Send EMDs Electronically and Securely Now!

It's official - realtors and home buyers can NOW send earnest money deposits electronically and securely to Federal Title & Escrow Company with ZOCCAM!

This is a leading banking application for smart phones that deposits and transfers escrow money instantly, any time, day or night- from your pocket!

Simply take a picture of the front and back of your earnest money deposit check, select Federal Title & Escrow Company's escrow account, confirm the information to be accurate, then select send. The agent and home buyer will be immediately notified that the escrow money deposit was received.     

This is a game changer for agents and home buyers because it saves time, money, and is hassle free with just a simple click of an app on your smart phone. Oh and it's FREE, SAFE, and SECURE!

ZOCCAM doesn’t contain or hold any financial account information, and all content is encrypted and sent using state-of-the-art security techniques that ensure every client’s non-public personal information is protected. 

View this short ZOCCAM demonstration, download the app, and begin to use today! 

  • View the step-by-step instructions for agents here
  • View the step-by-step instructions for home buyers here

 

Wire fraudsters relentless in phishing attempts for down payments, seller proceeds

Wire fraudsters relentless in phishing attempts for down payments, seller proceeds

A very serious cyber threat continues to loom over the homebuying process, and hyper-vigilance is presently the only way homebuyers and sellers, as well as real estate professionals, can protect themselves.

The threat is wire fraudsters, who remain relentless in their efforts steal homebuyers’ down payment funds and sellers’ net proceeds and are becoming increasingly deft at defrauding title companies and consumers alike. We’ve encountered multiple scams in which criminals attempted to phish away down payments and net proceeds funds belonging to unsuspecting to consumers.

How do these wire fraud scheme work?

As far as we can tell, the fraudsters are gaining entry to the email accounts of unsuspecting real estate agents probably through some kind of malware attack.

Once the criminals have access to the agent’s account, they scan the inbox looking for information they can use to make their email scams sound more legit, in particular property addresses, closing dates and the title company that will handle the closing.

Next the scammers create a phony email account that looks almost identical to the agent’s legit email account that was hacked – perhaps an extra hyphen or dash is the only difference. With the acquired bait and the phony email account in place, the trap is set.

The would-be victim receives an innocuous email. She recognizes the sender’s name because she has been working with that agent the past few weeks or even months leading up to the closing. If she is not paying close attention, she may not notice the sender’s email address is only slightly different from previous exchanges.

That’s when the defrauding occurs. The victim executes the wire transfer request and the money is gone. Fraudsters are becoming so clever they even time the delivery of their fraudulent emails to coincide with the actual dates and times of closing.

Homebuyers’ down payment funds at risk

In this scenario, the real estate agent’s email account has been compromised and the fraudsters have learned the agent is working with homebuyers and in the final stages of helping them purchase the new property.

With intel in hand, the fraudsters will reach out to the homebuyers from the phony agent email address a day or so prior to closing. The fraudster’s email directs them to wire their down payment funds to the title company’s escrow account in preparation of their big day. In this scam, the “title company’s” bank account belongs to the fraudsters.

We recommend homebuyers verify over the phone the authenticity of any wire transfer instructions just to be on the safe side, because once funds are transferred to the wrong account and cleared out by the cyber-criminals, they are virtually impossible to recover.

Sellers’ proceeds from home sale at risk

This version of the scam targets title companies more directly than consumers, but it’s worth noting because it can lead to a delay in the delivery of proceeds to the seller who may be planning to use them on the purchase of another property.

Just last month our title company spotted two of these wire fraud attempts. We received emails purporting to be from the real estate agent representing the property seller and referencing a property that was scheduled to close at our office. It was a different agent for each case, which suggests the scam may be becoming more widespread.

In the phony email the agent asked for our help wiring funds to the seller’s bank account. In this case, obviously, the scam is that the “seller’s” bank account belongs to fraudsters. What’s not always so obvious, though, are the clues to alert the would-be victim of the fraud that is taking place.

Just as we advise homebuyers, we verify over the phone the authenticity of any wire transfer instructions just to be on the safe side because, again, once funds are transferred to the wrong account and cleared out by the cyber criminals, those funds are virtually impossible to recover.

Many title companies purchase cyber fraud insurance as added protection against increasingly sophisticated wire fraud attempts, including ours. But understanding how the scheme works help avoid the hassle of filing a cyber fraud insurance claim.

3 must-have apps for real estate agents who crave better cyber security

3 must-have apps for real estate agents who crave better cyber security

The threat cyber criminals pose to real estate agents – and specifically their inboxes – has come up in a lot of recent conversations within the real estate and title insurance world lately. Wire fraud scams have cost the industry millions, if not billions, over the past decade or so.

At Federal Title, we’ve received several phony emails supposedly from real estate agents, asking us to wire funds to a particular account. We’ve read about these scams happening in other parts of the country as well.

Our staff is trained to spot these fake emails. We also make phone calls to agents, lenders, buyers and sellers to ensure the funds are going where they are supposed to go because we take our clients' privacy and security very seriously.

But in the interest of cyber security for all, we can recommend a few apps that we think are essential for better inbox protection. These services are free to use and go a long way toward protecting sensitive information, such as the kind that is exchanged throughout the homebuying process.

ProtonMail

First and foremost, make sure you’re sending sensitive information through encrypted email. Most email by default is transmitted in the clear or encrypted after it is sent to the email provider’s server, which means it’s possible for emails to be intercepted. Sending emails over free and public WiFi networks, such as in a coffee shop, makes the contents of one’s emails particularly vulnerable.

When it comes to buying or selling homes, it’s necessary to report personal information such as social security numbers, salary history, alimony payments, wage garnishments, etc. Your real estate agent and lender as well as third parties like the title company are legally required to maintain confidentiality, but a rogue party like a cyber-criminal is not.

ProtonMail, a free and open-source end-to-end encrypted email service that was originally created for researchers at the European Organization for Nuclear Research (also known as CERN in Switzerland) offers a more secure solution. Available as a webmail client or via the iOS / Android app, ProtonMail allows the user to encrypt email contents and data before they are sent to the ProtonMail servers.

With the click of a button, a user can enable to the encryption feature on ProtonMail and set a password, which is then sent separately to the intended recipient(s). Without the password, the contents of the email would present as a series of jumbled characters rendering the email useless to a cyber-criminal.

Another cool feature of ProtonMail is that it allows the user to set an expiration time for the message so that the contents of the email become inaccessible after the pre-determined number of minutes, hours or days, whether someone has the correct password or not.

LastPass

Most IT professionals will usually advise their clients to create a unique password that contains upper- and lowercase letters, a number and a character. The password should also be double-digits in length – and it can’t be used for any other accounts! To make passwords even more interesting, some companies require their employees to change passwords every month or quarter – and it can’t be one that’s been used in the past six months!

Who has time to remember so many random sequences of letters, numbers and characters? It’s really no wonder that so many of us will still default to easy-to-remember phrases such as “Password123!” or passwords that can easily be socially engineered such as kids’ or spouse's names, or mother’s maiden name.

That’s where a password manager service like LastPass comes in quite handy. Essentially, it’s a digital lock box that protects all your unique passwords. With a service like LastPass, all you have to do is remember one difficult password. LastPass will automatically remember and fill in login credentials for every site in your lock box.

LastPass is certainly not the only password manager on the market, but it happens to be the service we like. Skeptics out there may be wondering what happens if a user’s LastPass master-password is cracked, or if a security breach occurs that compromises hundreds of passwords such as the security breach of LastPass in 2015?

That’s where two-factor authentication can really save the day.

Google Authenticator

We’ve talked about two-factor authentication before, a second layer of security that user must clear to gain access to an account. A user must configure two-factor authentication with an external device, usually a smart phone or a thumb drive. We like Google’s free Authenticator app.

Services like ProtonMail and LastPass both offer the option to configure the account with two-factor authentication, and we highly recommend our clients take that extra precaution to protect their encrypted email account and password manager service. (After all, if a cybercriminal gained access to either of those services, it would undermine the whole purpose of this post and likely cause all kinds of hassle.)

When two-factor authentication is enabled, upon logging in a user will either receive a text message containing a six-digit code to unlock the account or be prompted to enter a 6-digit code from her authenticator app. In either case, the code is randomly generated and changes every 30 seconds making it virtually impossible to crack with a brute force attack.

Many social platforms offer some version of two-factor authentication including Facebook, Twitter, LinkedIn, Gmail and Yahoo! Mail. For independent contractors who use TurboTax or Mint to manage their finances, Intuit also offers a two-factor authentication option for their suite of services.

What is two-factor authentication, and why is it important for your real estate business?

We’ve noticed an uptick in agent email addresses that have been compromised by cyber criminals with the intent of defrauding home buyers, sellers and title companies – and most agents are totally unaware when we tell them.

The emails we’ve received of late are generally inquiries about wire transfers of seller proceeds. The sender is hoping the recipient (in this particular scam, title companies) will fall for a request to wire funds to their “client’s” account. If the victim is duped and sends funds, the fraudsters will quickly clear the account making it virtually impossible to recover the funds.

Reports of wire fraud scams have come in from all over the country and have cost the industry millions, if not billions, of dollars over the past several years.

These emails inquiring about wire transfers don’t come from the agent’s legitimate email account either, which is why the agent is often unaware any cyber hacking has occurred. Instead, the emails come from phony email accounts that look almost identical to the agent’s legit email account that was hacked – perhaps an extra letter, hyphen or dash is the only difference.

By the time the title company receives one of these phony email inquiries, the real estate agent’s legitimate email account has already been compromised along with all the contents of the inbox. Information pertaining to upcoming closings, specific property addresses, names and email addresses of other parties in the transaction are all used to bait the wire-fraud trap.

Needless to say real estate professionals must do all they can to protect their inboxes and the interests of their buyers and sellers, and email accounts have proved a particularly vulnerable area for attack. That’s where 2-factor authentication comes in handy.

What is two-factor authentication?

Pretty much like it sounds, two-factor authentication creates a second layer of security that a user must clear to gain access to the account. A classic example is the ATM card. To take money out, the individual must know their pin code (password) AND be in possession of the bank card that’s linked with the account that matches their pin. Having one or the other is not enough.

Two-factor authentication works very similarly with email, and many major email providers such as Gmail and Yahoo! Mail offer the option. To configure, a user goes to account settings, ticks the box to enable two-factor authentication and enters her mobile phone number. There’s an option to receive a verification code by phone or text. Enter the verification code to configure two-factor authentication with that mobile device.

From then on, any time the user logs into her account she must also enter a unique code to gain entry. It might seem like a hassle, but it increases email security significantly.

Even if an individual’s username and password are compromised – maybe they accidentally downloaded malware from a spam email or used public, unsecured WiFi to access their email – the criminals cannot gain access unless they also possess the specific mobile device that was configured with the email account.

The two most common two-factor authentication methods rely on text messages and/or mobile applications to produce the code.

With text message, a user logs into her email account with username and password and then receives a text message on her phone that contains the unique six-digit code. Once she successfully enters the code at the email login, she unlocks the second layer of security and gains access to her account.

A second method is similar to the SMS approach but instead relies on a free smart phone app, such as Authenticator by Google, which produces a new six-digit code every 30 seconds. A user logs into her email account with username and password and then opens the app to obtain the unique six-digit that unlocks the account.

With both methods, the user must have knowledge of their username / password AND possess a specific device that’s configured with the email account. Knowledge of the username / password makes one factor, and possession of a specific device makes two factors.

How to change your chosen title company after you have a ratified sales contract

Most homebuyers know by now that it’s their legal right to choose their own title company and that shopping for title services is one of the most effective ways to reduce costs at the closing table.

(For those who haven’t heard this, read our content on Marketing Service Agreements and Affiliated Business Arrangements and see for yourself how these common deals jack up closing costs for consumers.)

But what happens if a homebuyer doesn’t learn about this important right until after her sales contract has been drafted, accepted and signed by all parties? And is it possible to change title companies once a title company has been designated in the contract and an earnest money deposit has been delivered to that designated title company?

The short answer is you can change your mind with the consent of the seller, through a simple addendum to the sales contract. View our a settlement agent-change sample addendum.

Once the addendum is completed and signed by all parties, the homebuyer can then use the new title company listed on the addendum.

Even if the earnest money deposit was already delivered, with the addendum in place, the new title company would simply reach out to the old title company holding the funds and arrange for a wire transfer. That’s it!

How might a homebuyer find herself in a situation where she wishes to change her company after all parties have signed a sales contract with a designated and undesired title company?

First and foremost, we encourage every homebuyer to get closing cost quotes from several local title companies and compare costs and online reputations to avoid this situation. We also remind homebuyers that title companies don’t necessarily include all the same services in their settlement fee. Sometimes additional services, i.e., document fees, processing fees, amount to hidden costs, so it’s important to ask what services are included and what extra costs may be charged.

And while it’s technically illegal for real estate agents to fill in the name of a preferred title company if their brokerage has a professional affiliation with that title company, the practice persists. In these cases, homebuyers may not realize until after they have a ratified sales contract that they could have chosen their own title company.

It’s important to ask your agent if his company has a professional affiliation with the title company he’s listed in your sales contract and what benefits or incentives the real estate agent or brokerage may be receiving by recommending that title company. Sometimes the answer is there is no affiliation; the agent is familiar with a certain company and recommends that company from the perspective of good service and pricing.

There’s nothing inherently wrong with an agent directing their client to use their favorite title company, except that it may lead a homebuyer to falsely believe she does not have a choice, or once a title company’s name is written into the contract and that contract is ratified, the decision is set in stone and the title company can’t be changed.

A homebuyer maintains a right to choose her own title company and also has the right to change her mind and choose a different title company.

This isn’t an invitation to change title companies several times prior to closing or to change for no good reason. Keep in mind any addendum to a ratified sales contract must be signed by all parties, including the sellers. You may risk delaying closing, annoying your sellers or even causing your deal to fall through by abusing your right to change title companies after you have a ratified sales contract.

We put this post together specifically to help those who learned after the fact they could have chosen their own title company and would like to exercise that right. Two primary reasons a homebuyer may choose to change title companies might be she’s found a title company that charges lower prices and/or provides better customer service than the company initially listed on the sales contract.

  • Ways to save at closing

    Title charges are the largest chunk of closing costs and can vary by hundreds of dollars.

    Learn more

  • What are closing costs?

    The real estate closing process involves loan steps, legal steps and title steps.

    Learn more

  • What's title insurance?

    Insure your legal ownership just like you'd insure the building, but for lots cheaper.

    Learn more

Connect with us


Our blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. Rate tables and figures that appear on our blog are deemed reliable but not guaranteed. For current rates & policies, refer to our Quick Quote and Consumer Guide. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on our blog.