WEST, a Williston Financial Group Company committed to improving the entire residential real estate and mortgage transaction for all participants, has launched a new cybersecurity service for real estate agents, lenders, title agents and other settlement service providers to protect them against email fraud and provide real-time updates regarding potential risks.
The industry’s only cybersecurity helpdesk service, WESTprotect.com offers free sign-up for fraud alert warnings and access to an extensive library of in-depth articles and reports, the 411 blog, as well as “WESTprotect 411,” the company’s unique email-analysis subscription service that analyzes suspicious emails and reports back within one hour. WESTprotect subscribers will also have access to cybersecurity training and phishing simulators that are customized for each real estate, mortgage or title company, something that previously would be prohibitively expensive for offices with less than 50 employees.
Monthly pricing for WESTprotect 411 begins at less than $10 per user, with Lure or Protect U available as add-on services for less than $2 per month.
Even before the pandemic forced a majority of financial industry employees to work from home and connect using their vulnerable home Internet connections, criminal email fraud activity was increasing rapidly. In fact, in May 2020 the FBI announced that reports of fraudulent Internet activity on its IC3.gov website had quadrupled from 1,000 a day since stay-at-home orders went into effect. The FBI estimates that this number may be only 40 percent of all fraud attempts, which puts potential daily fraud activity as high as 10,000 incidents.
Based on discussions he’s had within the industry, WEST’s Senior Vice President and Chief Information Security Officer Bruce Phillips believes that attempts at wire fraud are actually up six-fold and, more importantly, “the perpetrators’ success rate has doubled.”
Fraud losses were $1.9 billion in 2019
“There are reasons why we’re seeing this increase and why the risks are so much higher in our industry,” Phillips says. “Wire fraud is the biggest threat to mortgage and real estate companies because they can lose the most money in the shortest amount of time.”
The average wire fraud transaction amount is currently between $140,000 and $160,000 and in 2019 alone, $1.9 billion was lost to various forms of business email compromise.
Wire fraud and other malicious email activity such as ransomware is ultimately less a technology issue and more a social engineering exercise, Phillips explains. There are no network plug-ins, antivirus software, or firewalls to solve the problem.
“The criminals’ targets are really people,” he says.
According to Phillips there are three ingredients criminals need to get individuals to unwittingly participate in successful wire fraud: a sudden change; a sense of urgency; and a potential positive or negative consequence.
“The pandemic has provided sudden change in virtually everyone’s life, and a sense of urgency is inherent in every real estate transaction or loan application, even given 30, 60 or 90 day escrows,” he says. “The only ingredient needed is the third one: consequence. A negative consequence might come in an email appearingto be from a buyer’s escrow company and warning of problems with the escrow account. ‘We need to change escrow accounts if we want to close on schedule, so send the money to this new account.’
“Under the gun,” he continues, “a buyer may quickly do that, trusting the hijacked email address is valid, and forever lose hundreds of thousands of dollars.”
A positive consequence might also come from an apparently trustworthy address, alerting the buyer that the end of a month is especially busy and, if they’ll wire the money immediately, they’ll avoid the crunch and the escrow officer will take $100 off the closing fees. Unfortunately, it’s not the escrow officer actually sending this malicious email.
WESTprotect: Awareness is the best defense
WFG launched WESTprotect four years ago, when WFG Chairman and Founder Patrick F. Stone asked Phillips to create an in-house cybersecurity system to shield WFG National Title Insurance Company agencies, who were increasingly coming under attacks, from mail fraud and other malicious Internet activity.
During that time Phillips’ team has answered more than 80,000 cyber questions, conducted nearly that many phishing simulations, held more than 170,000 employee-training sessions, and been responsible for averting more than $19.6 million in wire fraud. Now, with the launch of the WESTprotect website this month, any independent real estate or title agent, lender or escrow officer in any size office anywhere in the United States has access to the services and information created by Phillips and his team for WFG.
“The core is WESTprotect 411, the only cybersecurity helpdesk available,” Phillips says. “When a WESTprotect customer gets any suspicious email, they can forward it to us for review and we’ll get back within an hour to confirm it is malicious or clear it as harmless. In the case of a malicious email, which is the case with 90 percent of the emails we receive, we ask if they clicked on the link and, whether they did or not, tell them what should they should do with it.”