In the past few months title agents have had hundreds of thousands of dollars illegally wired from their escrow accounts due to a not so new form of cyber crime-Botnet. There are many forms of Botnet. Commercial banking is a target too large for criminals to ignore, and they are stealing hundreds of millions of dollars in schemes that attack online banking computers. The title agent is a prime target. It is a pervasive problem that is proliferating. A Botnet is a malicious software (malware) that can steal information, and among other things be used to wire funds from your escrow account! The primary culprit for the title agent is the ZeuS Botnet. The ZeuS Botnet is commercially available over the internet and may be “purchased” for as little as $3,000.00. The latest version of this cybercrime toolkit, which starts at about $3,000, offers a $10,000 module that can let attackers completely take control of a compromised PC. For the title agent, the hacker uses ZeuS to steal financial credentials and initiate fraudulent transactions primarily in the agent’s online banking portal. The hacker also can access automated clearing house (ACH) networks and payroll systems. Zeus is a very sophisticated Botnet variant. that spreads by concealing itself in many formats (email, drive-by downloads and open Internet Browsers). ZeuS and other Botnet variants have taken over hundreds of thousands of desktops and sometimes servers. Your typical spyware and antivirus programs will not necessary protect you. More often than not the Botnet remains undetected. Once the ZeuS Botnet has infected your computer, it sends instructions to the criminal(s) waiting to access your account using the collected credentials. Cyber-criminals masquerade as the agent to execute wire transfers to on/off-shore banks. Even the use of an RSA* token will not prevent a successful Cyber attack! (*An RSA token is a random number generator that is used to reduce wire fraud). Once the money has moved offshore the likelihood of recovery is nil.
I have spoken with agents that have recently lost money from their escrow accounts due to the ZeuS Botnet. There has been one common factor for each of the agents experiencing the fraudulent wire. They did not use dual controls and best practices for initiating wire transfers. This problem is especially prevalent in small agencies. I have surveyed small agents at recent NS3, ALTA and VLTA meetings. A very large percentage of them only use single wire controls because: a) They would never steal from their escrow account! or b) It is a “real imposition” for them to use dual controls. They really do not fully appreciate the magnitude of the problem. It is really a bigger imposition to lose $200,000 or more. They must at a minimum adopt the best practices (Best Practices) in order to “harden” their on-line banking process. There are also other products that are available today to combat the Zeus Botnet and other malware (IronKey). Traditional anti-virus products do not afford foolproof protection!
RECENT INCIDENTS
In April a Missouri Agent lost $400,000. A post mortem with the company disclosed that they were only using a single individual for the online bank wiring process. Had it not been for RynohLive, their Escrow account would have been drained. They lost $400,000. Rynoh was only able to alert the agent after the fact. A wire transfer is instantaneous. For the Missouri Agent, they were able to notify the bank before the Zeus Botnet came back the next day to further drain the account. RynohLive’s alert prevented a subsequent loss in excess of $800,000.
From speaking at length with a Virginia agent after a very recent $200,000 loss, what was most telling was that the agent was using an RSA token! The ZeuS Botnet still got into their online banking system and sent the money. But then again that is what it does. When I had asked if they were using dual controls, the response was in the affirmative. It was their understanding that the token was the ”second or dual control” in the process, and that that they were protected! Sadly that was not the case. Dual control is two separate individuals from separate computers. What really was required was that second individual with another token and computer, and while that is significantly more secure it is by no means entirely fool proof. That distinction should have been explained to him by his banker. Additionally, the agent was “locked” out of their account during the several days that the cyber attack was occurring!
DON’T JOIN THE GROWING LIST OF VICTIMS
Richard M. Reass
President