Fraud Panel: Watch Out for ‘Low-Hanging Fruit,’ Synthetic Identities, Business Email Compromises

(From left: Moderator Steve Safavi, AML Officer for Mr. Cooper; Matthew Riportella, Rahul Mittal; and Justin Palmerton. Photo via Anneliese Mahoney)

WASHINGTON, D.C.–Experts took to the stage at the Mortgage Bankers Association’s Compliance and Risk Management Conference Sept. 23, to highlight the importance of being vigilant in all aspects of digital life and provide insights into fraud trends that could be seen by those working in the mortgage industry.

“What we are seeing is the low-hanging fruit,” said Rahul Mittal, Cyber Security Advisor at the Cybersecurity and Infrastructure Security Agency, a division of the U.S. Department of Homeland Security. “That we’re protecting our organizational cyber posture, but not our personal cyber posture. What you’re not realizing is that by not protecting yourself at home, you’re making yourself vulnerable at work.”

He gave the example of reusing passwords–many people’s passwords have been released in hacks. If those passwords are reused in work accounts, that can provide an opportunity for cybercriminals.

Mittal encouraged password managers and multi-factor authentication. “Treat your digital home just like your physical home,” he suggested, noting that many people have burglar alarms or security systems in place but might not take the same precautions with their digital information.

Speaking of low-hanging fruit, another recent trend is actually pretty low tech, said Justin Palmerton, Supervisory Special Agent, Money Laundering, Forfeiture and Bank Fraud Unit, at the Federal Bureau of Investigation. He said the FBI has seen an 87% increase in check fraud since 2021, in part because it’s pretty easy to do compared with more elaborate scams.

An additional trend Palmerton pointed to is a bit more tech-savvy, though–synthetic identities.

“A synthetic identity, for those of you who don’t know, is basically taking PII–personally identifiable information. You take somebody’s face, a name, a social security number, a date of birth, even a driver’s license–merge all that together, you create a fake person that looks real,” Palmerton said. Increasingly, artificial intelligence tools may be utilized in their creation.

Palmerton noted that such fraudsters were spotted applying for Small Business Administration loans during the pandemic, but he’s also seen a case where someone attempted to purchase a house using a synthetic identity.

Matthew Riportella, Supervisory Special Agent, Economic Crimes Unit for the Federal Bureau of Investigation, said the top three scams seen this year in terms of money lost are cyber investment scams, business email compromises and tech support scams.

Mittal pointed to some other popular scams, such as job interview scams, where fraudsters conduct fake interviews in order to get personal data about individuals that can be then used for some nefarious purposes.

From a business standpoint, Mittal urged companies to make sure that any third parties, contractors or vendors they use for services also have strong cybersecurity awareness.

Mittal, Palmerton and Riportella all noted that CISA and the FBI have publicly available tools and resources to help further combat fraud.

The agents also noted it’s important to report fraud–or even just attempted fraud. Riportella recommended for cybercrime specifically to utilize IC3.gov (the FBI’s Internet Crime Complaint Center), but also said that calling a local field office or the national call center are options.

Making sure the tips are detailed can also be helpful, Riportella said. “Sometimes you may be the victim of a $1,000 fraud, but you would be one of 400 victims,” he said. “And if we can tie those together and really build up the case that’s important to us for […] intelligence and for criminal prosecution.”