GIOC Warns Financial Organizations on Mortgage Payoff Fraud
The housing market has been piping hot in some pockets of the country, and for those who aren’t taking on a new mortgage, many are jumping on the historically low interest rates to refinance their existing mortgage.
Taking on a jumbo loan is a major commitment; you wonder if you can afford the payments each month or worry about what happens if you fall ill or lose your job. But what many people don’t consider is the cybersecurity risks involved.
Mortgage payoff fraud is the topic of a recent alert from the Secret Service’s Global Investigative Operations Center. The Secret Service highlighted a sharp spike in fraud “targeting wire transfers related to real estate sales and mortgages.”
While mortgages are (legitimately) paid off annually by the millions, cybercriminals are spoofing real mortgage lenders, creating false or fictitious mortgage payoff statements, and sending them to title companies who are responsible for administering payment. The criminals change bank account information, and the title companies follow the given wiring instructions and send the cash to the scammers, not the lender, according to the Secret Service.
The alert from the USS offers some tips on how to prevent this type of fraud for financial organizations. Some of these tips* include:
- Update policies and procedures to ensure proper verification of information before releasing funds.
- Independently obtain mortgage payoff statements and confirm with verified and trusted sources.
- Independently verify the authenticity of information included in correspondence and statement.
- Do not rely on third-parties, such as mortgagors or other transaction participant, for information.
- Restrict wire transfers to known and previously verified accounts.
- Pay using checks when the information cannot be independently verified.
- Have a clear and detailed Incident Response Plan.
(*Tips courtesy of the USSS GIOC)
Have you found any instances of fraud or been a victim of a similar crime? Reach out to your USSS Cyber Fraud Task Force to report any incidents.