Recently, one of the world fortune 500 real estate insurance giant First American Financial Corp. [NYSE:FAF] website leaked thru hundreds of millions of sensitive record relating to mortgage deals, until notified this week by security expert KrebsOnSecurity. All records ranging from bank accounts numbers and statements, mortgage and tax records, Social Security numbers (basically NRIC), wire transaction receipts, and driving license images were available to everyone with a Web Browser.
As of May 25th (GMT +8), firstam.com was returning sensitive records documents of up the the present day of (885,000,000+), including many PDFs and post-dated forms for upcoming real estate closing. by the afternoon the company had to bring down their site that holds all the sensitive record. it’s not yet clear how long the site remained in its promiscuous state, but archive.org shows documents available from the site dating back to at least March 2017.
Nevertheless, the information exposed by First American would basically be a standing gold mine for phishers and scammers involved in so-called Business Email Compromise (BEC) scams, which often impersonate real estate agents, closing agencies, title and escrow firms in a bid to trick property buyers into wiring funds to fraudster. According to the FBI, BEC scams are the most financial costly form of cybercrime in today.
Armed with a single link to a First American document, BEC scammers would have an endless supply of very convincing phishing templates to use. A database like this also would give fraudsters a constant feed of new information about upcoming real estate financial transactions — including the email addresses, names and phone numbers of the closing agents and buyers.
With that, CAD once again have to advise, to keep your site safe by installing SSL, reputable host and SQL injection preventive measure. which would deny any database access to unintended personnel. Keep your site up to date and if any doubt, feel free to ask us on tips and tricks to get secured in this digitized era.