How Fraudsters Target Mortgages

Compromised credentials and phishing are the most common methods of cyberattacks, Cunningham said. “And these are so prevalent that it’s a daily, hourly thing.”

Phishing, or forwarding emails designed to look like they come from reputable companies in order to steal victims’ personal data – as well as the equivalent of SMS smishing – is a point of common entry leading to theft of personal information. Once fraudsters can obtain personal identifying information, that person’s contacts are also immediately at risk.

“When they infiltrate a victim, they record everything that happens in their browser,” said Oleg Kolesnikov, vice president of research and threat detection at Securonix, the security analytics platform and operations management.

“The browser contains special session-related cookies. So they could impersonate the person browsing to their bank or mortgage lender. Then, after that, they basically leverage those to apply for mortgages and they can, as part of that, impersonate the user’s browser.

The consequences of the initial breach can usually lead to wire fraud, a trend that Todd Keller, information security manager at Cherry Creek Mortgage, has seen rise in recent years. But it also opens the door to possibly more serious results, including ransomware attacks.

“The bad guys gain access to your system, and then once they have a foothold in the network, they move laterally,” Keller said. “They start owning other systems, finding out what’s going on on the network. Where is the data? Where are the crown jewels? How can I get this out? »

The mortgage industry is particularly vulnerable to infiltration due to the common use of email for business.

“Email continues to be ubiquitous in the mortgage industry for loan transactions,” Keller said. “So you’re working with a lot of third parties – whether it’s titles, real estate, the borrower themselves – and a lot of that loan detail information will be communicated via email. Then the bad guys realize that, and he’s an easy target.

Source link

Steven L. Nielsen