.  

Side note: one thing I love about this field is that you ALWAYS have something new to learn.  

I suppose I was used to my “sector” and it did not occur to me how sophisticated hackers had become and how intelligent their targeting methods in all arenas. The lawyer told me about the new training requirements he must adhere to every year (involving IT and cybersecurity). And a few other scary and interesting things about the evolution of hacking, specifically related to our mortgages.  

Now, we all know the importance of encryption when it comes to data confidentiality. But a study within the last 5 years revealed that mortgage companies are sending data unencrypted. “A study from Halock, a cybersecurity firm that looked at the security practices of 63 U.S. mortgage lenders. More than 45 of those lenders permitted applicants to send personal and financial information, such as W-2 forms and tax returns, over unencrypted email. About one-eighth of the lenders offered a secure email portal.” (Estrin, 2014)  

But wait… there’s more!  

Did you know that mortgage agreement processes differ from state to state? In the state that I came from, it was mainly paper-based. When I moved across country suddenly, I was getting emails to login and sign “e-docs.” These new processes are now being targeted by hackers. Both individuals signing these docs and employees in mortgage companies are being sent phishing attacks designed to get sensitive information, which hackers can build on to target customers, the mortgage/lending companies or even real estate companies.  

The 2018 California Consumer Protection Act (CCPA)

“All of this data collecting leads to their final plan: sending you an email from a legitimate address that either con you into sending a down payment on a new home or your monthly mortgage payments to a fraudulent account. The terrible blow about this scam is once any money is wired; getting it back is highly unlikely.” (Archambault, 2018)  

The bottom line here is that all of us need to be more vigilant about our own information and how securely companies are protecting it. Even those in the field, may not be aware of what’s happen in other areas – but we stand a lot to lose if we don’t pay attention and learn what to be concerned about.    

References

Archambault, M. (2018). Hackers Target Homeowners or Potential Buyers With Mortgage Scheme. Retrieved from: https://www.psafe.com/en/blog/hackers-target-homeowners-or-potential-buyers-with-mortgage-scheme/

Estrin, M. (2014). Protect your mortgage data from hackers. Retrieved from: https://www.bankrate.com/finance/mortgages/protect-your-mortgage-data-from-hackers.aspx

Tags: , ,

More Stories

CYBER DECEPTION: Impact to Cybersecurity and the Application of Machine Learning Tools

Donna Columbus January 15, 2023

TOP 10: Challenges of NIST 800-171 for Companies to Meet DOD Cybersecurity Contracting Requirements

admin January 10, 2023

The TOP 6 Fallacies of Cyber-Threat Hunting

Dr. Mark Russo February 21, 2020

SPOT: CMMC: When 32 = 17 (Security Controls)

Donna Columbus January 3, 2020

COMMENTARY: DOD’s “NEW” CMMC is unnecessary duplication

Dr. Mark Russo October 7, 2019

Why most SIEM Solutions are Failing us

Dr. Mark Russo August 14, 2019

You may have missed

Cyber Threat Hunting (CTH) in an Age of Escalating Cyber Threats

Dr. Mark Russo July 4, 2023

Should You Hire a Virtual CISO?

admin February 1, 2023

TOP 5: The Main Implications of ML to Help Deter Cyber-threats

Dr. Mark Russo January 27, 2023

CYBER DECEPTION: Impact to Cybersecurity and the Application of Machine Learning Tools

Donna Columbus January 15, 2023