News

How Criminals Can Spoof Your Phone

Ever heard of SpoofCard? It’s a scammer’s dream and a nightmare for title and settlement agents. The technology isn’t new, but the application offers the ability to change what someone sees on their caller ID display when they receive a phone call. To spoof a call, a criminal will dial one of SpoofCard’s access numbers and enter the destination number followed by the phone number to appear on caller ID.

Spoofcard“The recipient of that phone call will think it’s coming from one person when it’s actually coming from someone else,” said Thomas Cronkright, chief executive officer of CertifID. “Even a trained professional could fall victim to this.”

A current practice in the industry to confirm identity has been to call someone and reach them live over the phone – known as the “call-back” procedure. Cronkright says some errors and omissions insurance policies even require a call back before funds are initiated or coverage may be denied if I lost occurs.  The challenge is often you can’t get a hold of someone in real time, so they need to call you back.

As an example, a hacker could spoof a title company and call the buyer when it’s time to wire funds to close. Likewise, a fraudster could impersonate a seller and call the title company and provide them fraudulent wiring information for net proceeds to be transferred after closing.

“As the industry adopts new techniques to mitigate fraud instances, the fraudsters mimic such strategies to trick someone in a transaction,” Cronkright said.  “Fraudsters know when someone is wiring cash for a closing so they create a ruse through the phone call to disarm them so they will follow the fictitious wiring instructions that will be sent by the fraudster.  It’s a high impact scheme with no signs of slowing down.”

The Federal Trade Commission reported that imposters made more than 250,000 spoofed phone calls in 2017.

So what can title and escrow professionals do?  

“The key is early training and education of all transaction participants on how wiring information will be exchanged so that they can identify a fraudster before it’s too late,” Cronkright said. “Companies should also take a step back and review clinically how they are exchanging and confirming wiring information in order to identify areas where a fraudster could pierce through the communication chain and expose someone to loss. Unfortunately, we can’t simply rely on phone calls any longer.”


Source: ALTA Blog