First Phishing, Now Quishing… ALTA on the New Face of Deed Fraud

The DC-based American Land Title Association (ALTA) wants you to imagine a scenario that, one day soon, you could face. You’re a home buyer. You’ve talked with the lender a few times in the past, and know the company logo and email style. You’re familiar with the loan officer’s voice.

The lender has left a voicemail message on your phone. You check your emails — yes, there’s a follow-up message. It contains updated wiring directions. You follow the detailed instructions when sending your down payment.

Next thing you know, your money has been taken by a criminal. You’re the latest victim of wire fraud. That voicemail was generated by AI (artificial intelligence). And the email was written with information that the sender had no right to know.

Imagining this scenario isn’t pleasant. But a mental walkthrough will help you deal with a real situation in which someone attempts to manipulate you.

The Deepfake: Now It’s Getting Personal

ALTA discusses information from data security company Closinglock on the new face of computer-generated fraud. Deepfakes, made with artificial intelligence, are making real estate fraud extremely treacherous. In one recent occurrence, a Florida title company was the target.

The presumed home seller agreed to a video call. The title agent said the person on the other side of the call seemed perfectly real, matching the personal characteristics of the deed holder. Then the title agent asked this “seller” to raise a hand. No response.

The person on the screen was a deepfake.

As you can see, a prepared title agent would not just let a remote seller communicate by email or text. Setting up the video call and catching the fraudster in action was a master stroke — exactly the kind of thing diligent title professionals are now doing.

Fraudsters Have Jumped on Generative AI

This innovation can create text, based on the user’s requests and input. In seconds, machine-trained data processors whip up compelling emails and texts for a swindler to use in “phishing” messages. These are made to get you on their hooks. Once you bite, they reel in your personal data — or your funds.

Con artists begin with publicly available data. Examples of what the perpetrators can find online may include tax records and home deeds. Fraudsters also deploy robotic tools (bots) to do their reconnaissance and data scraping from online sources. Bots can extract information from LinkedIn and listing services. The culprits may be using the real deed holder’s Social Security and motor vehicle IDs. They might falsely notarize deeds with real notary stamps they’ve managed to get hold of.

Then they produce perfectly real-looking, personalized phishing emails. These are powerfully effective, reports ALTA. The use of artificial intelligence makes a recipient three times as likely to click on a link, and potentially fall for a trick, than emails humans draft.

AI can also produce images, videos, and voices. Scammers can “clone” someone’s voice using just a few seconds of recording.  

A real estate lawyer’s voice and image was cloned so well, ALTA reports, that after a Zoom call with a “clone” of the professional, a couple in California wired $720K to a bogus account.

Sometimes, the culprits themselves are in positions where they are supposed to keep customers safe. Last year, an employee of a Texas title and trust company admitted to fabricating lien payoff statements, warranty deeds, and email messages to improperly transfer properties. The recipients were innocent buyers, lenders, and title agents. This cost customers — and the fraudster’s company — hundreds of thousands of dollars before the scheme was exposed and stopped.

New Ploy: What to Know About “Quishing”

A quick-response (QR) code is a barcode, often square-shaped, that a smartphone can read. It typically connects the person who scans it with a webpage. Scammers hijack QR-codes in a ploy called quishing.

The unknowing user could be steered away from a legitimate site to a bogus webpage. The user might even have to go through security steps along the way.

If the page is a form, some of the information fields could already be completed. It’s looking for more information, such as passwords.

Requests for scanning QR codes should be used carefully. If you visit a webpage after scanning one of these codes, use strong caution if asked to create or type in your user name and password.   

When in doubt, close out the page and revisit it using your regular web browser. Or call the entity to verify that a request is legit before trying to connect.

Become Fraud-Aware

Keeping up with fraud techniques can be well worth the effort. Many people are fooled, especially by swindlers equipped with the latest in generative AI — as most swindlers are. Know the basics, too:

• In any situation where another party needs your personal data, such as real estate closings and wire transfers, verify who’s on the other end of the line.

• Don’t trust wiring instructions sent over email.

• Train yourself to pause and ask questions before transmitting private information. When urgency, impatience, or emotions run high, double that.

ALTA offers several fraud information sheets. ALTA is joined by the Mortgage Bankers Association, AARP, the National Association of REALTORS® (NAR), the National Notary Association and the Property Records Industry Association, developing one-page scam-awareness guides in plain language. (See Supporting References below.) It’s a good idea to read them, download them, and share them with others who could benefit from a better understanding of real estate fraud techniques.

Protecting the Value of Your Title

If you purchase a house, ask about title insurance policies for owners. Avoid “alternatives” to title insurance.

In some states, ALTA is approved to offer the ALTA Homeowner’s Policy of Title Insurance. Ask your title company about it.

There is also the ALTA Owner’s Policy. This policy does cover pre-purchase deed forgery. The Homeowner’s Policy of Title Insurance goes further, by covering deed falsifications that happen after you already own the house.

“With deed fraud on the rise,” says ALTA, “homebuyers may want to ensure their property is protected both as a purchaser and into the future.”

Dealing With Actual Situations Involving Fraud

Before anything should happen, be aware that your county recorder’s office might have a fraud alert system. Check your county government’s website to find out if it’s possible to register for automated notifications that alert you to activity on your deed. This is especially important for homes that aren’t occupied — but title thieves could target any property.  

If a deed fraud schemer does target yours, your deed would be transferred, and the transfer recorded with the county. If anything like this should happen, report it quickly, to:

• The police.

• Your state bureau of investigation.

• Your state attorney general.

• Your title company or title insurer.

• Your lawyer if you have one.

The prompt involvement of law enforcement could stop the sale of your home to yet another party. That only adds to the complexity of deed recovery.