Several paths led me to a blog on this topic. I have a friend and a close relative who are currently going through a home loan process. In addition, in a work-related project, I have been researching mortgage fraud and real estate scams. Statistics reveal about 1% of loan applications contained an element of fraud, and it has been on a general upward trend for the last decade.
What are some of the more profitable and effective scams? (Profitable and effective for the bad guy.) Email phishing for money wires or request for sensitive information and documentation, predatory loan refinancing, home remodeling and home flipping scams, foreclosure relief scams, rental scams requiring security deposits, etc.
Many of these scams start out from a phishing email. Email impersonating a realtor asking a client to send in the money for an inspection or deposit. Email impersonating a loan officer requesting sensitive information and documents from a client. Phishing email to a home renter who is on a wait list for a home or apartment, requesting for a security deposit.
MicroSolved has persistently made an issue of email use security. Corporations and organizations may have technology on their side, spam and phishing filters, encryption, anti-malware protection, etc.
But end users, with their own personal email often don’t have these protections. Gmail, Yahoo, Hotmail and other email service providers do provide very effective email security controls but often, these features must be enabled and set up, such as for encryption and digital signing. For example, within the corporate email system, all staff members and their vendors may have security certificates so that they can exchange encrypted email messages between each other.
With end user personal email, in order to exchange encrypted email with various recipients, it can be tedious to setup email encryption and obtain and exchange security certificates. There are mail encryption services that an email sender can use to encrypt their message. But that is a couple extra steps that many will be reluctant or hesitant to take. Furthermore, many are unwilling to go through a third party to pass on their encrypted data over a shared cloud service.
When I refinanced several years ago, the loan officer at the bank had requested some documents from me. I expressed my hesitancy in sending those over, but eventually did, after getting her to promise that she will immediately delete my attachments permanently. But that shouldn’t be part of a security plan, faith.
But it all still goes back to breaking the phishing chain. And we cannot over emphasize, over advise, over blog on. Check that who you are responding to is indeed who they are. Verify the email address. Validate through another media, call them over the phone to confirm they emailed you asking for your last year’s tax returns. Do not click on email links. Verify the link before you click on it. Or navigate to the website directly through your browser.
Go fish, folks. But don’t get phished.