October is Cybersecurity Awareness Month, making it the perfect time to talk about something that affects every homebuyer: protecting your personal information during one of the biggest financial transactions of your life.
When you apply for a mortgage, you’re sharing some of your most sensitive data, including your Social Security number and financial data. While this information is necessary to secure your home loan, it also makes you a target for cybercriminals. In fact, 1 in 20 consumers become victims of mortgage-related fraud, and first-time homebuyers are the most at risk.
Fortunately, you can protect yourself against wire fraud. By following some straightforward cybersecurity practices—and working with a lender like APM that is committed to protecting your data—you can minimize risk and focus on finding your dream home.
Why Homebuyers Are Targets for Cybercriminals
During the mortgage process, you’re dealing with life-changing amounts of money, often under tight deadlines. The emotional excitement and stress of buying a home can cloud judgment.
Plus, multiple parties are involved, including real estate agents, loan officers, title companies, and inspectors, giving criminals more opportunities. Here are some of the most common mortgage-related scams.
Wire fraud: The biggest threat
Here’s how it typically happens: You’re days away from closing on your new home. You receive an email that appears to be from your title company or loan officer with last-minute changes to the wiring instructions for your down payment and closing costs.
The email looks legitimate! It has the right logo, a similar email format, and mentions specific details about your transaction. You wire $50,000 as instructed. By the time you discover that the email was fake, your money is gone.
Wire fraud is the most financially devastating scam targeting homebuyers because it exploits the time-sensitive nature of real estate transactions and the large sums of money involved.
Phishing emails
Scammers impersonate loan officers, real estate agents, or title companies to steal your log-in credentials or personal information. These emails often create a sense of urgency by saying things like: “Your loan will be delayed unless you verify this information immediately.” They are designed to pressure you into acting without thinking.
Fake mortgage websites
Criminals create websites that look nearly identical to legitimate lender portals. When you enter your username and password, they capture your credentials and use them to access your real account.
Your Cybersecurity Checklist to Protect Yourself
You’re not navigating this alone. While APM handles security on our end, here are some straightforward ways you can protect yourself throughout the process.
The Golden Rule: NEVER wire money based on email instructions alone
This single practice could save you tens of thousands of dollars. Before wiring any money for your earnest money deposit, down payment, or closing costs, always call your title rep and closing agent directly using a phone number you’ve independently verified—NOT one provided in the email. Verbally confirm all wiring instructions, including the recipient name, bank name, account number, and routing number.
If you receive any changes to previously provided wiring instructions, make sure to call and verify. Legitimate last-minute changes are rare. When they do occur, verification becomes even more critical. Never use Reply to verify instructions, as the email could be compromised. Instead, call using contact information from earlier, verified communications, or the company’s official website.
Trust your instincts. If something feels off about the communication, such as odd phrasing, unusual urgency, or slight differences in email addresses, pause and verify before proceeding.
Spot phishing and scam communications
Learn to recognize the red flags in suspicious emails. Look for email addresses that are almost right but slightly off, such as [email protected] instead of [email protected]. Watch for urgent language designed to make you act quickly without thinking, like “Immediate action required” or “Your loan will be canceled.” Poor grammar, spelling errors, and generic greetings like “Dear Customer” instead of your name are also warning signs.
Be wary of requests for sensitive information via email. Legitimate lenders have secure portals for this purpose. Unexpected attachments, especially those with extensions such as .zip, .exe, or .scr, should raise immediate concerns.
To verify sender authenticity, hover over links before clicking to see the actual URL destination. Check the sender’s email address carefully, paying attention to the domain after the @ symbol. When in doubt, don’t click anything in the email. Instead, go directly to your lender’s website by typing the URL into your browser, or call your loan officer using a verified phone number.
If you receive any communication that seems suspicious, contact your APM Loan Advisor immediately using a number from your original loan documents or APM’s official website.
Protect your passwords and accounts
Use strong, unique passwords for each of your financial accounts. A strong password consists of at least 12 characters, including a mix of uppercase and lowercase letters, numbers, and symbols. Never reuse passwords across different sites. If one account is compromised, criminals will try those credentials everywhere.
Consider using a password manager to generate and securely store complex passwords. These tools make it easy to maintain unique passwords for every account without trying to remember them all.
Enable multifactor authentication (MFA) whenever possible. MFA adds an extra layer of security by requiring a second form of verification beyond your password, such as a code sent to your phone or generated by an authenticator app. Even if someone steals your password, they can’t access your account without the second factor.
Prioritize MFA for your email accounts (as these are often used to reset other passwords), your bank and financial accounts, and your lender’s secure portal for document sharing.
Share documents securely
Never send sensitive documents through regular email. Standard email is not encrypted and can be intercepted. Always use your lender’s designated secure portal for uploading documents like tax returns, pay stubs, and bank statements.
Before logging into any portal, verify that you’re on the legitimate website. Verify that the URL starts with “https://” (the “s” indicates a secure connection) and check for a padlock icon in your browser’s address bar. Be certain the web address is spelled correctly, since scammers often register domains with slight misspellings.
When accessing your APM account, bookmark the official log-in page after your first verified visit. This helps ensure that you’re always going to the right site. If you’re ever unsure whether a document request or portal link is legitimate, call your APM Loan Advisor directly to confirm.
Use secure networks
Public Wi-Fi networks at coffee shops, airports, hotels, or libraries are not secure. Anyone on the same network could potentially intercept the data you’re sending and receiving. Never access your financial accounts, upload mortgage documents, or discuss loan details when connected to public Wi-Fi.
For mortgage-related activities, use your secure home network or your mobile phone’s cellular data connection. If you must work on mortgage matters while traveling or away from home, use a virtual private network (VPN) to encrypt your internet connection, even on public networks.
Monitor your accounts
During the mortgage process, make it a habit to review your bank and credit card statements at least once a week. Look for any unauthorized transactions, no matter how small. Criminals sometimes test stolen credentials with tiny purchases before making larger ones.
Set up account alerts through your bank and credit card companies. Most institutions allow you to receive text or email notifications for transactions over a certain amount, international purchases, or any online transactions. These real-time alerts can help you catch fraud quickly.
Consider pulling your free annual credit report from each of the three major credit bureaus (Equifax, Experian, and TransUnion) at AnnualCreditReport.com. Review these reports for accounts you didn’t open or inquiries you didn’t authorize. Some people stagger their reports, checking one bureau every four months to maintain year-round monitoring.
If you notice anything suspicious, report it to your financial institution immediately and inform your loan officer, as fraud or identity theft can affect your mortgage approval.
How to Verify That You’re Really Talking to APM
You should never feel uncertain about whether you’re communicating with our Loan Advisors at APM. Here’s exactly how to verify it’s really us.
Official contact methods
Your APM Loan Advisor will provide you with their direct phone number and email address early in the process. You can verify this information through our branch and originator directory on our website, which can be found here. Save this contact information separately and use it to verify any unexpected communications.
APM’s official website is apmortgage.com. Be wary of any domains that vary from this, even by a single letter.
What APM will and won’t do
APM will never ask you to:
- Send sensitive information like your Social Security number or bank account passwords through regular email.
- Send immediate payment via wire transfer without prior discussion and proper documentation.
- Follow an unsolicited link to log in or verify your account information.
Legitimate communications from APM will reference specific details about your loan application and come from verified email addresses with the @apmortgage.com domain or the domain of one of our DBA branches.
Red flags that it’s not APM
Be suspicious if you receive generic greetings without your name, urgent demands for immediate action or payment, requests to send money to a new or different account without prior discussion, emails with misspellings in the company name or domain, or links to websites that aren’t apmortgage.com.
If you receive any communication from “APM” that raises concerns, don’t respond to the message. Instead, contact your Loan Advisor directly using the phone number or email address from your original loan documents.
How APM Protects Your Data
At American Pacific Mortgage, protecting your personal and financial information isn’t just a policy; it’s a core value that reflects our commitment to creating experiences that matter. We’ve implemented multiple layers of security to safeguard your data throughout the mortgage process.
Secure portals and encryption
APM uses encrypted secure portals for all document uploads and sensitive communications. Encryption scrambles your data so that even if it were intercepted, it would be unreadable to unauthorized parties. When you upload your tax returns, bank statements, or other personal documents, they’re transmitted and stored using bank-level security protocols.
Employee training and protocols
Every APM team member has training on data security, fraud prevention, and cybersecurity best practices. Our staff knows how to recognize potential security threats and has clear protocols for handling your sensitive information. We verify identities, use secure communication channels, and never request sensitive information through unsecured methods.
Industry compliance
APM adheres to all industry regulations and standards for data protection, including compliance with federal privacy laws and mortgage industry security requirements. We regularly review and update our security practices to address emerging threats and maintain the highest standards of data protection.
What To Do if Something Goes Wrong
If you suspect you’ve been targeted or victimized, quick action is essential.
Immediate steps
Contact your APM Loan Advisor immediately if you notice any suspicious communications, think you may have responded to a phishing email, suspect that your account has been compromised, or have wired money based on potentially fraudulent instructions.
Time is critical, especially in wire fraud cases. The faster you report the issue, the better the chances of recovering funds or preventing further damage.
Additional actions
If you believe your identity has been compromised, place fraud alerts with all three major credit bureaus (Equifax, Experian, and TransUnion). These alerts make it harder for criminals to open new accounts in your name. Report the incident to your local police department as well.
If you wired money to fraudulent accounts, immediately contact your bank to attempt a wire recall. Fraudsters move money quickly, but immediate action gives you the only potential chance of recovery.
Don’t panic, but do act
Discovering that you’ve been targeted by fraud is stressful, especially during the already emotional process of buying a home. Remember that you’re not alone, and resources are available to help. Your APM team will work with you to address the situation and ensure that your loan process can continue securely.
Protecting Your Path to Homeownership
Buying a home is one of life’s most significant milestones. It should be exciting, not anxiety-inducing. While cybersecurity threats are real, you now have the knowledge and tools to protect yourself. By following these best practices and working with a lender committed to your security, you can focus on finding the perfect home for you and your family.
At American Pacific Mortgage, we combine the personal service of over 300 locations nationwide with robust security measures and an employee-ownership culture that prioritizes your interests. When we say we’re creating experiences that matter, that includes creating secure, protected experiences at every step of your homeownership journey.
Ready to start your homebuying journey with a lender you can trust? Connect with an APM Loan Advisor or apply securely online today and experience the difference that expert guidance, personal service, and unwavering commitment to your security can make.