The latest FBI reports show that criminals are getting better at stealing money through fake emails and scams:
· An increase from 20,000 incidents of wire fraud through Business Email Compromise (which includes all types of email phishing) for 3 billion in 2015 to 40,000 reported incidents for 5.3 billion in 2016.
The FBI also reports that international criminal organizations now employ linguists, attorneys, real estate professionals, programmers, IT specialists, social media experts and anyone else needed to perfect their frauds.
Fraudulent emails with good grammar and professional looking email signature graphics are now common. Non-email methods may include communicating via phone, text messaging, and chat programs or applications. Fraudulent texts from the criminals pretending to be the REALTOR® or other parties to the transaction are now used.
In a recent example, fake closer sent fake wire instructions to fake agent. Fake agent then sent a fake text to the homebuyer saying she had just received the wiring instructions from the title company and would be forwarding the wire instructions to the buyer shortly. Fake agent then forwarded the fake title company email to the homebuyer requesting down payment funds be sent (to the criminal’s bank account) before the day of closing. All of the fake emails and fake texts were well written and time stamped to seem like they were real.
Criminals are even calling the buyer pretending to be one or more of the parties to the transaction.
Preventing wire fraud
• The agent, title company and lender should talk to the buyer about how money is wire transferred – not just rely on written wire fraud warnings. The buyer must understand that they should never rely on emailed wire instructions without first calling a verified phone number.
• Cashier’s checks are a great option
• All users involved in the real estate transaction, including agents, should implement two-factor authentication, use long pass phrases as their password and should change their password often (and immediately change their password if they see evidence of phishing or fake emails involved in one of their transactions)
On a side note, criminals can even trick Alexa and Siri into stealing money for them. See: “Alexa and Siri Can Hear This Hidden Command. You Can’t. https://nyti.ms/2G2RrgW.”
From Reuters article on Friday:
“The FBI urged people to reboot their devices to temporarily disrupt the malware and help identify infected devices. People should also consider disabling remote-management settings, changing passwords and upgrading to the latest firmware.”
This applies to routers at work and at home.
MAY 25, 2018 / 10:54 AM / UPDATED 3 HOURS AGO
FBI warns Russians hacked hundreds of thousands of routers
Joseph Menn, Sarah N. Lynch
(Reuters) – The FBI warned on Friday that Russian computer hackers had compromised hundreds of thousands of home and office routers and could collect user information or shut down network traffic.
The U.S. law enforcement agency urged the owners of many brands of routers to turn them off and on again and download updates from the manufacturer to protect themselves.
The warning followed a court order Wednesday that allowed the FBI to seize a website that the hackers planned to use to give instructions to the routers. Though that cut off malicious communications, it still left the routers infected, and Friday’s warning was aimed at cleaning up those machines.
Infections were detected in more than 50 countries, though the primary target for further actions was probably Ukraine, the site of many recent infections and a longtime cyberwarfare battleground.
In obtaining the court order, the Justice Department said the hackers involved were in a group called Sofacy that answered to the Russian government.
Sofacy, also known as APT28 and Fancy Bear, has been blamed for many of the most dramatic Russian hacks, including that of the Democratic National Committee during the 2016 U.S. presidential campaign.
Earlier, Cisco Systems Inc said the hacking campaign targeted devices from Belkin International’s Linksys, MikroTik, Netgear Inc, TP-Link and QNAP.
An FBI official told Reuters that the kinds of devices known to be affected by the hack were purchased by users at electronic stores or online. However, the FBI was not ruling out the possibility that routers provided to customers by internet service companies could also be affected, the official added.
Cisco shared the technical details of its investigation with the U.S. and Ukrainian governments. Western experts say Russia has conducted a series of attacks against companies in Ukraine for more than a year amid armed hostilities between the two countries, causing hundreds of millions of dollars in damages and at least one electricity blackout.
The Kremlin on Thursday denied the Ukrainian government’s accusation that Russia was planning a cyber attack on Ukrainian state bodies and private companies ahead of the Champions League soccer final in Kiev on Saturday.
“The size and scope of the infrastructure by VPNFilter malware is significant,” the FBI said, adding that it is capable of rendering peoples’ routers “inoperable.” It said the malware is hard to detect, due to encryption and other tactics.
The FBI urged people to reboot their devices to temporarily disrupt the malware and help identify infected devices.
People should also consider disabling remote-management settings, changing passwords and upgrading to the latest firmware.
Reporting by Sarah N. Lynch in Washington and Joseph Menn in San Francisco; Editing by David Gregorio
Our Standards:The Thomson Reuters Trust Principles.
Wire fraud has become rampant in our industry. The FBI has estimated that there are over 4,000 hack attempts per day nationwide. According to the Financial Crimes Enforcement Network (FinCEN) there have been 22,000 cases of reported wire fraud involving losses of over $3.1 billion dollars since 2013.
The real estate industry has been targeted by fraudsters because our business moves at a quick pace with a lot of funds on a regular basis. The criminals continue to strengthen their efforts to abscond with buyer, seller and REALTOR money. Below are some tips for how we can help educate our buyers and sellers about how important it is to be cautious in their transactions.
The biggest key to prevention is education of your customers. As a REALTOR you should be laser focused on educating the buyers and sellers about the growing risks of wire fraud. At every opportunity take the time to explain that wire fraud has become prevalent and explain how we, the title company, will deliver wiring instructions. Buyers and Sellers should understand that if they receive a phone call, fax or email regarding wiring of funds, they must call a previously validated phone number to verify the funding information. Always caution the client about contacting the title company from an email signature. Criminals have become sophisticated at sending fraudulent communications pretending to be the REALTOR, the title company and the lender. criminals send emails with identical looking signature blocks of one of the parties to the transaction but replace with phone numbers the criminal will answer if someone calls. A good tip is to ask your clients to program our phone number into their cell phones when they go under contract. This way they are only calling us on a trusted phone number and not from any other resource.
Buyers should be forewarned by their REALTOR that no one in the transaction should send them wiring instructions other than the title company. Even when the title company sends wiring instructions it should be only upon request from the customer and the customer should never initiate a wire without personally calling the title company from a verified phone number to verify the wiring instruction data.
A REALTOR should never take on the responsibility of sending wiring instructions to their clients. After having the conversation with your client to educate them on the red flags of wire fraud it is highly advisable that you have a disclosure signed by them confirming your conversation that includes a reminder to never send funds without contacting the title company first at a trusted number to confirm the instructions.
On the seller side of the transaction, you should counsel the clients to bring a physical copy of their wiring instructions to closing. The sellers should not email their account information out. Instead they should bring the instructions to closing. All sellers should be counselled to not respond to email inquiries requesting their account number or wiring information.
Also, make sure that we have your buyer or seller’s phone number. When we receipt the contract we will call your buyer and seller to talk to them about the transaction. We will reiterate the warnings that you are giving them and we will help remind them how important it is to follow our instructions.
Before you go under contract create a log of all approved parties’ phone numbers to give to your buyer or seller. Providing the clients with a verified phone number to use at the beginning of the transaction is a must. Programming the title company number into their phone should help minimize the possibility of a fraudster sending them a different phone number to use via email.
Many REALTORS today have a portion of the commission wired. If you fall into that group make sure you are available by phone to verify the wiring instructions. Criminals are hacking emails and sending in fake wiring instructions for commissions too!
You should implement Two-Factor Authentication. All parties to the transaction, especially real estate agents, should be encouraged to enable Two-Factor Authentication on the email service they utilize, especially real estate agents using public domain email systems such as Yahoo and Gmail. This site lists systems that implement Two-Factor Authentication: https://twofactorauth.org/. After you have turned on your Two-Factor Authentication make sure to change your password one time to clear out any prior access.
All email involving nonpublic, private and confidential client information should be sent utilizing secure email systems. Here is an article from the National Association of REALTORS (NAR) regarding NAR Best Practices https://www.nar.realtor/articles/internet-security-best-practices.
REALTORS should implement industry standard IT security and cyber protections of their email and computer systems including but not limited to: 1) utilizing strong antivirus software, 2) installing security patches for all operating systems and software applications, 3) logging out or locking their computer when leaving their computer unattended, 4) avoid clicking on suspicious links on websites or within emails and 5) avoid using free WIFI or free charging stations. Free WIFI pretending to be legitimate businesses is often operated by criminals and allows them to access everything being transmitted over WIFI.
When fraud happens. If you suspect a fraud is underway or has happened, act immediately! Contact as many people in your management team as well as at the time company. The bank and FBI need to be contacted immediately among other steps that must be taken. The Cybersecurity unit of the Department of Justice has published the following guidelines for reporting cyber incidents: https://www.justice.gov/sites/default/files/opa/speeches/attachments/2015/04/29/criminal_division_guidance_on_best_practices_for_victim_response_and_reporting_cyber_incidents2.pdf
ALTA Wire Fraud Resources:
ALTA notice about phishing emails: https://www.alta.org/news/news.cfm?20170801-Phishing-for-Wire-Transfers
ALTA Wire Fraud Red Flags: https://www.alta.org/news/news.cfm?20170725-Red-Flags-to-Protect-Your-Company-Against-Wire-Fraud
ALTA Sample Wire Fraud Warnings: https://www.alta.org/news/news.cfm?20170725-Sample-Wire-Fraud-Warnings-You-Can-Use
FBI’s Public Service Announcement regarding Business Email Compromise: https://www.ic3.gov/media/2017/170504.aspx
Our executive team at Texas National Title is committed to helping our clients talk to customers about preventing wire fraud. David Tandy (CEO) and Latra Szal (COO/Counsel) have been teaching many classes on the topic to local REALTOR groups. If you would like to schedule a class or conference for your office to discuss further please let me know and we will get something scheduled.
To receive more posts like this from Tandy on Real Estate updates direct to your inbox, please subscribe.
Today safety is something we all think about and often worry about. We have alarm systems for our cars, homes, video surveillance, video doorbells and many other safety features to keep our family and our homes safe. For REALTORS® safety is a part of their daily job and a growing concern. Their own personal safety, as well as the safety of their clients and the homes that they have been entrusted to market and sell. REALTORS meet new people every day. They interact with unknown agents, show homes to people they may have never met before, and staff Open Houses and events for the general public. And, this all to help you market your home. Due to this high exposure, REALTORS must take precaution and approach safety first. Check out this video by the National Association of REALTORS® on personal safety protocols and what to expect when working with a REALTOR. This video is a great resource to share with clients and homebuyers to learn about the potential safety protocols you may encounter when working with a REALTOR®.
For more information on safety, visit REALTOR Safety provided by the National Association of REALTORS.
To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.
As promised, I will be outlining the National Association of REALTORS® Best Practices from their NAR Data Security and Privacy Toolkit. The National Association of REALTORS Legal Affairs Department outline the following Best Practices on Email.
Unsecure email accounts are open doors to cyber criminals. Follow these guidelines to help keep that door securely shut and locked tight.
· Whenever possible, avoid sending sensitive information via email.
· If you must send sensitive information via email, make sure to use encrypted email.
· Never trust contact information in unverified emails.
· If an email looks even slightly suspicious, do not click on any links in it, and do not reply to it.
· Clean out your email account regularly. You can always store important emails on your hard drive.
· Do not use free wi-fi to transact business.
· Avoid using free email accounts for business.
· Use strong passwords.
· Change your password regularly.
These are quick and easy reminders of good email practices. I cannot emphasize enough the importance of secure email. We are in a very transaction heavy business full of NPPI (non-public personal information), and the information that we share should abide by privacy laws including Gramm-Leach-Bliley Act, should not include NPPI, and must be transmitted via secure, encrypted email. Here is a guide from the Federal Trade Commission on how to comply with the Privacy of Consumer Financial Information Rule. And, as a bonus, here is a webcast offered by the American Land Title Association on Best Practices: Protecting Non-public, Personal Information.
To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.
Last week I covered two cybersecurity topics Protecting your business and Protecting your cell phone. Today, I wanted to give you a quick tip on how to create strong passwords to help protect your accounts. Strong passwords help to prevent unauthorized users from using your computer, systems and applications. Check out the list of the worst passwords according to Forbes. Hopefully your passwords do not make the list. If they do, the tips below will help you to create a stronger password.
While not fool proof, creating a stronger passwords can help to reduce the chances of becoming a victim of a hacker according to a hacker himself in Advice from a Real Hacker.
Remember your strong passwords are only as good as where you store them, so make sure to keep your passwords secure. And, do not leave them by your computer. If you have a hard time remembering all of your passwords, you can always use a trusted password manager. Check out Consumer Reports for more info on password managers, and see PC Magazine for the Best Password Managers of 2017.
Another way to protect yourself is to set-up two-factor authentication.
I hope you find this helpful. To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.
Where would we be without our smart phones today? You can basically conduct your business via your cell phone. It is amazingly convenient, easy to access and backup, and a powerful efficiency tool. But, it is also not without its security issues.
Today cell phone usage blurs the lines between our personal and business lives. From our contacts, online banking, social media accounts, fitness apps, games to our emails and business applications, our phones house access to our life’s operating system. And, with this they store a mass of sensitive information. The National Association of REALTORS says that, “more sensitive data about you and your work (passwords, credit card numbers, contacts, messages, e-mail) is accessible from your mobile device than any other piece of technology you have. Inman News says that REALTORS are walking around with a bulls eye on their back for hackers.
Here are 6 tips to protect your smart phone from The National Association of REALTORS:
And, as a business owner RISMedia advises that you should also have the ability to remote track and wipe smart phones to protect your business.
I hope this is helpful to safeguard your smart phones. To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.
REALTORS beware – you are the perfect target for cybercrime
According to The National Association of REALTORS (NAR), “big-name breaches make good headlines, but smaller businesses make easy targets for online criminals. This is partly because many small-business owners believe they are “below the radar” for cybercrime and thus fail to implement safety measures to protect themselves from attack.” There are more than 12 cybercrimes per second. Per NAR, “by 2019, cybercrime will cost businesses an estimated $2 trillion annually.” This post is to help you and your clients to avoid being the next victim.
The dangers of the World Wide Web and specifically, wire fraud
This sounds like a scary headline from 2000 when businesses first started going online. But, now in 2017, the dangers are oh so real. At the REALTORS® Legislative Meetings & Trade Expo in Washington, D.C. in May NAR General Counsel Katie Johnson identified wire fraud as a “sophisticated scam causing consumers to lose millions of dollars each year.” This according to “The Threat of Wire Fraud is Real” by Erica Christoffer and Graham Wood of REALTOR Magazine. When she asked the audience of real estate professionals if they knew of someone who had been a victim of wire fraud, 1/3 of the audience raised their hand. She then detailed the following:
“Hackers are gaining access to e-mail accounts through captured passwords, and they’ll search inboxes for messages related to real estate transactions, Johnson said. Once they find a victim who’s in the process of buying a home, they’ll send a spoof e-mail that looks like it’s from their agent, title representative, or attorney, and it will say there are “new” wiring instructions, which includes a fraudulent account. The home buyer will then unwittingly wire funds directly into the hacker’s account. Once they send it, the money is gone. Millions of dollars are lost on this.”
MortgageFraudBlog.com gives point in case to Johnson’s scam where fraudulent emails were used to conduct wire fraud and bank fraud from escrow deposits in June 2016 involving three companies and hurting 6 victims with the scam.
How to protect your business
Here are some tips to make sure you take the proper precautions online.
The dangers of free wi-fi
According to KnowBe4, “you should always watch what Wi-Fi hotspots you connect to, and use a VPN to help keep your sensitive information out of the hands of hackers.” If you connect to free wi-fi that is unprotected, the provider could have access to what you transmit over their network. For example, at the Republican National Convention, attendees were hacked by a fake wi-fi network. Here’s what happened per Stu Sjouwerman,
“The PR people at Avast decided to have some fun and created a series of fake Wi-Fi networks at various locations around the Republican National Congress in Cleveland. Avast’s team set up several networks, using names such as “Trump free Wifi” or “Google Starbucks,” which were designed to look as though they were set up for convention attendees. Upon connecting, trusting a random and unprotected network they found in a public setting, the users unwittingly gave Avast access to spy on their devices. Over the course of a day, Avast found over a thousand attendees that were completely negligent in their device’s security. Over 60 percent of the users who connected had their identity completely exposed, and slightly less than half of them checked their email or used messenger apps.”
This is scary business, literally. Lesson learned – Remember to always use a secure network with a username and password, and use a VPN when conducting business. Say to yourself now, “No more free wi-fi – it is NOT worth the risk.”
I hope this is helpful as you work to strengthen your cybersecurity practices. I urge you to download Protecting Your Business and Your Clients from Cyberfraud from The National Association of REALTORS to make sure you have your cybersecurity bases covered. This includes Best Business Practices, Best Email Practices, Best Transaction Practices and Best Damage Control Practices. I will cover these Best Practices in future blog posts, so stay tuned.
To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.
A new year is full of potential – the promise of what is to come. People make resolutions and promises to themselves on what they want to accomplish or how they will improve in the year to come. Curiosity has gotten me when it comes to the resolutions people make, especially as we enter into the post-New Year’s Day weeks where these promises to ourselves begin to become less of a priority.
According to Inc.com the Top 10 New Year’s Resolutions are:
Not too far off from what I was thinking: be healthier, kick an old habit, save money, advance your career… I don’t think there are any huge surprises on the list. Today I want to focus on one in particular – finding another job. If your resolution happens to be in line with #8, one of advancing your career or finding a new job then, this will come as good news to you. According to NerdWallet, Austin is the best city for job seekers.
Here are the Top 10 lists of cities for job seekers:
The report analyzed federal data for the 100 largest cities to see where there is the most potential coupled with affordability. Data included the U.S. Bureau of Labor Statistics, the increase in the working-age population from 2010-2015 with U.S. Census Bureau data, as well as census data for median earning and monthly rent in each city to factor in the cost of living.
Laura McMullen & Sreekar Jasthi at Nerd Wallet summarize the Top 10 list by saying job seekers should follow the young people, find fast growing hubs (like technology or healthcare), and head to the state capitals. And wherever you are, volunteer to grow your professional and friend network. They say to surround yourself by people who know and like you and want to help you. I could not agree with this more.
Two Texas cities made the list. Austin at #1 and Irving at #9. Austinites understand this, but for those looking to change up your career or job here is a breakdown for you on why Austin and the Dallas area could help you fulfill your new year’s resolution.
Unemployment in Austin was 3.2% in October 2016 and 3.6% in Irving. Texas unemployment held steady in December at 4.6% overall. And, according to Sterling’s Best Places, “the unemployment rate in Irving, Texas, is 3.60%, with job growth of 3.09%. Future job growth over the next ten years is predicted to be 42.59%.”
High quality jobs in technology
Bureau of Labor Statistics’ 2014-2024 employment projection says that technology is one of the fastest growing in terms of output. Austin is no stranger to technology, being the home of two major technology companies, Dell and IBM, with many other companies following suit, like Apple. Forbes argues that Austin is the most attractive tech hub attributing the draw to the “young, educated population, large VC presence and burgeoning restaurant and music scene”. Companies see the potential of Austin’s labor pool and are taking advantage of this to grow their tech advantages.
According to Christopher Calnan at the Austin Business Journal, “Texas ranks No. 2 in the nation for number of tech jobs, 585,614, second only to California. And, tech companies accounted for 6 percent of the Lone Star State’s private sector jobs, the report by Computing Technology Industry Association found.”
So, the jobs are here, and per CIO.com Austin salaries are 106% of the national average. Not too bad. For a detailed look at wages, here is snapshot of tech salaries by industry from the Austin American Statesman. In addition, the Salary Increase Forecast for U.S. Jobs projects a 3.3% increase in tech salaries from the 87K median salary as reported by the Economic Research Institute.
This is exciting news for our city.
Job growth in healthcare
On the healthcare side Will Anderson with the Austin Business Journal says that, “in the health care sector, the opening over the summer of the Dell Medical School is expected to accelerate the development of a business ecosystem that combines the city’s existing care centers with entrepreneurial startups and innovators in medicine.”
Irving attributes much of its growth to technology. According to the Irving Chamber of Commerce, “Irving was recently ranked number three for tech startups per capita in the United States by American Express through research conducted by SizeUp.com. In addition, the City of Irving is the first city in Texas and the second in the nation to earn the Malcom Baldrige Quality Award.”
The Irving Chamber of Commerce also notes that “five of Irving’s approximately 50 Fortune 500 companies have chosen Irving for their global headquarters: Celanese, Commercial Metals, ExxonMobil, Fluor and Kimberly-Clark. Irving is home to more of the DFW Metroplex’s largest private and public companies than any other city except Dallas, including Citi, Microsoft, Verizon, NEC Corporation, Allstate Insurance Company, Time Warner Cable, RIM (BlackBerry), Aviall, Michaels Stores, Pioneer Natural Resources, CEC Entertainment and TXU Energy.” These companies choosing Irving, TX as their home base no doubt makes it a hot bed for career opportunities for job seekers.
So, how about it, are you ready to make the move to one of our great Texas cities? The opportunity is definitely here.
And, of course, I would love to help you with Resolution #7. If you are trying to read more, please subscribe to my updates.