CYBERATTACKS targeting title and settlement companies remained the same or increased over the past year, according to a recent ALTA survey.

Results showed that 86% of respondents said the volume of cyberattacks either increased or remained the same last year when compared to 2020.

The survey of 569 title agents nationwide was conducted by ALTA’s Research & Analytics Work Group. It asked agents about their experience with cybercrime and wire fraud.

“Cyber incidents continue to evolve rapidly in number and sophistication,” said Diane Tomb, ALTA’s chief executive officer. “As criminals continue to modify their tactics and prey on unsuspecting consumers, the title and settlement industry continues to lead the charge in raising awareness about wire transfer fraud, educating their staff and implementing procedures to safeguard real estate funds.”

The survey showed 46% of respondents reported their employees receive at least one email per month attempting to change wire or payoff instructions.

While attacks remained elevated, the survey showed an overwhelmingly better recovery success in 2021 compared to the prior year’s survey. In 2020, 78% of respondents did not recover any diverted funds. According to the 2022 survey, 94% reported some amount of recovery and 17% recovered all of the diverted funds in 2021.

“This is a testament to the processes and procedures followed by title and settlement companies, along with coordinated efforts by financial institutions and law enforcement, to improve the odds of recovering funds,” Tomb said. “Continually working with our partners involved in the real estate transaction, along with government officials, we must continue to educate homebuyers about how they can protect their money when purchasing a home or refinancing a mortgage, so they continue to trust and have confidence in our digital world.”

ALTA’s advocacy team recently secured a win on the crucial legislative priority of wire fraud in real estate. Report language ALTA requested was included in the 2022 Omnibus Appropriations Bill, which was recently passed by Congress and signed into law. This language directs the FBI to release a public report on the threat of business email compromise (BEC) scams and to increase collaboration with industry and other private sector partners.

Cyber Losses Hit $6.9B in 2021
ALTA continues to advocate for greater awareness because of the mounting cyber losses as U.S. consumers lost $6.9 billion to internet crime in 2021, according to the latest report from the FBI’s Internet Crime Complaint Center (IC3).

The FBI received 847,376 cybercrime complaints in 2021, an increase of 7% from the year before. That amounts to one complaint every 37 seconds. Losses relating to BEC and email account compromise (EAC) increased by 33% over the previous year, with the per-incident loss jumping from $92,932 in 2020 to $120,277 in 2021. BEC and EAC scams accounted for nearly 35% of all losses reported to the IC3 in 2021. Real estate/rental cybercrime losses reached $350 million in 2021, up from $213 million in losses in 2020. The number of victims, however, decreased to 11,578 in 2021 from 13,638 in 2020.

“Companies in the title and settlement industry continue to follow policies and procedures to help safeguard real estate funds,” Tomb said. “Unfortunately, cyber criminals continue to get smarter and are focused on larger amounts to divert to fraudulent accounts. Homebuyers paying cash for properties may have a higher risk of being tricked into sending funds to fraudulent accounts.”

With the median price of a home in the U.S. now exceeding $350,000, according to the National Association of Realtors, cash buyers are wiring large sums of money to title and escrow companies for closing. Cyber perpetrators are aware of these market dynamics and are deploying scams to trick home buyers into wiring closing funds to fraudulent accounts.

“We are eager to continue working with federal agencies on this issue and help the title insurance industry deal with the onslaught of these scams that harm consumers,” Tomb said. “These efforts build on ALTA’s strategic priority to address threats to our customers’ privacy and investment.”

Cybercrime was reported across all age groups but victims over the age of 40 accounted for 74% of reported losses. As the real estate sector was hit hard by BEC and EAC scams last year, victims between the ages of 20 and 29 reported losses that were 118% higher than the prior year—the greatest increase of all age groups tracked in the report. This cohort accounts for a large portion of first-time homebuyers and work-from-home employees, which may account for the sharp year-over-year increase.

A low inventory level for existing homes has created one of the tightest housing markets in U.S. history, which adds stress to buyers seeking to enter the market.

By the end of the process, buyers are often fatigued and exhausted, making them more susceptible to falling victim to wire fraud as they are asked to send money for their closing. Education, awareness and securely exchanging wiring instructions can help lower the wire fraud risk.

“Buyers are under tremendous pressure to present the most competitive offer possible, or they face losing the opportunity to secure a home,” said Tom Cronkright, executive chairman of CertifID. “This has resulted in more buyers paying cash for properties, which places their closing funds at risk of being stolen by wire fraud scams.”

Reports of cryptocurrency being used in cyberrelated crime increased by nearly 550% as reported losses climbed from $246 million in 2020 to $1.6 billion in 2021. Cryptocurrency is becoming the preferred method of payment for all types of cyber scams according to the report.

Ransomware experienced another sharp increase in reported losses, which totaled $49.2 million – a 69% increase over 2020. The three most common ransomware variants that targeted critical infrastructure companies were CONTI, LockBit and REvil/Sodinokibi according to the FBI.

“These cyberattacks compromised businesses in an extensive array of business sectors as well as the American public,” said Paul Abbatte, deputy director of the FBI. “As the cyber threat evolves and becomes increasingly intertwined with traditional foreign intelligence threats and emerging technologies, the FBI continues to leverage our unique authorities and partnerships to impose risks and consequences on our nation’s cyber adversaries.”

Resources and Tools to Help Protect Your Company
ALTA Cybersecurity Incident Response Plan
ALTA Outgoing Wire Preparation Checklist
ALTA Rapid Response Plan for Wire Fraud Incidents
Video: How To Complete an IC3 Report
ALTA Wire Fraud Video
ALTA Wire Fraud Infographic
How to Respond to Cybersecurity Incidents
Earlier this year, ALTA created a Cybersecurity Incident Response Plan template to help member companies develop a structured strategy to prepare for, identify, respond and recover from cybersecurity incidents.

ALTA’s Information Security Work Group developed the template based on an approach by the National Institute of Standards and Technology (NIST), which has established guidelines to help companies implement strategies to safeguard against cyber threats.

“The Cybersecurity Incident Response Plan template is intended to be a high-level starting point for title agents at any level of IT knowledge and sophistication,” said Genady Vishnevetsky, chair of ALTA’s Information Security Work Group and CISO for Stewart Title. “As cyberattacks have become more inevitable, it’s essential for businesses of any size to build a secure, vigilant and resilient environment.”

The template provides information on how to

Prepare for an incident.
Detect and analyze an incident.
Contain, eradicate and recover from an incident.
Assess lessons learned.
Complete any post-event activity.
“We want our member companies to be as prepared as possible as cyber incidents continue to evolve rapidly in number and sophistication,” Tomb said. “Preparing for the inevitable threats involves more than preparing to react. It involves the ability to respond effectively and recover thoroughly. We want to provide the necessary tools to help in the battle against cybercrime.”

Industry Efforts to Thwart Fraud
In an effort to help combat wire fraud, SoftPro released a new application for sending and receiving wire transfers from within its closing and title platform. With SoftPro Banking, users can manage wire transfers from a network of integrated banks from across the U.S. The feature enables wires to come into the appropriate ledger. The platform also allows for the initiation of wire transactions directly from SoftPro Select and, upon appropriate internal approvals, have those requests securely sent to the participating banks for processing.

“The security and integrity of funds is paramount to every real estate transaction, and SoftPro Banking streamlines the processing of both incoming and outgoing wire transfers for our customers,” said Patrick Hempen, SoftPro chief customer officer. “Having those funds tied directly to associated trust accounts maintains an audit trail while securely receipting and disbursing funds to and from integrated lenders.”

With SoftPro Banking, a user can search incoming wires by numerous fields including the trust account, received date, amount, status, federal reference number, ledger ID and originating bank. Users can search outgoing wires by trust account, last modified date, ledger ID, amount and status where they can then perform actions such as approving or rejecting transactions. SoftPro Banking’s security permissions allow for the designation of specific users as “approvers” for outgoing wires in addition to approval limits for those designated approvers.

In addition, SoftPro this year introduced a cybersecurity solution for title companies that provides continuous security monitoring that detects attackers. SoftPro Protect powered by QOMPLX includes managed detection and response (MDR) services that provide firms with real-time threat detection, investigation, response, prevention and reporting from both cybersecurity tools and security operations experts. Additionally, SoftPro Protect performs external scans to assess and analyze security vulnerabilities to prioritize risk remediation and response. The solution’s virtual chief information security office advisory services provide peace of mind to organizations with or without a full-time CTO or CIO.

CertifID also unveiled a new technology solution to help title and escrow professionals prevent property loan payoffs from being sent to fraudulent accounts.

The new PayoffProtect solution uses machine learning to automate and standardize the mortgage payoff demand letter verification process. In more than 95% of cases, the company’s validation engine software authenticates loan payoff wiring instructions.

PayoffProtect is designed in response to customer feedback about an unaddressed area of vulnerability for real estate wire transfers. The problem PayoffProtect addresses is the sharp increase in fraud surrounding wire transfers made from title companies to lenders in connection with mortgage payoffs. These scams involve fraudsters impersonating the mortgage lender as part of a real estate closing, in hopes of having the payoff wire transfer redirected to the fraudsters’ bank account.

“We’ve helped recover nearly $50 million in loan payoff fraud, and now we have the solution to prevent it,” said Tyler Adams, CEO of CertifID. “For large sum loans such as mortgages, payoff wiring instructions verification has remained a laborious and vulnerable process.”

PayoffProtect is coming out of a beta period in which it’s already being used with great success by customers including Knight Barry Title, Continental Title Company and Bluegrass Land Title. Before PayoffProtect, these companies manually completed mortgage payoff demand letter statements, and then make phone calls to confirm bank wiring information and ensure insurance compliance before sending a loan payoff wire transfer.

“Verification by phone is frustrating, time-consuming and oftentimes comes to a dead end,” said Rachel Petrach, chief closing and compliance officer at Knight Barry Title. “PayoffProtect allows us to feel comfortable, allows us to sleep better at night, and hopefully reduces a bit of the gray tint in my hair.”

Jessica Tweedy, accounting controller at Continental Title Co., added, “I absolutely love PayoffProtect. It’s the easiest product that’s come about. I have my whole week done in a matter of minutes.”

PayoffProtect is integrated with many title production software systems.

According to CertifID, the first step to use the software is the only one that requires manual work from the end user. The user inputs the loan details and wiring instructions. After that, PayoffProtect takes over.

After entering the data, the user will receive a “CertifID” status. The CertifID team performs a proprietary investigation and resolution process as needed. Once “CertifID” status is achieved, PayoffProtect provides a valid and safe payoff instructions confirmation form that title companies are using as their new required standard operating procedure to eliminate the risk of mistakes in their process.

“We will not send a payoff without PayoffProtect,” said Bryan Brown, accounting controller at Bluegrass Land Title.

Meanwhile, ClosingLock recently partnered with Old Republic Title Insurance Group and Westcor Land Title Insurance Co. to help the underwriters’ agents combat wire fraud. The partnerships allows the underwriters to offer ClosingLock to their agents, helping protect them from wire fraud and improve the closing experience.

“It’s easy to empathize with someone who has lost their life savings and new home because of wire fraud,” added Scott Chandler, COO of Westcor. “That’s why Westcor is so passionate about protecting consumers and safeguarding our agents, and why we’re being proactive and partnering with ClosingLock.”, a white-label SaaS platform that allows parties to collect earnest money as well as transfer and disburse funds for real estate transactions, integrated with First American Title Insurance Co.’s PRISM digital platform for title agents.

The application is designed to eliminate the need for paper checks and defend against wire fraud. The integration with the PRISM platform enables both title and real estate agents to request and receive earnest money and cash-to-close funds from homebuyers once a buyer estimate is prepared. By allowing title and real estate agents to trigger funding requests within the same platform, the PRISM platform helps enhance the efficiency of the settlement process.

“With the continuous adoption of technology in our world, the natural progression of real estate transactions has also evolved to become more digital and secure. This progression includes the elimination of paper checks,” said Perla Aparicio, vice president of strategic partnerships at “In addition to helping to prevent wire fraud, the use of electronic disbursement shaves time and cost from the settlement process, which benefits borrowers, mortgage lenders, real estate agents, and title and settlement professionals.”