More than 75 percent of title professionals don’t conduct simulated phishing tests, according to a survey conducted by ALTA’s Data & Analytics Work Group.
Additionally, only 11 percent of respondents conducted monthly testing and only 6 percent performed annual tests. Nearly 700 agents nationwide participated in the survey.
Phishing occurs when a scammer uses fraudulent emails, texts or copycat websites to get someone to share valuable personal information such as account numbers, Social Security numbers, login IDs or passwords. Scammers use this information to steal someone’s money or identity, or both. In real estate transactions, this is a precursor to what the FBI refers to as ‘business email compromise’ often resulting in wire transfer fraud. The FBI reported 11,300 people suffered losses of nearly $150 million due to wire fraud in 2018.
Scammers also use phishing emails to get access to computers and networks in order to install programs like ransomware that can lock important files on a computer.
Simulated phishing tests are orchestrated fake phishing emails sent by companies to their own employees to heighten employee awareness reduce the likelihood of an employee falling victim to an actual malicious attack. According to ALTA’s Data & Analytics Work Group, these tests measure a company’s vulnerability, and can present trends and offer some measure of improvement.
Phishing tests also can present a training opportunity for those employees that did not catch the phishing attempt and increases awareness regarding phishing. It should be noted that simulated phishing tests should complement any training strategy and not be used as a replacement for employee training. These tests can be adapted for the latest schemes.
Many vendors provide tools that integrate with email systems. These systems support linking an employee to rewards for finding the email, a training web page for those that missed it, and provide measurement and tracking. Several technology providers make free phishing testing available and links are provided on ALTA’s website. Many companies in ALTA’s Marketplace also provide information security services, including phishing testing. Additionally, the FCC offers cybersecurity tools for small businesses, including a phishing quiz.
Title professionals are encouraged to report all phishing attempts to the FBI at IC3.gov.
To learn more about internal processes and digital solutions to combat wire fraud, register for ALTA’s next compliance webinar.
This is the third survey developed by the Data & Analytics Work Group, which is comprised of agents and underwriters from the two section executive committees.
Copyright © 2004-2019 American Land Title Association. All rights reserved.
This article has been used and reprinted with the permission of The American Land Title Association. The material is for general information purposes only and is not to be relied upon or used for any particular purpose. Title Industry Assurance Company, RRG and The American Land Title Association shall not be held responsible in any way for, and specifically disclaims any liability arising out of or in any way connected to, reliance on or use of any of the information contained or referenced in this article. The information contained or referenced in this article is not intended to constitute and should not be considered legal or professional advice, nor shall it serve as a substitute for the recipient obtaining such advice.
Contact TIAC for Errors and Omissions coverage for title agents.