01/21/2022

CFPB Increases Civil Penalty for RESPA Violations

The Consumer Financial Protection Bureau (CFPB) announced it increased the maximum of each civil penalty under its jurisdiction, including the Real Estate Settlement Procedures Act (RESPA).

The adjustments are required by the Federal Civil Penalties Inflation Adjustment Act of 1990, as amended by the Debt Collection Improvement Act of 1996 and further amended by the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015. The inflation adjustments mandated by the Inflation Adjustment Act serve to maintain the deterrent effect of civil penalties and to promote compliance with the law.

The new rule went into effect Jan. 15.

RESPA civil penalties

01/06/2022

Federal Title & Escrow Donates $5,500 During Holiday Giving Campaign 

Katt-yukawa-K0E6E0a0R3A-unsplashWashington, D.C.-based Federal Title & Escrow Co. announced the 10 beneficiaries of its inaugural Holiday Giving Campaign that invited some of the area's top real estate agents to nominate their favorite local non-profits to receive a $500 donation.

Federal Title kicked off the Holiday Giving Campaign just after Thanksgiving, working with 11 local real estate agents to identify non-profit organizations that held special meaning to them. Then, just before the Christmas holiday, Federal Title gave a $500 donation in honor of each agent and donated to 10 organizations for a total of $5,500.

"This year, we wanted to express our gratitude toward our agents and the community we serve in a more meaningful way,” said Todd Ewing, founder and CEO of Federal Title. "We received wonderful feedback on our campaign and look forward to building deeper relationships with our people by showing up for them in similar ways in the future."

Some agents shared personal stories about how they came to support their causes. One such story came from Phil Sturm, who said he has lived in the region for nearly 60 years with his family and recently took in a family of Afghan refugees through an organization called Lutheran Social Services. Another came from Jason Skipworth, who became involved with the Alzheimer’s Association National Capital Area Chapter after losing a "dear" great-grandmother to Alzheimer's disease.

"My desire is to help promote awareness of this incurable disease, and to raise funds for research in the hope of finding a cure," said Skipworth, who has participated in the Walk to End Alzheimer's for several years and has spent countless hours advocating and volunteering. "While the world eagerly waits on a cure, the greatest things we can offer those living with Alzheimer’s is our time, attention, patience and love."

The following organizations were beneficiaries of Federal Title's inaugural Holiday Giving Campaign:

  • Alzheimer’s Association National Capital Area Chapter
  • Blessed Sacrament School
  • Capital Area Food Bank
  • Goods for Good DC
  • Humane Society of Montgomery County
  • Lutheran Social Services
  • My Sister’s Place
  • Anthony Catholic School
  • Jude Children’s Research Hospital
  • The Children’s Law Center
Share Your #GoodDeeds

ALTA wants to know how your company supports your communities and local markets. Send your stories and photos to communications@alta.org.

12/28/2021

Top TitleNews Online Articles of 2021

Nationally, the ongoing COVID-19 health crisis continued to dominate the headlines. For the title industry, articles focused on cybersecurity and wire fraud were the most popular. Today, we begin our countdown of the most-read TitleNews Online article of the past year. Below are articles six through 10. On Thursday, we will reveal the top five most-read stories of 2021.

No. 10: FPB Finds Mistakes With Simultaneous Issue Rates on TRID Disclosures
Some lenders are inaccurately disclosing fees for lender’s title insurance on the TILA-RESPA Integrated Disclosures in violation of Regulation Z, according to the Consumer Financial Protection Bureau’s (CFPB) summer Supervisory Highlights report. While report focuses on lenders, title and settlement companies should take note that the CFPB is reviewing disclosure of fees and finding mistakes.
 
No. 9: Multifamily Housing Down in 2021 but Will Rebound in 2022
Regulatory and supply-side challenges coupled with slowing rent growth and rising vacancy rates will weaken the multifamily construction market in 2021. However, the development market should stabilize by 2022, according to economists from the National Association of Home Builders (NAHB). Read on for analysis from NAHB as well as commercial real estate services and investment firm CBRE.
 
No. 8: ALTA Board Approves 2021 Policy Forms
Revisions to the 2021 ALTA Policy Forms collection have been published and went into effect July 30, 2021. Recommended changes were approved by ALTA’s Board of Governors in May, for adoption on July 1, 2021.
 
No. 7: When Can Title Professionals Get COVID-19 Vaccine?
Guided by evolving federal recommendations and limited vaccine supplies, states continue to refine distribution plans that prioritize when specific workforce members and populations receive the COVID-19 vaccine. States are choosing who gets the vaccine and in what order based on various phases. Considered essential workers by the Cybersecurity & Infrastructure Security Agency, title and settlement professionals fall into the last tier of phase one in most states. Read on for more information.
 
No. 6: Split Closings New Target of Wire Fraud
Diverting seller proceeds and mortgage payoffs appear to be happening with more frequency in markets such as Michigan and Wisconsin where split closings are commonplace.

No. 5: Fannie Mae Issues Guidance Regarding Remote Ink-signed Notarizations
Fannie Mae updated its Selling Guide announcing specific requirements for remote ink-signed notarizations (RIN) for loans issued on or after July 1. Fannie Mae added specific minimum standard audio-visual requirements for RIN.

No. 4: Survey: Title Professionals Targeted for Wire Fraud in a Third of all Transactions
Title insurance professionals reported cyber criminals attempted to trick employees to wire funds to a fraudulent account in a third of all real estate and mortgage transactions, according to ALTA’s 2021 Wire Fraud and Cyber Crime Survey. However, training and education seem to be working as funds were only wired to a fraudulent account in a little over 8% of these attempts.

No. 3: Criminals Using SMS Messages to Beat Multifactor Authentication
Criminals have deployed a Zelle fraud scam that allows them to infiltrate a peer-to-peer (P2P) payment service used by many financial institutions by circumventing multifactor authentication and accessing a victim’s bank account without knowing the username or password.

No. 2: Cloud-hosting Vendor Suffers Ransomware Attack
Cloudstar, which is a cloud-hosting and data security provider to title and settlement companies, was the target of a sophisticated ransomware attack in July. Several software vendors and title companies offered their expertise and services to help title companies impacted by the cybersecurity incident. 

No. 1: Wire Transfer Scheme Targets Mortgage Payoffs, Secret Service Warns
The U.S. Secret Service issued an advisory warning of a drastic increase in wire transfer fraud related to mortgage payoffs.

12/16/2021

RamQuest Contributes to Christmas Cops Campaign

As part of its ongoing GiveBIG initiative to support local communities, RamQuest and sister company Pavaso came together to support the Plano Police Association’s (PPA) Christmas Cops program.

Throughout the year, police officers in Plano, Texas, come across families in need. During the holiday season, when the needs are even greater, these families are referred to the Christmas Cops non-profit organization. They turn to the community for help in giving those in need an extra boost and a brighter holiday. Over the past month, RamQuest and Pavaso employees purchased a variety of items from these families’ wish lists. They donated more than 100 items, and with RamQuest’s pledge to give double the employees’ contributions, 316 items went to Christmas Cops—everything from diapers and baby formula, to coats and hats, to toys and games. The PPA and Santa Claus will distribute gifts to the families ahead of Christmas.

“We appreciate all that the [RamQuest] team has done for us the last few years and look forward to continuing the partnership,” said Daryl Molitor, secretary of the PPA Christmas Cops. GiveBIG is RamQuest and Pavaso’s combined efforts to support local charities and non-profit organizations to Give Back to Ignite Good.

Christmas Cops is sponsored by the Plano Police Association. The program has been serving the community since 1984, providing emergency assistance to thousands of families.

Share Your #GoodDeeds

ALTA wants to know how your company supports your communities and local markets. Send your stories and photos to communications@alta.org.

12/09/2021

Addressing Illegal Covenants in Historic Land Records

Addressing Illegal Covenants in Historic Land RecordsDocuments in the land records provide public notice of property ownership and indicate when real estate is subject to a mortgage, judgment, or other encumbrance. These public records are accessed, reviewed, and used in every real estate transaction, including refinancing of home loans. A property’s chain of title includes transfers of ownership and contains other important records impacting the property. Removal of documents or pertinent information from the land records creates breaks in the chain of title, which can result in ownership disputes, a loss of property rights or an inability to buy, sell, or refinance property.

The American Land Title Association (ALTA) is strongly opposed to any form of housing discrimination and is committed to proactively working toward solutions that protect the property rights of all homebuyers.

ALTA’s Discriminatory Covenants Workgroup developed this publication that details the various approaches to addressing discriminatory covenants in the public land records. The document also highlights the pros and cons of each method.

12/07/2021

Alliance Title & Escrow Helps Close the Hunger Gap

Blackfoot-Food-Donation-cropIdaho-based Alliance Title & Escrow LLC collected nearly 17,000 pounds of non-perishable food items and donated nearly $50,000 through its 10th annual Closing the Hunger Gap Food Drive.

Company branches through Idaho and Montana helped donations.

Since its inaugural year in 2012, Alliance Title’s campaign has donated 247,075 pounds of food and $324,698.98 to various local food banks in Idaho, Montana, Washington and Wyoming.

Share Your Good Deeds

ALTA would like to hear how your company gives back to its communities. Email your Good Deeds to communications@alta.org.

11/30/2021

Criminals Using SMS Messages to Beat Multifactor Authentication

For several years, cyber criminals have used text message scams called “smishing” to steal personal information. Now, SMS messages are being used to infiltrate peer-to-peer (P2P) payment service used by many financial institutions.

According to Krebbs on security, criminals have deployed a Zelle fraud scam that allows them to circumvent multifactor authentication and access a victim’s bank account without knowing the username or password.

The scam starts with a text message about a suspicious bank transfer:

Krebbs zelle

Any response elicits a phone call from a scammer pretending to be from the financial institution’s fraud department. The caller’s number will be spoofed so that it appears to be coming from the victim’s bank.

To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email. In reality, the fraudster initiates a transaction — such as the “forgot password” feature on the financial institution’s site — which is what generates the authentication passcode delivered to the member. The criminal then uses the code to complete the password reset process, changes the victim’s online banking password and uses Zelle to transfer the victim’s funds to others.

By sharing their username and reading back the one-time code sent via email, the victim is allowed the fraudster to reset their online banking password. The fraudster never needed to phish for the victim’s password.

11/23/2021

ALTA Member Profile: Challenges, Mystery Fuel Path for Title Agency Owner

Becky Taylor2Becky Taylor

President | Titleworks Inc.
How long have you been in the title industry and how did you get started in this profession?
  • I worked in the real estate section of a law firm after college (1987) with an eye toward law school. When I moved to a position at a title company in 1992, I was hooked in by the title industry. In 1995, I became a licensed title agent when I joined a small title insurance company. In 2006, I became the owner of Titleworks Inc.
What’s a day on the job like for you? What excites you about what you do or what is the most challenging aspect of your job?
  • Every day is different, which is why it is easy to have been in the same industry for 29 years and counting. I love challenges, mysteries and investigations. The most challenging aspect is finding the best way to solve a title search challenge—what is the fastest way, what is the easiest way. Sometimes, easy doesn’t mean fast, and fast doesn’t mean easy.
What’s your best industry “war” story?
  • I’m not sure this is the best, but it is a funny story. The Name Affidavit, for many borrowers, contains one or two “also known as” names. One borrower’s Name Affidavit had at least 20 “also known as” names. The borrower, without missing a beat, laughed and showed her husband and commented: “I guess this is what happens when you’ve been married six times.”
Why is the title industry a great career opportunity for those entering the workforce?
  • It’s a great industry for one reason because it doesn’t require an associate degree, a four-year degree or a vocational training school. That doesn’t mean that it’s an easy industry or an industry for everyone. It means that if you are a hard worker, detail-oriented and conscientious, you will succeed. The title industry is on the job training and can provide a long-standing and fulfilling career.
What advice do you have for professionals starting their career in the industry?
  • When you are working, make sure you are present in that moment. Focus on the work so as not to miss details. Always ask questions—it shows you are interested in the work you are doing and want to learn more.
How has the industry evolved since you began your career? How has your company had to change in order to remain competitive?
  • In the beginning, I prepared Settlement Statements on a typewriter and used a calculator for totals on the Settlement Statement. Obviously, technology has changed and preparing an ALTA Settlement Statement is much easier now. My company has had to keep up with changing technology most recently moving to a web-based settlement system.
What have you learned about yourself or your company since the start of the COVID-19 pandemic?
  • I value my employees so much. They have worked quite hard since the start of the pandemic. I appreciate their work ethic and commitment to helping our clients. Personally, I have learned that work is important but that a healthy work-personal life balance is the most important.
Why are you a member of ALTA?
  • I am a member of ALTA because of the education provided through the webinars, the publications and, also, the guidance for Best Practices.
Tell us something that others in the industry may not know about you.
  • Since Oct. 31, 2017, I have lost 120 pounds and kept it off.
If you could have dinner with anyone, who would it be and why?
  • The Apostle Paul. He endured much hardship and always stayed true to his faith. In the midst of his hardship, he did not lament the situation but instead encouraged others.
What’s your favorite book/movie/TV series? Why?
  • TV Series: Law & Order. There was even an episode about a title company!
  • Book: Anything by Jodi Picoult. Her books tackle difficult issues and are thought provoking.
  • Movie: The Shawshank Redemption
What’s in your music playlist?
  • I mainly listen to True Crime podcasts.

ALTA Member Profiles

11/16/2021

Choosing and Protecting Passwords

You probably use personal identification numbers (PINs), passwords or passphrases every day: from getting money from the ATM or using your debit card in a store, to logging in to your email or your company’s VPN. Tracking all the number, letter and special character combinations may be frustrating, but these protections are important because hackers represent a real threat to your information. Often, an attack is not specifically about your account, but about using the access to your information to launch a larger attack. Many systems and services have been successfully breached because of non-secure and inadequate passwords. Once a system is compromised, it is open to exploitation by other unwanted sources.

How to choose good passwords

Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to crack them. Consider a four-digit PIN. Is yours a combination of the month, day, or year of your birthday? Does it contain your address or phone number? Think about how easy it is to find someone’s birthday or similar information. What about your email password—is it a word that can be found in the dictionary? If so, it may be susceptible to dictionary attacks, which attempt to guess passwords based on common words or phrases.

Although intentionally misspelling a word ("daytt" instead of "date") may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password "hoops," use "IlTpbb" for "[I] [l]ike [T]o [p]lay [b]asket[b]all." Using both lowercase and capital letters add another layer of obscurity. Changing the same example used above to "Il!2pBb." creates a password very different from any dictionary word.

Length and complexity

The National Institute of Standards and Technology (NIST) has developed specific guidelines for strong passwords. According to NIST guidance, you should consider using the longest password or passphrase permissible (8–64 characters) when you can. For example, "Pattern2baseball#4mYmiemale!" would be a strong password because it has 28 characters and includes the upper and lowercase letters, numbers and special characters. You may need to try different variations of a passphrase—for example, some applications limit the length of passwords and some do not accept spaces or certain special characters.

Dos and don'ts

Once you’ve come up with a strong, memorable password it’s tempting to reuse it—don’t! Reusing a password, even a strong one, endangers your accounts just as much as using a weak password. If attackers guess your password, they would have access to your other accounts with the same password. Use the following techniques to develop unique passwords for each of your accounts:

  • Use different passwords on different systems and accounts.
  • Use the longest password or passphrase permissible by each password system.
  • Develop mnemonics to remember complex passwords.
  • Consider using a password manager program to keep track of your passwords. (See more information below.)
  • Do not use passwords that are based on personal information that can be easily accessed or guessed.
  • Do not use words that can be found in any dictionary of any language.

How to protect your passwords

After choosing a password that's easy to remember but difficult for others to guess, do not write it down and leave it someplace where others can find it. Writing it down and leaving it in your desk, next to your computer, or, worse, taped to your computer, makes it easily accessible for someone with physical access to your office. Do not tell anyone your passwords, and watch for attackers trying to trick you through phone calls or email messages requesting that you reveal your passwords.

Programs called password managers offer the option to create randomly generated passwords for all of your accounts. You then access those strong passwords with a master password. If you use a password manager, remember to use a strong master password.

There's no guarantee that these techniques will prevent an attacker from learning your password, but they will make it more difficult.

Ransomware 101

How ransomware works
Source: CertifID

The Cybersecurity & Infrastructure Security Agency (CISA) says ransomware identifies the drives on an infected system and begins to encrypt the files within each drive. Ransomware generally adds an extension to the encrypted files, such as .aaa, .micro, .encrypted, .ttt, .xyz, .zzz, .locky, .crypt, .cryptolocker, .vault, or&.petya, to show that the files have been encrypted—the file extension used is unique to the ransomware type.

Once the ransomware has completed file encryption, it creates and displays a file or files containing instructions on how the victim can pay the ransom. If the victim pays the ransom, the threat actor may provide a cryptographic key that the victim can use to unlock the files, making them accessible.

How is ransomware delivered?

Ransomware is commonly delivered through phishing emails or via “drive-by downloads,” according to CISA. Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment. A “drive-by download” is a program that is automatically downloaded from the internet without the user’s consent or often without their knowledge. It is possible the malicious code may run after download, without user interaction. After the malicious code has been run, the computer becomes infected with ransomware.

What can I do to protect my data and networks?

  • Back up your computer. Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.  
  • Store your backups separately. Best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive, or separate device from the network or computer.
  • Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.

What can I do to prevent ransomware infections?

  • Update and patch your computer. Ensure your applications and operating systems (OSs) have been updated with the latest patches. Vulnerable applications and OSs are the target of most ransomware attacks.
  • Use caution with links and when entering website addresses. Be careful when clicking directly on links in emails, even if the sender appears to be someone you know. Attempt to independently verify website addresses (e.g., contact your organization's helpdesk, search the internet for the sender organization’s website or the topic mentioned in the email). Pay attention to the website addresses you click on, as well as those you enter yourself. Malicious website addresses often appear almost identical to legitimate sites, often using a slight variation in spelling or a different domain (e.g., .com instead of .net).
  • Open email attachments with caution. Be wary of opening email attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files.
  • Keep your personal information safe. Check a website’s security to ensure the information you submit is encrypted before you provide it.
  • Verify email senders. If you are unsure whether an email is legitimate, try to verify the email’s legitimacy by contacting the sender directly. Do not click on any links in the email. If possible, use a previous (legitimate) email to ensure the contact information you have for the sender is authentic before you contact them.
  • Inform yourself. Keep yourself informed about recent cybersecurity threats and up to date on ransomware techniques.
  • Use and maintain preventative software programs. Install antivirus software, firewalls and email filters—and keep them updated—to reduce malicious network traffic.

How do I respond to a ransomware infection?

  • Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected whether wired or wireless.  
  • Turn off other computers and devices. Power-off and segregate (i.e., remove from the network) the infected computer(s). Power-off and segregate any other computers or devices that shared a network with the infected computer(s) that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted. Powering-off and segregating infected computers and computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists.
  • Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.

What do I do if my computer is infected with ransomware?

  • Home users: immediately contact your local FBI office or local U.S. Secret Service office to request assistance.
  • Organizations: immediately report ransomware incidents to your IT helpdesk or security office.
  • All users: change all system passwords once the ransomware has been removed.