Skip to Content

Knowledge Center

Why email is not considered a secure method for supplying mortgage documents 

If there is anything that most Americans have in abundance, it's email. Whether it's their personal inbox or their work-related account, emails practically never stop. In fact, the typical worker receives an average of 126 emails a single day, according to estimates from Radicati.

It's easy to understand why. Emails are simple, convenient, quick and can be sent from virtually anywhere, any time and by multiple means, be it personal computer, laptop or mobile device.  

Since mortgage providers aim to simplify the mortgage application process, supplying the required documentation via email would seem to make sense. While undoubtedly convenient, delivering the necessary materials for a home loan electronically may be inadvisable.  

The primary problem with this mortgage application method boils down to one thing: security. Think about what is included in your typical mortgage application. You name it, it's there, including your name and street address, Social Security number, bank accounts, available savings, where you work and the names and numbers of people who may be cosigning.  

While internet security software has improved dramatically in recent years as tech experts learn the duplicitous strategies of cybercriminals, identity theft remains an ongoing and far-reaching problem. According to the Identity Theft Resource Center, 1.6 billion private records have been exposed since 2005 in the U.S. alone and in 2019, breaches impacted 493 million people

Email is regularly abused and exploited 

Hackers seek to exploit any opportunity to steal data, be it through unsecured Wi-Fi networks, ransomware or denial-of-service attacks. But among the most common methods of all is by email.  

Email-based hacks are frequently designed to look like they're from someone you know or a reputable organization. In reality, the perpetrators are merely pretending to be someone they're not and seek to fool email recipients into clicking on a link that is embedded with malicious code. Just by clicking on the link can be the key the cyberattacker needs to access all your sensitive data or potentially steal documents you're sending as part of the mortgage application process.  

Another problem with emailing mortgage documents is the HTTP connection or Hypertext Transfer Protocol. This is the portal used to visit websites by entering the appropriate address. When there is an "S" written after the HTTP (HTTPS), it means that the connection is encrypted. Should there be an attachment with the email, there is no risk of it being intercepted.  

However, the same may not be true for the recipient. In other words, their HTTP connection may not be properly secured. That's because there is no knowing what type of network they're using. For example, if it's public Wi-Fi and it's unsecured, the attachment could be stolen or compromised. 

The risks associated with sending mortgage applications are better understood now, but that wasn't always the case. For instance, in 2014, 70% of mortgage lenders allowed loan applicants to submit their financial information through email, according to a study conducted by HALOCK Security Labs.  

The comprehensive nature of mortgage applications is yet another reason why emailing them is inadvisable. Here is a list of what information is typically included or asked for in a mortgage application: 

  • Copy of driver's license  

  • Social Security number(s) 

  • Paystubs from last two payment periods 

  • Current and prospective home addresses 

  • Retirement assets 

  • Bank account information 

  • Federal tax returns 

If even one piece of information was stolen, it could be potentially devastating, ruining years of hard work. But for all of these details to fall into the wrong hands can be crippling. 

What should you do instead? 

While submitting documents in person is a safe option, it isn’t always the most convenient, especially during these unprecedented times. Reach out to your lender to see what security measures they have in place so you know that your sensitive material won't fall into the wrong hands. For example, many lenders require those who are submitting documents electronically to set up an account with their own username and password. Sometimes, this method requires multifactor authentication, which adds an extra layer of security.  

Residential Mortgage Services has a secure mobile application, RMS Ready, that allows you to upload documents easily and securely from the comfort of your couch! Security should be your utmost concern, and at RMS, it's ours as well. Contact us today and learn how we prioritize your protection and convenience simultaneously.