Programs

Fraud Prevention

Mortgage fraud risk is present during the life of a loan, especially if a borrower encounters financial hardship. While legitimate assistance programs are available to borrowers, there are many schemes to defraud borrowers undergoing hardship. Borrowers should carefully review mortgage or foreclosure relief, loan modification, or debt elimination offers, especially offers requiring up-front payments. The most common foreclosure assistance and loan modification scams include:

• Foreclosure rescue arrangements that include demands for up-front fees, deed transfers, or mortgage payments to someone other than the existing loan servicer; 
• Debt elimination offers that promise settlement of mortgage debts or credit repair in exchange for up-front fees; and
• Loan modification scams involving payment of up-front fees in exchange for negotiation of more favorable terms with lenders.

Cyber-enabled fraud is an increasing risk for both borrowers and the industry at large. Cyber-enabled fraud can target the mortgage origination process and the operations of mortgage industry participants.

Beware of common cyber-fraud schemes that include:

• Phishing – fraudulent emails, phone calls, or text messages purporting to be from a reputable source seeking personal information, passwords, financial information, or payments;
• Email Account Compromise – unauthorized access to a valid email address used to gain the email account holder’s personal or financial information and/or induce such person’s contacts to send fraudulent payments; and
• Fraudulent Websites – fraudulent copies or look-alikes of official websites (generally in the financial services industry) used to obtain personal or financial information and/or payments from victims.

Application Fraud – A borrower may intentionally supply false information about income or identity in support of a mortgage application. These instances of fraud may be related to fraud for housing by a borrower or fraud for profit schemes.

Credit/Liabilities – Mortgage rates and the decision to extend a loan to a borrower are heavily dependent on the applicant’s credit and current debt liabilities. Fraud may include borrower misrepresentation of credit score and/or amount of debt to qualify for a loan or for favorable loan terms.

Employment Fraud – This fraud occurs when a borrower or straw buyer misrepresents his or her employment to the lender. The fraud may be committed to make the borrow appear more financially qualified for the loan or to conceal the illegal source of future loan payments.

Fraudulent Identity/Identity Theft/Synthetic Identity – This fraud occurs when misappropriated identification credentials are used by an individual otherwise ineligible for a mortgage loan or as part of a fraud for profit scheme. Fraudsters may also create synthetic identities using bits and pieces of valid information from disparate sources.

Income/Down Payment – This fraud involves providing false income information to qualify for a loan. Borrower income and assets may be inflated or completely manufactured. Down payment fraud involves disguising a loan of down payment funds as a gift.

Home Title Fraud/Deed Fraud – A property deed or title transfer executed and recorded illegally without the authorization or knowledge of the true and present owner. Methods used to attempt title fraud include forged warranty, grant, or quitclaim deeds. A forged deed, when executed and recorded, effectively transfers the property to the fraudster without the knowledge of the true homeowner.

Phantom Sale – A false title transfer of property to obtain funds by mortgage loan or sale of property to third parties.

Debt Elimination Claims – Fraudsters claim they can eliminate a borrower’s mortgage or other debt, including credit card balances, student loans, and auto loans. Schemes generally involve demands for payment by victims of an up-front fee. Victims lose money and may lose their property, damage their credit records, and be subject to legal action by creditors based on failure to make debt payments.

Foreclosure Assistance Offers – Fraudsters take advantage of homeowners in danger of defaulting on mortgage loans with false promises of saving their homes, for example, by transferring a deed or putting a property in the name of an investor. A fraudster can then sell the property and retain the proceeds, leaving the borrower’s home to go into foreclosure.

Home Equity Conversion Mortgage (HECM)/Reverse Mortgage Fraud – Fraudsters taking advantage of HECM reverse mortgages contact seniors through local churches; investment seminars; television, radio, billboard, and mailer advertisements; and by other means. Fraudsters obtain a HECM in the name of an older homeowner to convert existing home equity into cash. The fraudster will pay a small fee to the homeowner or simply keep the resulting cash outright.

Loan Modification Fraud – Fraudsters purport to assist homeowners who are delinquent in their mortgage payments and at risk of losing their home. The fraudster often offers to renegotiate loan terms with the lender. The scammers demand large fees up front and often negotiate unfavorable terms for the clients, if they negotiate at all. Homeowners often lose their homes.

Sovereign Citizen Fraud – Sovereign citizens schemes often promote the elimination of mortgage debt based on conspiracy theories about the validity of mortgages and disbelief in the U.S. financial system. Sovereign citizen fraud also appears in instances of quitclaim deed and foreclosure assistance fraud to unlawfully acquire or maintain ownership of homes.

Straw Buyer – Straw buyers are used to conceal fraudulent activities. A straw buyer falsely appears as the mortgage applicant and purchaser although they are acting on behalf of another person. A straw buyer with good credit may be used to obtain a loan for someone whose credit may be disqualifying or may be a participant in collusive mortgage fraud (e.g., flipping or other profit schemes).

Flipping – Flipping schemes involve obtaining a loan to purchase a property, having the property appraised soon afterward at an inflated value, then reselling the property and pocketing the proceeds from the inflated resale price.

Flopping – Flopping schemes involve purchases of distressed properties at below market prices, for example, through short sales. Fraudsters may collude to stage the home to appear in poor condition or may provide false appraisals in support of the low sale price. The property is then resold at a higher price with a new appraisal.

Occupancy – Occupancy fraud involves falsely stating the borrower’s intent to live in a property to obtain more favorable loan terms than a second or investment home. Occupancy fraud is also a common element of schemes in which the straw buyer has no true intent to occupy the underlying property.

Multifamily Property Fraud – Multifamily owners provide false information to financial institutions overstating the income of a multifamily property to induce financial institutions to issue loans for greater values than the financial institutions would have authorized had they been provided with truthful information. Owners of distressed multifamily real estate may commit fraud by manipulating the property’s appraised value using tools such as bogus leases to exaggerate the building’s profitability. By the time the resulting commercial loans are in default, the lender is often left with a dilapidated or difficult-to-rent property. Many of the methods of committing mortgage fraud single-family real estate transactions are also present in multifamily loan fraud.

Air Loans – An air loan is a loan made based on fictitious collateral. To make air loans, broker may invent fake borrowers and properties, establish accounts for payments, and maintain custodial accounts for escrows. They may establish fraudulent contacts for fictitious employers, appraisers, credit agencies, and others to deceive creditors who attempt to verify information on loan applications.

Appraisal – Appraisal fraud is committed when a property is fraudulently valued either above or below its true market value. Appraisal fraud may occur as a result of efforts to ensure that a property’s value appears consistent with an agreed purchase price, permitting the transaction to move forward, but fraudsters also commit appraisal fraud in order to profit from the difference in the fraudulent and true property values in a subsequent transaction.

Shotgunning – Shotgunning fraud aims to secure multiple loans on a single property from different financial institutions without each other’s knowledge. Possible at both the purchase or refinancing stages, the fraudster aims to receive the loan disbursements simultaneously, then abscond with the proceeds, leaving the lenders to allocate losses and determine who holds the collateral.

Real Estate Owned (REO) Fraud – REO fraud occurs after a property has entered the foreclosure process, and the financial institution which took the property as collateral must maintain, market, and sell the home to recoup losses from the unpaid mortgage. Fraudsters may take advantage of this stage through a variety of schemes such as fraudulent billing for fictitious maintenance charges, kickbacks arranged through non-arm’s length transactions, and laying the groundwork for flipping or flopping schemes.

Money Laundering is the criminal act of introducing proceeds of crime into the financial system in efforts to obscure its origin. A transaction involving proceeds of any type of fraud can be a predicate offense for money laundering. Fraudsters are known to use tools of fraud such as straw buyers and fictitious employment information to obtain mortgages through which funds may be laundered.

Technological advancements can create new pathways for cyber-enabled fraud. The information below can aid in identifying common cyber fraud schemes that can be used to commit mortgage fraud.

Business Email Compromise (BEC) – Fraudsters target email accounts of financial institutions or their customers, including commercial, non-profit, non-governmental, or governmental entities to either spoof a valid email address or use a valid, but compromised email address to direct victims to disclose sensitive data or execute fraudulent payments. Fraudsters employ various tactics such as password spray, phishing, malware, and social engineering to further these schemes.

Caller ID and Email Spoofing – Caller ID and email spoofing allows a fraudulent caller or sender to masquerade as someone else by falsifying either the number that appears on the victim’s caller ID display or an email sender that appears familiar and unsuspicious to the recipient. For example, fraudsters are known to spoof the identity of mortgage servicers in efforts to collect sensitive personal or financial information.

Credential Stuffing – Cyber attackers may use stolen credentials (e.g., usernames/email addresses and corresponding passwords), often resulting from a data breach and purchased from the dark web, to gain unauthorized access to an account that may use the same credentials. This attack is conducted assuming that users often reuse the same username and password combination across various websites. Fraudsters use the credentials across numerous pages, such as a mortgage servicer’s website, in attempt to gain unauthorized access to customer or corporate accounts. If successful, the fraudsters often steal personal or financial information or attempt to execute fraudulent payments.

Drive-by Downloads – Drive-by downloads are a common method of spreading malware. Cybercriminals look for insecure web sites and plant a malicious script into HTTP or PHP code on one of the pages. This script may install malware directly onto the computer of a victim who visits the site. Such attacks require no action on the part of the victim beyond simply visiting the compromised web site.

Email Account Compromise (EAC) – Fraudsters compromise victims’ email accounts, gaining access to legitimate mailboxes. EAC may lead to theft of valuable personal or financial data as well as fraudulent payments utilizing the stolen information. Fraudsters employ various tactics such as password spray, phishing, malware, and social engineering to further these schemes.

Fraudulent Websites – Fraudsters are known to create fictitious websites mimicking a legitimate website to trick the user into providing sensitive personal or financial information such as login credentials, bank, or mortgage information. Alternatively, fraudsters sometimes manipulate an existing and otherwise valid website for the same purposes. Fraudulent websites may also infect the victim’s computer with malware to continue the theft of information.

Malware – Shorthand for malicious software, malware is the collective name for several malicious software variants, including viruses, ransomware and spyware. Malware is code developed by cyber attackers to cause extensive damage to data and systems or to gain unauthorized access to a network. Malware is typically delivered in the form of a link or file over email and requires the user to click on the link or open the file to execute the malware.

Man-in-the-Middle – Man-in-the-middle attacks involve an attacker intercepting communication between two parties either to secretly eavesdrop or modify traffic traveling between the victims. Attackers commonly use man-in-the-middle attacks to steal login credentials, personal or financial information, spy, sabotage communications, or corrupt data.

Phishing – Posing as a legitimate institution, fraudsters contact a target via email, telephone, or text message to lure individuals into providing sensitive data such as financial data, personally identifiable information, passwords, or other data such as mortgage information.

SIM Swap Attack – Fraudsters deceive a mobile phone carrier into transferring a user's phone number to a fraudster's SIM card, allowing attacker to access a variety of information linked to a victim's mobile phone. SIM Swap is particularly dangerous if combined with misappropriated victim login credentials where the victim’s phone number is used to access sensitive data via dual factor authentication.

SQL Injection – A SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a web form input box to gain access to unauthorized resources or make changes to sensitive data. The SQL query requests that some malicious action is performed on the database and may expose intellectual property, the personal or financial information of customers, administrative credentials, or private business details.

Supply Chain Attack – Supply chain attacks target less secure elements of a victim’s software or hardware supply chain network, typically by tampering with the manufacturing process of a product by installing a rootkit or hardware-based spying components. Supply chain attacks may target login credentials, personal or financial information, private communications, or sensitive data.

Ransomware – Ransomware is malicious software used to infect a victim’s computer and deny access to key computer systems or data until a ransom is paid. Even if the ransom is paid, fraudsters may not restore access fully or may steal sensitive information for sale on the dark web or use in future cyber-attacks.

Remote Access Trojan – A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program and may result in theft and fraud.