Scotsman Guide > Commercial > October 2018 > Article

 Enter your e-mail address and password below.


Forgot your password? New User? Register Now.
   ARTICLE   |   From Scotsman Guide Commercial Edition   |   October 2018

Shadow IT Preys on Mortgage-Transaction Communications

This cloak-and-dagger cyberthreat can wreak havoc if safeguards are not in place

To stay technologically protected, mortgage originators need to understand what cybersecurity threats look like within their industry. Specifically, they need to know what types of attacks are prevalent in the industry and what they are focused toward or leveled at. 

Recently, the mortgage industry has been facing a threat coming from the shadows. It’s known as Shadow IT — a threat faced by other industries that also deal frequently with monetary transactions and personal data. Shadow IT is a term used to describe situations in which hackers use bots and other technologies to breach computer systems.

In financial transaction-based industries with many participants involved in each transaction — like the mortgage industry — this Shadow IT typically targets the e-mail systems of those who are directly involved in the transactions of the targeted industry. These Shadow IT hackers set up both automated and manual systems to watch e-mail traffic. They patiently keep an eye on e-mail exchanges until a point in time when money is going to be moved, and then they move in — assuming the role of one of the individuals involved in the transaction — and redirect the money to themselves. 

Because they’ve been watching the traffic, they know who the players with authority are. They know where the players are. And they have the ability to stop e-mails from forwarding to the intended recipient’s inbox.

Silent predators

Think about a hacker breaking into a commercial loan originator’s e-mail, for example. The loan originator has been working on the sale of a $30 million building. The hacker, meanwhile, has gone unnoticed while having access to and reading every e-mail pertaining to this sale, silently watching and waiting for things to happen.

The process then reaches the point where the buyer is ready to move money into an escrow account. Once this occurs, the hacker assumes the role of the originator: E-mails were previously landing in both the originator’s inbox and the hacker’s inbox, but now the hacker prevents e-mail from landing in the originator’s inbox and takes over communication.

The hacker sends an e-mail disguised as the originator to the buyer’s attorney with instructions on which account to wire the money to — namely, their own untraceable account as opposed to the originally intended account. Because many mortgage companies either don’t have the appropriate policies in place, or don’t stress to employees to follow the appropriate protocols, most of the time this money is long gone before it’s even noticed to be missing — well beyond the 24-hour time frame the FBI says it needs to claw money back from scammers.

Shadow IT is a term used to describe situations in which hackers use bots and other technologies to breach computer systems.

Another example of hackers using a Shadow IT scam to cause harm to the mortgage industry involves obtaining money through a different means — in this case, extortion. By once again breaking into a user’s e-mail, hackers can access a list of all open transactions and threaten to contact each entity on that list to inform them their personal information has been breached. The hackers then tell the business they will do precisely that, unless they are paid a sizable ransom. 

At a minimum, a mortgage company may have to revise information for tens of thousands of transactions. Doing nothing risks the company’s reputation, and should a hacker act on their threat, the volume of transactions that could die on the vine because no one trusts the company anymore is staggering.

Fighting back

Falling victim to a hacker’s Shadow IT realm, however, is not inevitable. In fact, there are some rather simple steps mortgage companies can implement to protect against this underworld threat. Straightforward internal protocols that are continually tested, audited and confirmed go a long way toward keeping networks safe. 

In the aforementioned example involving e-mail interceptions, one prevention strategy is to ensure the company has a system in place whereby everyone involved in the mortgage process has a list for each transaction that outlines the authorized players, the authorized banks and the authorized e-mail addresses. They also should be instructed to pick up the phone and seek confirmation should anything deviate from that set list — thereby preventing money from being authorized for transfer to a scammer’s account.

Established procedures that demonstrate a strong cybersecurity posture, coupled with policies that demand employees live up to these requirements, are an effective and inexpensive way of promoting a security-centric environment. Such procedures also bolster a company’s overall cybersecurity.

Tech tools

Supporting cybersecurity policies and procedures with the right technology and the right training will further lessen the chances of falling victim to a Shadow IT hack. Many mortgage companies have already invested in the technology, as most businesses really can’t operate without technological necessities like spam filtering, firewall protection and endpoint detection. 

Good anti-malware and anti-spam technologies, as well as a good firewall, are relatively inexpensive solutions that are not too difficult to implement — although implementing a firewall does usually require the help of a skilled IT person. Technologies that help to monitor and mitigate threats that stem from social media (especially for companies that use social media to better identify and connect with their clients) also are vital in today’s world and are, therefore, critical investments.

Additionally, requiring more complex passwords that are changed frequently also can be an effective strategy that, in conjunction with other efforts — such as multifactor auth-entication, 10-minute screen savers, individual logins, backup and disaster-recovery plans, acceptable use and other similar efforts — add up to support a much more secure operating environment.

Mortgage companies also should commit to ongoing employee education and training designed to help employees become aware of their technological habits and, just as importantly, to help them recognize how those habits can be used against them. The goal of such training is to get employees to change the way they think about what they do each and every day so that cybersecurity is at the front of their minds.

• • •

Cybercrime has always taken place from the shadows. Now, with Shadow IT systems built by hackers, the threat is even more imminent to the mortgage industry and the potential repercussions are even more damaging. Through consistently enforced protocols and policies, however, as well as effective cybersecurity technology and training, the mortgage industry can help shine a light on these potential threats, exposing them and weakening their impact. 


Fins A Lender Post a Loan
Residential Find a Lender Commercial Find a Lender
Scotsman Guide Digital Magazine

Related Articles



© 2019 Scotsman Guide Media. All Rights Reserved.  Terms of Use  |  Privacy Policy