|
Website Login
Search

FNF Named 2022 Champion Organization by the National CyberSecurity Alliance for the Third Year in a Row


NCSA637938583569349965


CAM_LOCKUP_VERTICAL_full_color3


Read more about being and becoming a champion at https://staysafeonline.org/programs/cam-2022-champion-organizations/ and watch for new videos, resources and collateral for National CyberSecurity Month coming in October!




WEEK 1 – 

MORTGAGE PAYOFF WIRE FRAUD

 

It's that time of year again!  FNF Family of Companies – National Agency Division is once again a Champion Organization by the National CyberSecurity Alliance.

Let's kick off National Cybersecurity Awareness Month (NCSAM) with our first educational video and email about mortgage payoff wire fraud.  This year’s focus is to “See Yourself in Cyber,” and we wanted to focus on mortgage payoff wire fraud because of its danger to title agents

Mortgage Payoff Wire Fraud

It's no secret that wire fraud has been a hot topic. Over the past couple of years, the type of wire fraud has evolved to also include mortgage payoff wire fraud which can be devastating to a title agency due to the size of the loss. As will be detailed in week 2, there probably is not any insurance coverage available for the loss.

Join Michele Green as she discusses steps your agency can implement to Create Confirm Check to avoid mortgage payoff wire fraud.  After her video, be sure to review the information on Create Confirm Check in your agency to determine what procedures you should take to protect your escrow accounts.

Want more?

In week 2 of National Cybersecurity Awareness Month (NCSAM), Michele Green will continue the mortgage payoff wire fraud discussion by reviewing the current availability of cybersecurity insurance.

After the focus on mortgage payoff wire fraud and insurance, Krista Christensen will provide you with information on strong passwords and enabling multi-factor authentication.

Mortgage Payoff Fraud flyer half size

Click image to download

 


WEEK 2 - CYBERSECURITY INSURANCE

National Cybersecurity Awareness Month (NCSAM) is still going strong! This week, we're going into cybersecurity insurance and why it is important to Create Confirm Check.

CYBERSECURITY INSURANCE FOR WIRE FRAUD IS MOSTLY UNAVAILABLE

Last week, Michele Green shared with you what mortgage payoff wire fraud is and how you can implement strategies to Create Confirm Check so your escrow accounts are safer from mortgage payoff wire fraud. Next, Michele will share with you why there is no insurance coverage for mortgage payoff wire fraud.

STRATEGIES FOR ADDRESSING MORTGAGE PAYOFF WIRE FRAUD

After you watch these videos, schedule time to talk internally in your title agency about how you can implement strategies to Create – Confirm – Check or whether you want to transfer the risk to an outside vendor. And, as always, continue to talk at every staff meeting and regularly remind each other about mortgage payoff wire fraud so your title agency is not a victim.

 


WEEK 3 - STRONG PASSWORDS AND MFA

We're halfway through National Cybersecurity Awareness Month (NCSAM)!The overall focus for this month is on mortgage payoff wire fraud; however, no cybersecurity awareness month would be complete without information on how to protect e-mail accounts hackers attack. This week, we're focusing on strong passwords and multi-factor authentication.

Be sure to watch the video with Krista Christensen as she walks you through information on strong passwords and implementing multi-factor authentication.

UTILIZE YOUR PASSWORD STRENGTH!

Password cracking is an extremely common tactic for hackers considering that less than half of the public utilizes strong and complex passwords. There are several programs that hackers can use to guess or "crack" passwords, which means that we have to take important steps to outsmart the hacker and protect our personal information.

How do hackers steal passwords?

In general, password attacks fall into four major categories: password theft, password guessing, password cracking, and unauthorized password resetting or bypass.

The most common theft method is sending a traditional phishing email, which prompts the potential victim to click on a link and type in their username and password. Passwords can also be manually guessed...and the shorter and simpler the password, the easier it is to guess. The average user rarely changes their password and uses the same password for multiple accounts, making them an easy target.

On the more technical side of things, a "password cracker" is an application program that can recover passwords using various techniques and algorithms. Thankfully, there are ways we can make our passwords stronger, more complex, and difficult to uncover.

What are some simple password tips?

  • Consider using the longest password permissible
  • Don't include personal information in your password
  • Use a combination of upper and lowercase letters
  • Avoid using common words
  • Substitute letters with numbers or symbols
  • Use phonetic replacements (ex: "PH" instead of "F")
  • Don't reuse the same password on multiple accounts
  • Store all of your unique passwords with a password manager

KEEP YOUR GUARD UP WITH MFA!

Imagine that your computer, with all of your sensitive information and personal belongings, is like a castle. Your password is the lock on the door, but enabling multi-factor authentication is like building a moat. Similar to a moat, MFA is an additional defense against attacks. It makes it even more difficult for scammers and hackers to compromise your account. When possible, you should always turn on MFA because it's easy to do and greatly increases your security.

How does MFA work?

Enabling MFA adds an additional step when logging into an account. The first step is entering your password, and the second step is providing an extra way of proving that it's really you. This could be a PIN code or texting/emailing a code to your mobile device.

MFA can include:

  • An extra PIN (personal identification number)
  • The answer to a security question (ex: What's your pet's name?)
  • An additional code emailed to a mobile number
  • Facial recognition or a fingerprint
  • A yes/no button or unique number generated by an authenticator app (like those from Microsoft, Google, or Duo)
  • A secure token, which is a separate piece of hardware (like a key fob)

Do all accounts offer MFA?

Not every account offers MFA, but it's becoming more popular every day. MFA is the standard for most financial institutions, online stores, and social media platforms. According to Microsoft, enabling multi-factor authentication is 99.9% effective in preventing breaches. Simply put, use MFA everywhere you can.

 
 
 

 

October Roadmap image638017062270633250

 


WEEK 4 - PHISHING AND WRAP-UP

This is the last week of National Cybersecurity Awareness Month (NCSAM)! This week, we're focusing on common red flags you might encounter if you're being phished. Read on to make sure you don't get hooked!

DON'T TAKE THE BAIT!

Phishers may prey on your sense of trust in order to get access to your personal information, money, or accounts, or otherwise put you or your company at risk. Phishing emails can use language that is urgent, alarming, or even threatening. They can also impersonate trustworthy sources known to you – such as Amazon, Google, UPS, financial services providers, and others you may normally interact with for legitimate purposes. There have been situations reported where employees received fake notices from Microsoft, asking them to provide credentials. They can disguise themselves as people you know, even high-level executives at your company. It is key to use your best judgment and scrutinize emails in your inbox. If a message is unexpected, requires you to act urgently, or is riddled with hyperlinks or typos, you could be being phished.

What are common red flags of phishing?

  • Contains an offer that seems too good to be true
  • Prompts to act urgently to avoid a negative consequence (phrases like “Your account has been suspended” or “We’ve detected unusual            account activity”)
  • Misspellings or bad grammar
  • Greetings that are ambiguous or impersonal
  • Requests to send personal information, online account information, or financial information
  • Urgency to click on a link or attachment
  • Strange or abrupt business-related requests
  • Email address doesn't match the display name or doesn’t match company it's purporting to come from

What do I do if I receive a phishing email?

Recognizing that a phishing email is fake is the hard part, so congratulations! As long as you don't click on any links and don't reply back, the phisher has failed at their attempt to bait you. Simply delete the email and block the sending address. On Outlook, Gmail, and Mac Mail, you can easily report a phishing attempt. It's a good idea to alert your manager or IT team as well.

WANT MORE?

If you did not have a chance to see Michele Green discuss mortgage payoff wire fraud or cybersecurity insurance, now is the time to catch those videos also so you aren’t caught in that net either!

 


 

2021 Cybersecurity Awareness Month - flyers

Click the image below to view Week One.

Click the image below to view Week Two.

Click the image below to view Week Three.

Click the image below to view Week Four.