Mortgage customers make heavy use of the Internet today. People are used to carrying on business with online forms and email, even where they'd have expected face-to-face meetings and paper just a few years ago. Online activity, especially email, carries risks of fraud and information theft. It's the responsibility of mortgage professionals to advise their customers on how to keep that risk low.
Tips for Customers
Here are some tips on email safety to pass on to your mortgage customers:
- Avoid sending confidential information by email. It isn't a secure medium, and third parties can easily intercept it. Use online forms for submitting personal information, making sure you're using the right site. This applies especially to Social Security numbers, credit card numbers, and information on tax returns.
- If you receive an unexpected request from your mortgage provider, be very wary. If someone asks you to email confidential information, don't treat that as an exception to this advice. Treat it as grounds for suspicion. When in doubt, call to make sure the request is legitimate.
- If you get unexpected attachments or links, don't open them. Just as the customer shouldn't send email in place of a secure online form, they should expect that you won't send important information in email attachments. Any links you send should be to your own site or one that you've familiarized them with, not to some mysterious site they’ve never seen before.
- Don't send mortgage-related email through a public wi-fi connection. Everything that's sent that way is transmitted without encryption, and it's not hard for someone nearby to intercept the data.
Understanding Phishing
It’s also important to educate customers about "phishing." Phishers impersonate legitimate operations—possibly your own business—to get people to download malware or turn over personal information. It's easy to forge email addresses or to use an address that appears to be from a trusted source.
Many users don't even see the email address. For the sake of convenience, a lot of client software shows only the display name and not the address. There's generally a way to check the address, such as tapping or hovering on the name. It's important to check the address before replying to an important email message to ensure it's the sender's real address.
An email message that demands an immediate response with the threat of dire consequences is probably phishing, unless the customer was already close to a deadline. One with unusually bad grammar and spelling is likely to be fake.
A message that asks the recipient to do a software update should raise an immediate red flag. Users should always do updates from the software itself, not from a link or attachment in a message.
If the message body doesn't mention the recipient's name, that's another sign of fakery. If it just says "Dear Customer," while calling for a personal response, it should be a dead giveaway.
Maintain High Standards in Your Own Mail
Give your own email a consistent appearance. That will help customers to know something could be wrong if it looks different. Include a standard signature with your contact information. Always greet the customer by name. Keep a consistent tone. Don't use formal language in one message and then address the customer as "u" in the next.
ABT's MortgageWorkSpace® Suite provides the tools you need for communicating safely with customers. EmailGuardian™ supports encrypted communication, guards against malicious links and attachments from mortgage cyber-attackers, and archives all mail. DocumentGuardian™ provides vulnerability management solutions through secure access to documents, without storing them on user devices. All documents are stored safely in our cloud data center.
With MortgageWorkSpace®, you can assure your customers that there will never be a need to use insecure methods of sending or receiving information. Please contact us to learn how you can improve the security of your customer interactions and keep client information safe.