More than 75 percent of title professionals don’t conduct simulated phishing tests, according to a survey conducted by ALTA’s Data & Analytics Work Group.
Additionally, only 11 percent of respondents conducted monthly testing and only 6 percent performed annual tests. Nearly 700 agents nationwide participated in the survey.
Phishing occurs when a scammer uses fraudulent emails, texts or copycat websites to get someone to share valuable personal information such as account numbers, Social Security numbers, login IDs or passwords. Scammers use this information to steal someone’s money or identity, or both. In real estate transactions, this is a precursor to what the FBI refers to as ‘business email compromise’ often resulting in wire transfer fraud. The FBI reported 11,300 people suffered losses of nearly $150 million due to wire fraud in 2018.
Scammers also use phishing emails to get access to computers and networks in order to install programs like ransomware that can lock important files on a computer.
Simulated phishing tests are orchestrated fake phishing emails sent by companies to their own employees to heighten employee awareness reduce the likelihood of an employee falling victim to an actual malicious attack. According to ALTA’s Data & Analytics Work Group, these tests measure a company’s vulnerability, and can present trends and offer some measure of improvement.
Phishing tests also can present a training opportunity for those employees that did not catch the phishing attempt and increases awareness regarding phishing. It should be noted that simulated phishing tests should complement any training strategy and not be used as a replacement for employee training. These tests can be adapted for the latest schemes.
Many vendors provide tools that integrate with email systems. These systems support linking an employee to rewards for finding the email, a training web page for those that missed it, and provide measurement and tracking. Several technology providers make free phishing testing available and links are provided on ALTA’s website. Many companies in ALTA’s Marketplace also provide information security services, including phishing testing. Additionally, the FCC offers cybersecurity tools for small businesses, including a phishing quiz.
Title professionals are encouraged to report all phishing attempts to the FBI at IC3.gov.
To learn more about internal processes and digital solutions to combat wire fraud, register for ALTA’s next compliance webinar.
This is the third survey developed by the Data & Analytics Work Group, which is comprised of agents and underwriters from the two section executive committees.