IT administrators can protect their email systems.
Down payment wire fraud affects borrowers and mortgage companies across the country. This scam, aimed specifically at homebuyers, tricks people into sending money to a fraudulent offshore account. CNBC explains that it works because the transfer request comes disguised as the email account of the actual real estate broker working with the homebuyer. The scam relies on the eagerness of the first-time homebuyer and the confusion surrounding closing day, which for most people represents the single largest monetary payment of their lives. When everything about the home buying experience is new, borrowers are unlikely to notice the fake “broker” has requested the down payment money be sent to a new account.
Unfortunately, customers who fall victim to these attacks rarely report it because once the transaction goes through, the money is nearly impossible to recover. Brokers face a double whammy: an email data breach and a homebuyer who is now unable to afford the house. To protect your cybersecurity, increase safeguard your email system so that scammers can’t gain access or fool your customers. Here are 5 safety precautions that mortgage companies using Office 365 Mail can take to avoid this scam.
- Put the Lockdown on Forwarding Rules
When scam artists hack a broker’s email account, they often create rules that forward emails out of the company system and into their own in box. This way, they can communicate with the buyer. They do this by creating forwarding rules in Outlook using keywords such as contract, wire, routing number etc. Office 365 administrators can prevent users from implementing these rules by first creating a universal rule to disable auto-forwarding in the system. Specific exceptions can be made, but this makes it nearly impossible for scammers to do their dirty work even if they have gained access to an account.
- Activate Outbound Spam Notifications
When an email account is compromised hackers will often use the account to send out hundreds of emails using a broker’s contact list. This is usually an attempt to steal passwords from people the broker had correspondence within the past. You can watch for outbound spam and review suspicious cases by create a rule that will automatically send your designated security officer an email notification if one of your user’s accounts shows signs of excessive spamming.
When a significant amount of spam is originating from a particular user, the user is disabled from sending email messages. The administrator for the domain will also be informed that outbound messages are blocked for this user. This dual-level security measure makes it easy to catch when a hacker attempts a data phishing scam so it can be shut down quickly.
- Utilize Mailbox Auditing
By default, mailbox auditing is turned off in Office 365. Mailbox auditing allows you to view logs for each user that has accessed a mailbox in your Office 365 tenancy. This cybersecurity tool gives you the power to review mailbox activity if you suspect a user account may have been hacked. It also provides a trail of evidence so that customers who have been compromised can be alerted and your mortgage company can carry out an effective security cleanup.
- Limit Administrators to Limit Weak Spots
System administrators are the main target of scammers. If administrator accounts are compromised, critical devices and data are open to attacks. Mortgage companies that limit the number of email administrators have less “surface area” to attack. Fewer high-permission accounts mean fewer people that require close monitoring. Leveraging the stratification of non-global administrator roles reduces the number of people with high value, high impact access in your system. Get your system administrators to designate lower-level supervisor positions for common issues such as Password Administrator or Exchange Online Administrator. This reduces the number of targets for an email hacker looking to gain global access.
- Block Old Email Accounts
Tie up loose ends when former mortgage brokers are no longer with the company. Deleting or blocking accounts that haven’t been used in the last 30 days helps prevent unauthorized use of inactive accounts by attackers. These accounts can be targets because brokers no longer review the inboxes of former staff members. A hacker can use a defunct email address and contact list to have long-term interactions with customers and go relatively unnoticed. In Office 365 Email, this security step also includes an automated process to check with the account owner before the account goes silent.
Mortgage companies, banks, and credit unions that host secure email platforms with Access Business Technologies have been protected by a full array of email cybersecurity solutions since 1999.
To learn more about the latest Microsoft cloud-based technologies that protect against cyber-attack, read about ABT’s EmailGuardian today.