Cyber-attacks on mortgage professionals on the rise during COVID-19

Employees new to the concept of working remotely have become prime targets for cyber criminals

Cyber-attacks on mortgage professionals on the rise during COVID-19

When COVID-19 slammed into the US like a meteor, one corner of life most reshaped by the resulting shockwaves is how we work. Millions of Americans are now working from home for the first time in their lives.

As critical as remote work has been to keeping countless businesses alive during the COVID-19 pandemic, it has also proven to be a boon for cyber criminals, who are taking advantage of remote workers’ naiveté and distance from their secure office environments to unleash an unrelenting wave of phishing, email and even telephone scams.

According to the Federal Trade Commission, over 18,000 fraud reports have been made related to COVID-19 since January 1. Over $13 million has been lost to fraudsters.

“Smaller organizations don’t have all the tools and they don’t have the knowledge, so they don’t know they’re now a target,” says Bruce Phillips, senior vice president and chief information security officer at WEST. “They don’t realize these tactics exist.”

Having an awareness of the kinds of cyber scams that are currently bilking Americans out of millions is critical knowledge for mortgage professionals who want to keep their clients vigilant and secure while also protecting their own firms.

Scams likely to target clients

Scott Herman, CEO of IDIQ, says many scams have been built off the back of the government stimulus money many Americans are still waiting to receive. Hermann says people are calling random victims and pretending to be with the IRS, the government or even one of the country’s biggest banks in an attempt to glean their personal data. These types of scams can be especially effective with the elderly, who often don’t know to be suspicious of such behavior. 

“When people make these calls, a lot of the time it’s a shot in the dark,” Hermann says. “They don’t even know if that person’s gotten their check or not. But if you call enough people, you’re going to find 20 who deal with the bank you’re pretending to be.”

Hermann says an inordinate number of first responders, nurses and military personnel, exhausted and distracted by their overwhelming COVID-19 duties, have also fallen victim to these ploys.

As millions of American filed unemployment insurance claims in recent weeks, Hermann says unemployment benefit scams, where identity thieves sneak in and apply for the victim’s benefits, have seen a resurgence.

“If they have the information from previous data breaches or scams, they’re using that information for the first time to go after the person’s unemployment benefits,” he says.

Scams mortgage professionals may fall prey to

While the scams mentioned above may seem transparent and obvious to the more hardened mortgage professionals among us, there are other areas where a lack of awareness can lead to serious consequences for both themselves and their companies: phishing scams and a lack of wi-fi insecurity.

Phishing scams, where cyber criminals mask themselves behind innocent-looking emails, are sadly still highly effective.

“Google says they’re blocking about 18 million of these types of emails a day, and I’m sure there are untold millions more getting through,” says Hermann. “People are falling more victim to them now because they can’t just walk to the office of the person next door and say, ‘Hey, what’s going on here?’”

Phillips says many mortgage professionals still regularly don’t know what to look for when asked to identify a phishing attempt. Too many are looking for clues like unusual grammar rather than the true tell-tale signs, like sketchy email addresses hiding behind graphics and seemingly safe links.

“We’ve seen a four- to six-fold increase in malicious email attacks,” he says, adding that 95 percent of the emails his clients have flagged as potentially suspicious have proven to be so.

Hermann says the companies who put more focus on education, tools and awareness are the ones who tend to stay more secure. Those who don’t do so at their own peril.

Another major area of concern is Wi-Fi security. With so much sensitive information now being accessed through personal internet connections, the potential for sensitive material to be stolen or compromised that would normally be under the protection of a business’ more robust cyber security infrastructure has increased exponentially.

“I think, for months to come, we’re going to see a huge increase in reported data breaches,” he says. “And I don’t think we’re going to hear about this problem for a while.” He recommends employees working at home use a virtual private network and ensure the passwords they use for personal websites are different from those they use for company business.

The damage that can be done to a mortgage business when an employee lets his cyber guard down is considerable. Losing the proceeds of a sale is a distinctly horrid possibility.

“If attackers can get you to redirect the wire to fund that mortgage, you’re going to lose that money and they’re going to have a good day,” Phillips says. “The odds of getting that money back are very low.” Ransomware attacks can also target a business’ bank account. By encrypting every file on every computer in a network, criminals can hold them hostage and charge exorbitant amounts in ransom.

Whether its ransomware, phishing attacks or any other kind of online fraud, dealing with cyber criminals is a lot like dealing with cockroaches: The only real defence is to keep them out in the first place. Because once they’re in, getting rid of them can get pretty ugly.