Our own JT Gaietto co-presented with Chase Cunningham at the recent Mortgage Bankers Association conference, showing how real and costly cyberattacks have become, particularly in 2021.
Shifting the conversation from finances to cybersecurity, the presentation borrowed from real-world incidents to demonstrate just how effectively hackers can exploit vulnerabilities.
First, some data to set the stage: A malicious hacker now attacks computers and networks every 39 seconds, the University of Maryland found. Of breaches this year, 85 percent have been human-related, and 75 percent were financially motivated, according to Experian. Specifically focusing on the Financial Sector, 44 percent of incidents had an internal component.
The presenters explained how hackers often gain an initial toehold through phishing attacks. Through an innocuous-appearing email, text or phone call, the hacker tries to fool a person into revealing confidential information. Signs of a phishing email often include a link to a fake website, prompts to reveal passwords or other information, or requests for personal data — a birthday, social security number, or credit card number.
A common strategy that particularly pertains to Mortgage Bankers: phishing attempts using a fraudulent DocuSign email or similar electronic signing services. The emails look convincing and may blend in among similar, legitimate ones. However, watch for several red flags: if you weren’t expecting any documents to sign, if there are misspellings, if the email is generic instead of addressing you by name, if there are URLs that don’t go to DocuSign (hover your mouse over to see the link without clicking on it), or if there are downloads. Typically, a DocuSign email clearly states the person who sent it, and it never includes an attachment until all parties have signed the document.
We could go on, but given that the overwhelming majority of data breaches have human components, it’s vital for organizations from all industries — and especially those like mortgage bankers who handle sensitive personal and financial data — to train their people so they’re on guard against such attacks. Education is a vital part of the battle against malicious actors, particularly as data breaches rise.