Sunday, October 6, 2024

First American Financial warns clients to watch out for fake emails

Must read

The verdict is in — the old way of doing business is over. Join us at Inman Connect New York Jan. 23-25, when together we’ll conquer today’s market challenges and prepare for tomorrow’s opportunities. Defy the market and bet big on your future.

Two days after being hit by a cyberattack, title insurance giant First American Financial said Friday it’s still trying to restore operations, warning clients that it’s taken its email system offline and to be wary of any messages that are supposedly from the company.

“First American’s email system has been taken offline,” the company announced Friday afternoon. “Any recipient of an email purporting to be from First American, First American Title or from FirstAm.com should be vigilant about cybersecurity risks and avoid clicking on unknown or suspect links.”

The notice was posted at 1:10 p.m. Eastern time Friday on a temporary website, FirstAmUpdate.com, that First American launched this week to keep clients informed about the company’s response to a cyberattack that has disrupted the company’s operations.

In a separate notice to investors, First American said it’s “working diligently” to restore systems it took offline Wednesday and to resume normal operations as soon as possible, “but cannot estimate the duration or extent of the disruption at this time. The company has retained leading experts, is working with law enforcement and notified certain regulatory authorities.”

The nation’s second-biggest title insurer, First American also provides settlement services, data products, valuation services, mortgage subservicing, and banking and wealth management services.

It’s the latest victim in a wave of cybersecurity attacks that have disrupted computer networks at more than 1,000 businesses and government entities.

The nation’s largest title insurer, Fidelity National Financial (FNF), says it contained a security breach on Nov. 26, but has not commented on reports that the company was the target of a ransomware attack exploiting a software vulnerability in Netscaler, Citrix Bleed.

Loan servicing giant Mr. Cooper shut down its systems for four days at the beginning of November after uncovering a security breach that the company said this week may have compromised the personal information of nearly 15 million past and present customers.

Federal law enforcement officials said in an announcement this week that a ransomware group known as Blackcat, ALPHV or Noberus, has infiltrated the computer networks of more than 1,000 victims, “including networks that support U.S. critical infrastructure.”

Some victims have used a decryption tool developed by the FBI to avoid paying ransom demands totaling approximately $68 million, the U.S. Department of Justice Department said.

Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.

Email Matt Carter

More articles

Latest article