Mortgage Mayhem
Lessons Learned about ongoing hacking challenges in the real estate market
I recently moved across the country. Being a good parent, I decided I should update my will for the laws in my new state. During the discussion with the lawyer, he asked what I do. And the following conversation opening my eyes. And prompted me to do a bit of research.
Side note: one thing I love about this field is that you ALWAYS have something new to learn.
I suppose I was used to my “sector” and it did not occur to me how sophisticated hackers had become and how intelligent their targeting methods in all arenas. The lawyer told me about the new training requirements he must adhere to every year (involving IT and cybersecurity). And a few other scary and interesting things about the evolution of hacking, specifically related to our mortgages.
Now, we all know the importance of encryption when it comes to data confidentiality. But a study within the last 5 years revealed that mortgage companies are sending data unencrypted. “A study from Halock, a cybersecurity firm that looked at the security practices of 63 U.S. mortgage lenders. More than 45 of those lenders permitted applicants to send personal and financial information, such as W-2 forms and tax returns, over unencrypted email. About one-eighth of the lenders offered a secure email portal.” (Estrin, 2014)
But wait… there’s more!
Did you know that mortgage agreement processes differ from state to state? In the state that I came from, it was mainly paper-based. When I moved across country suddenly, I was getting emails to login and sign “e-docs.” These new processes are now being targeted by hackers. Both individuals signing these docs and employees in mortgage companies are being sent phishing attacks designed to get sensitive information, which hackers can build on to target customers, the mortgage/lending companies or even real estate companies.
“All of this data collecting leads to their final plan: sending you an email from a legitimate address that either con you into sending a down payment on a new home or your monthly mortgage payments to a fraudulent account. The terrible blow about this scam is once any money is wired; getting it back is highly unlikely.” (Archambault, 2018)
The bottom line here is that all of us need to be more vigilant about our own information and how securely companies are protecting it. Even those in the field, may not be aware of what’s happen in other areas – but we stand a lot to lose if we don’t pay attention and learn what to be concerned about.
References
Archambault, M. (2018). Hackers Target Homeowners or Potential Buyers With Mortgage Scheme. Retrieved from: https://www.psafe.com/en/blog/hackers-target-homeowners-or-potential-buyers-with-mortgage-scheme/
Estrin, M. (2014). Protect your mortgage data from hackers. Retrieved from: https://www.bankrate.com/finance/mortgages/protect-your-mortgage-data-from-hackers.aspx
Dr. Susan Cole is a 2008 graduate of the University of Fairfax with a PhD in Information Assurance (Cybersecurity). She received her MBA from Salem International University (2007), her MA from American University in International Politics (1995), a BA from Wilson College in Foreign Languages (1994) and an AA in Mandarin Chinese (1997). For her PhD, she studied what influences the decision making process for IT and Cybersecurity managers in their recommendations to adopt and implement new security technology in their organizations. The specific technology she researched was Biometrics. She has achieved and maintains certification as both a Certified Information System Security Professional (CISSP) and a Certified Ethical Hacker (CEH). She also obtained her Certificate of Cloud Security Knowledge (CCSK). She’s held numerous positions from Cybersecurity Policy writer for an enterprise to a member of an Incident Response Team. Much of her career has focused on certification and accreditation (C&A) activities, now assessment and authorization (A&A) under NIST’s Risk Management Framework. She provided consulting support to small companies and now works as an Information System Security Officer (ISSO). Dr. Cole has been teaching since 2012 and has been involved with Colorado Technical University (CTU), Concordia University, Baker College, University of Maryland (UMUC), and Thomas Edison State University (TESU).
