Wells Fargo Scam Alert

A very professional e-mail with links to what appears to be the Wells Fargo online banking Web site is being reported by employees. The e-mails are not legitimate and are actually phishing or spoofing e-mails that create a "screen" over the bank's official Web site to filter your personal information to the fraudsters.

Some of the Company's employees are receiving e-mails from "Wells Fargo" asking them to follow a link and verify personal information. The message appears to be official and implies the recipient's account has already been compromised and the bank needs more information to protect the employees from further fraudulent activity. Be on the lookout for a message with the following information:

Dear Card Member,

Continuous monitoring is an integral part of Wells Fargo's multiple layers of security. In addition to other fraud monitoring tools, we can often spot fraud based upon transactions on the card that are outside of cardholder's typical purchasing pattern. This allows us to spot fraudulent activity as quickly as possible and acts as an early-warning system to identify fraudulent activity.

During a recent checkout we detected suspicious activity and your account may have been compromised. Fraudulent activity made it necessary to limit your account for online services. Conform to our security requirements and in order to continue online services, we must validate your identity. Please use our link below to proceed.

http://217.3418243/us/secure.wellsfargo.com/login.jsp

If the link in your e-mail message does not work, please copy and paste it into your browser.

Thank you for using Wells Fargo Online Account Services.

Wells Fargo Services
Online Account Services customer hotline at 1.800.642.4720

One of our employees has reported receiving the above e-mail. She opened it, clicked the link and logged into her bank accounts. The Web site asked her to input a significant amount of personal information for "verification" purposes. This allowed the fraudsters to get her login information (Social Security number and password) to Wells Fargo online banking.

The next day, she received an online notification from the real Wells Fargo bank that her account balance had changed. She checked the account, only to find an online bill pay to a Bank of America account of $9,500! The fraudsters were very sophisticated, turning off the online bill-pay notification on her profile, so she wouldn't receive an immediate notification of the outgoing funds.

The employee acted swiftly in contacting both Wells Fargo and Bank of America to retrieve the money. Bank of America froze the receiving account, so the fraudsters couldn't obtain the cash. Wells Fargo reimbursed her account within a week. However, her husband's and her identity was still compromised, because the fraudsters have their names, home address, zip code, account numbers, passwords and her Social Security number.

Here are some of the steps they have taken to minimize future fraudulent activity:

• Filed a claim with the bank and with local law enforcement.
• Closed the accounts and opened new accounts at a different financial institution.
• Changed their Post Office Box and opened a new Post Office Box in a different zip code, because typically all you need to verify on a credit card is the zip code. (Thank goodness the address they use is a P.O. Box.)
• They already had a triple alert account with Experian® and reported the theft to all three credit bureaus. Experian placed a seven-year credit alert on their account.
• Cancelled all debit and credit cards.
• Spent numerous hours on the phone and drafting letters to creditors, insurance companies and mortgage companies authorized to auto-debit their old accounts.
• Shared their story through Fraud Insights to help protect others from falling prey to this scam.

What is phishing and how can you protect yourself? Fraudsters "phish" by sending out e-mail messages that purport to come from legitimate businesses featuring corporate logos and familiar formats the recipient might already have accounts with. These messages ask for verification of personal data; account numbers, passwords, mailing address and even Social Security numbers. These e-mails look so official that some recipients might respond to them, resulting in financial losses, identity theft and other fraudulent activity against them.

Following are a few common phrases included in a phishing scam:

• Verify your account
• If you don't respond within 48 hours, your account will be closed
• Dear Valued Customer
• Click the link below to gain access to your account

These e-mails are rarely personalized because they are a phishing expedition and the fraudsters don't even know who or what they might be able to "catch." Most companies do not solicit your passwords, login names, Social Security numbers or other personal information through e-mail. Impersonal e-mails alone should raise suspicions. Often there is sense of urgency to encourage you to respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised.

The links included in these e-mails might contain all or part of a real company's name and are usually "masked," meaning the link you see does not take you to the intended address, but somewhere different, usually a phony Web site that captures personal information for fraudulent use.

Do not fall victim to these types of scams. Be aware of the signs and if you are unsure, call to verify. Do not use the phone number listed on the e-mail. Use a number you already have on file. These scams can be costly and time consuming to correct and can compromise your personal information for an extended period of time. Be alert, be aware and be smart!

Oh, Brother!

An attorney notarized a "pre-signed" deed where one brother forged another brother's signature. One of our employees caught the forger and the shameless attorney red-handed.

Sharon Ramoino, an employee of LaSalle County Title Company (a Chicago Title Company wholly-owned subsidiary) in Ottawa, Illinois, showed diligence in taking note of suspicious activity and making use of Company resources to uncover a forgery between two brothers.

She received a signed and notarized warranty deed and mortgage to be recorded with instructions to issue an owner's policy of title insurance in the amount of $96,000 and a lender's policy in the amount of $80,000.

Upon reviewing the documents, she noticed that the signatures of the grantors (two brothers) looked very similar in penmanship and ink color. However, the signatures were notarized by an attorney and she thought it must have been validly acknowledged if an attorney notarized it. She decided to research a little further and discovered that one of the brothers, David, lived out of state. She did not want to proceed without looking further at prior documents in the chain of title with signatures by each grantor/brother to compare.

Sharon found an affidavit containing the signature of one brother, Paul. One of the grantor's/brother's signature matched the penmanship of the signatures on the deed form. She was even more convinced something was not right, so she asked her title examiners what they thought about the signatures. After viewing the documents, they both agreed the signatures looked very similar in style and it appeared that Paul might have executed both signatures. They suggested Sharon contact the attorney who notarized the signatures.

Sharon knew normally there would be a Power Of Attorney (POA) to record when one person was signing for another person, but in this case, even if there was a POA to record, the deed still was not executed with the proper verbiage. She needed to ascertain the intent. She called the notarizing attorney and left a message with his secretary asking if we were missing a POA for recording, because it appeared Paul had executed both documents.

The next day Sharon hadn't received a call back from the attorney so she explained the situation to her direct manager and he also agreed both signatures appeared to have been executed by Paul. She again called and was able to speak to the attorney. This time she asked the attorney if there was a missing POA to record, because it appeared Paul had signed for both grantors/brothers. The attorney admitted he had not witnessed the out-of-state brother signing the deed, he had given the warranty deed to Paul to have his brother sign and he assumed Paul had done so. This was another red flag to Sharon as both brothers must personally appear in front of the notary. The attorney went on to say if Sharon needed a POA he could get one, but it would take awhile.

Sharon also found out from further conversation with the attorney – who is also an agent for Attorney Title Guaranty – this was the third time the brothers had tried to close the transaction with three different title insurance companies. Sharon knew this sounded suspicious and told the attorney she would check with her manager and get back with him on how to proceed to close this transaction.

Sharon and her manager contacted a Chicago Title underwriter and he stated the Company would need a new deed executed at one of the Chicago Title offices or a subsidiary in order for the Company to issue the title insurance policies.

Sharon contacted the buyer's new lender and explained the circumstances to them. She told their representative she was unable to record the mortgage at this time and policies could not be issued until the matter was resolved. They were grateful Sharon called and told her they would contact their attorney.

The deal eventually closed. The brother, David, signed a new deed at a branch office in Indiana. The buyer's lender was patient throughout the whole process, which took a month to complete. For her diligent efforts in obtaining a deed executed by the actual grantors, Sharon has been rewarded $1,000 along with a letter of recognition from the Company.

Moral of the Story
Due to Sharon's sleuthing abilities, she saved our Company from a potential loss. Shame on the attorney who notarized the deed in the first place – he is putting his reputation and license at risk by not having both parties appear before him to properly notarize the document or having an executed POA.

The Company has excellent resources available to employees for increasing awareness and preventing fraud and forgery. Following are just a few:

• E-mail your suspicions to settlement@fnf.com. This will put employees in contact with the National Escrow Administration team for advice.
• Attend a Fantastic Escrow Training Seminar in your area to learn about Managing Risk in a Changing Market. The list of available seminars can be found at www.vencio.com/fnf/SeminarRegistration/schedule.aspx.
• Attend a live Web cast event from your own workstation to learn more about Amazing Scams, Embezzlements, Fraudulent Checks and More! You can register for a Web cast event at: www.vencio.com/fnf/seminarregistration/schedule_webcast.aspx.
• Avoid the risk of forgery by using BancServ for outside signings. BancServ is a Company-owned signing service available at a moment's notice. Find it online at www.bancserv.net or call 800.721.5558.
• Request a 2008 ID checking guide from National Escrow Administration by e-mailing your request to settlement@fnf.com.
• Go to www.fraudfighter.com and order a UV ID checking machine. This machine is not only good for checking driver's licenses, but also for cashier's checks and currency.

Remember it's always better to be safe than sorry. Sorry can cost our Company thousands of dollars.

Property Insight – Where Quality Counts

A quality control clerk identified a foreclosure rescue scam during the title production process. The scam was being run by a company called Community Home Saver, which preyed on homeowners facing foreclosure in northern California.

Vikki Madrid, a quality control clerk who works for FNF's offshore title search initiative with our wholly-owned title provider Property Insight, is tasked with the responsibility of assuring the quality of title reports coming back to the U.S. from the offshore production team prior to distribution to the field operations and customers.

Vikki reviewed a preliminary report on a refinance opened in April 2008 by Fidelity National Title in Santa Clara County. The source of business was a mortgage broker by the name of Verena Silva with Community Home Saver.

Vikki came across this order while reviewing it for accuracy before the preliminary report was distributed to the title plant, the escrow officer and the client. She immediately brought the file to her manager because she was concerned about two deeds granting a fractional interest to what looked like several companies that were not entities capable of holding title. She also noticed the first deed of trust was in default, raising concerns of some sort of scam.

Vikki and her manager contacted the Santa Clara Title Operation to inform them of her suspicions and asked for permission to not distribute the preliminary to the clients, but rather forward the preliminary report and supporting documents to their Chief Title Officer (CTO) for further review. After the CTO reviewed the title work, he contacted the quality assurance team to let them know the owner of Community Home Saver had been arrested for running a foreclosure-rescue scam. The escrow officer was able to cancel the transaction before the preliminary report was distributed.

Vikki's detection of the foreclosure-rescue scam is proof positive of the need for superior employees that are concerned about the quality of the title products sent to the field. For her detection, Vicki received a $1,000 reward along with a letter of recognition and gratitude from the Company.