Underneath the glossy casing of the digital world is a world of forgetting passwords and cybercrime. Cybercrime really goes back to the birth of computers. As soon as computers were created, people were tinkering with them. But the boom in cybercrime dated back to the mid-90s when credit cards came on the internet, e-commerce started and of course online banking. Today, it has gone global.
But here’s the thing: Back in those early days, it was more about people downloading malicious software and getting infections, things that impacted the network and took out availability. But over the last 20 years, it has moved on to being much more commercial: taking money. And that’s a reflection of the fact that we’re using technology much more as a core way of managing data and businesses.
Businesses in the finance space are having it really bad being subjected to attacks almost frequently. A senior computer network manager for a global financial services company named Peter says they are seeing tens of different hacking attacks every week – completely bombarded from all directions.
We can hear some people protesting “we can always push thinking about it tomorrow”. We can tell some of you are secretly thinking it. But did you know? There’s been a ton of incidents where attackers were able to impersonate brokers over email, leading to either a lender or a client depositing money into the attacker’s account. Ah yes, now it seems fair that mortgage brokers need to be more vigilant and to strengthen our cybersecurity.
What can you do to make things as safe and secure as possible? Here are a few pointers from the top cybersecurity trainer – Teri Radichel to help you avoid falling prey to cyber attacks. Let’s read it with a forensic attitude in mind and attempt to extract the facts, shall we?
Cybersecurity problems are the result of an overly complex process
The length of time a process drags on with endless rounds of paperwork is a security risk. Some mortgage brokers are used to exchanging documents and bank statements….via emails. The more paperwork gets shuttled around multiple times in your email, the more chance that something would go to the wrong place and get in the wrong hands. Certain processes even require customers to give their sensitive data…over the phone instead of into a secure portal. This leaves a massive loophole where attackers can get around and take advantage. On top of that, the repeated requests for documents can really stress people out. When people are stressed, they tend to make mistakes.
The solution: streamline the process
The way many mortgage brokers do loan processing could use some serious streamlining. One of the best ways is by using a secure portal such as Effi to capture documents, simplify the process, eliminate unnecessary and duplicated steps, which in turn, reduce the points of potential data exposure. Not only it gives your customers a better sense of security but also helps them avoid an inordinate amount of stress.
Broken portals lead to business and cybersecurity risk
Now we know, having a secure portal is much better than sending documents via emails. However, in some cases, the portals are cumbersome, chunky and even completely unusable so people resort to using emails or some other less secure workarounds. The most common way emails get hacked is through Phishing Schemes. It is usually done by sending out an email that looks legitimate and has people enter credentials to “verify” information, which is then stolen. It may also ask the recipient to download something which ends up being malicious malware.
Let’s talk examples: Microsoft took down a major business email compromise (BEC) operation in which the attackers were able to gain entry into inboxes to find information about financial transactions. They then sent spoofed emails to trick people into wiring money to the wrong place. Not cool!
This is a phishing page that looks similar to the Microsoft sign-in page with the username prepopulated. Once the user entered their password, they were presented with a “File not found message”. The obtained password would allow hackers to access your inbox and redirect financial-themed emails to their controlled email addresses.
If you’re working with a number of mortgage applications, the attacker has access to any document in your email account, to trick your customers into sending data or money to them. I don’t think I need to explain the severity of the damage it created. According to the FBI’s 2020 Internet Crime Report, BEC scams are the costliest scam as losses reached a total of nearly USD $2 billion last year.
The solution: the portal needs to be secure and work properly
The best you can do to avoid epic failures like this one is to choose a platform for your business carefully and to educate your team about security. This is the one time when you shouldn’t trust your guts. Test all of the functions and make sure your portal is working properly. Train your team to strictly use the system so they won’t use the alternative and unsecure ways to get the job done quickly. Leveraging a third-party secure portal such as Effi that is well-versed in handling documents securely will greatly offset your risk.
Gaps in transaction communications
You don’t want your clients to be getting emails from people they have never heard of or had no prior contact with, asking for information, paperwork and eventually bank accounts. We are talking about hundreds of thousands of dollars at risk here. Some customers would question the legitimacy of these requests because there is no way for them to know if it’s truly someone sent by you or a hacker who adopted a cunning disguise. So how do we avoid this situation?
The solution: Being crystal-clear from the get-go.
You should take the extra step to ensure your client does not give out information to an imposter. Gather the names, phone numbers and emails of the people who will contact your customer, provide that information in an email or via a text message then call your customer to confirm the accuracy of the contents. Better be safe than sorry! Or the best way is via a secure portal where your customer can log in and find all the appropriate contacts safely.
Checking all of your security measures can save you a lot of pain down the line. We are not here to judge your processes – only to tell you that there’s a mortgage broker platform that embraces all security measures. At Effi, if it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck. Nothing escapes our eagle eyes as we monitor all such incidents and verify that none of your data is connected in any way to security breaches.
Alright, are we done here? Cool – Go forth and sign up with Effi! At Effi, we take security and privacy seriously both in our product and our organisation to protect the data that you entrust us with. You own your data and we never use it beyond the service we provide you. Get your 14-day free trial today!