Tandy On Real Estate

Tag

Cybersecurity

How industry professionals can avoid and respond to wire fraud

Wire fraud has become rampant in our industry. The FBI has estimated that there are over 4,000 hack attempts per day nationwide. According to the Financial Crimes Enforcement Network (FinCEN) there have been 22,000 cases of reported wire fraud involving losses of over $3.1 billion dollars since 2013.

The real estate industry has been targeted by fraudsters because our business moves at a quick pace with a lot of funds on a regular basis. The criminals continue to strengthen their efforts to abscond with buyer, seller and REALTOR money. Below are some tips for how we can help educate our buyers and sellers about how important it is to be cautious in their transactions.

1. Consumer education.

The biggest key to prevention is education of your customers. As a REALTOR you should be laser focused on educating the buyers and sellers about the growing risks of wire fraud. At every opportunity take the time to explain that wire fraud has become prevalent and explain how we, the title company, will deliver wiring instructions. Buyers and Sellers should understand that if they receive a phone call, fax or email regarding wiring of funds, they must call a previously validated phone number to verify the funding information. Always caution the client about contacting the title company from an email signature. Criminals have become sophisticated at sending fraudulent communications pretending to be the REALTOR, the title company and the lender. criminals send emails with identical looking signature blocks of one of the parties to the transaction but replace with phone numbers the criminal will answer if someone calls. A good tip is to ask your clients to program our phone number into their cell phones when they go under contract. This way they are only calling us on a trusted phone number and not from any other resource.

Buyers should be forewarned by their REALTOR that no one in the transaction should send them wiring instructions other than the title company. Even when the title company sends wiring instructions it should be only upon request from the customer and the customer should never initiate a wire without personally calling the title company from a verified phone number to verify the wiring instruction data.

A REALTOR should never take on the responsibility of sending wiring instructions to their clients. After having the conversation with your client to educate them on the red flags of wire fraud it is highly advisable that you have a disclosure signed by them confirming your conversation that includes a reminder to never send funds without contacting the title company first at a trusted number to confirm the instructions.

On the seller side of the transaction, you should counsel the clients to bring a physical copy of their wiring instructions to closing. The sellers should not email their account information out. Instead they should bring the instructions to closing. All sellers should be counselled to not respond to email inquiries requesting their account number or wiring information.

Also, make sure that we have your buyer or seller’s phone number. When we receipt the contract we will call your buyer and seller to talk to them about the transaction. We will reiterate the warnings that you are giving them and we will help remind them how important it is to follow our instructions.

2. Contacts Log.

Before you go under contract create a log of all approved parties’ phone numbers to give to your buyer or seller. Providing the clients with a verified phone number to use at the beginning of the transaction is a must. Programming the title company number into their phone should help minimize the possibility of a fraudster sending them a different phone number to use via email.

3. Confirmation of wire instructions for REALTORS.

Many REALTORS today have a portion of the commission wired. If you fall into that group make sure you are available by phone to verify the wiring instructions. Criminals are hacking emails and sending in fake wiring instructions for commissions too!

4. Two-Factor Authentication.

You should implement Two-Factor Authentication. All parties to the transaction, especially real estate agents, should be encouraged to enable Two-Factor Authentication on the email service they utilize, especially real estate agents using public domain email systems such as Yahoo and Gmail. This site lists systems that implement Two-Factor Authentication: https://twofactorauth.org/. After you have turned on your Two-Factor Authentication make sure to change your password one time to clear out any prior access.

5. Secure email.

All email involving nonpublic, private and confidential client information should be sent utilizing secure email systems. Here is an article from the National Association of REALTORS (NAR) regarding NAR Best Practices https://www.nar.realtor/articles/internet-security-best-practices.

6. Cyber protections.

REALTORS should implement industry standard IT security and cyber protections of their email and computer systems including but not limited to: 1) utilizing strong antivirus software, 2) installing security patches for all operating systems and software applications, 3) logging out or locking their computer when leaving their computer unattended, 4) avoid clicking on suspicious links on websites or within emails and 5) avoid using free WIFI or free charging stations. Free WIFI pretending to be legitimate businesses is often operated by criminals and allows them to access everything being transmitted over WIFI.

When fraud happens. If you suspect a fraud is underway or has happened, act immediately! Contact as many people in your management team as well as at the time company. The bank and FBI need to be contacted immediately among other steps that must be taken. The Cybersecurity unit of the Department of Justice has published the following guidelines for reporting cyber incidents: https://www.justice.gov/sites/default/files/opa/speeches/attachments/2015/04/29/criminal_division_guidance_on_best_practices_for_victim_response_and_reporting_cyber_incidents2.pdf

Sources:

ALTA Wire Fraud Resources:
http://www.tlta.com/TLTA/News_Articles/ALTA_Releases_Several_Resources_to_Help_Protect_Title_Companies_and_Customers_From_Wire_Fraud.aspx
ALTA notice about phishing emails: https://www.alta.org/news/news.cfm?20170801-Phishing-for-Wire-Transfers
ALTA Wire Fraud Red Flags: https://www.alta.org/news/news.cfm?20170725-Red-Flags-to-Protect-Your-Company-Against-Wire-Fraud
ALTA Sample Wire Fraud Warnings: https://www.alta.org/news/news.cfm?20170725-Sample-Wire-Fraud-Warnings-You-Can-Use
FBI’s Public Service Announcement regarding Business Email Compromise: https://www.ic3.gov/media/2017/170504.aspx

Our executive team at Texas National Title is committed to helping our clients talk to customers about preventing wire fraud. David Tandy (CEO) and Latra Szal (COO/Counsel) have been teaching many classes on the topic to local REALTOR groups. If you would like to schedule a class or conference for your office to discuss further please let me know and we will get something scheduled.

To receive more posts like this from Tandy on Real Estate updates direct to your inbox, please subscribe.

 

Cybersecurity: Homograph Attacks

The domain you are visiting online, may not actually be the website you were thinking it was. According to The Register homograph attacks, although not new, are still an issue in modern-day web-browsing. This may not be on your radar, but it is definitely something to be aware of as we continue to live in our online world. Here is what you need to know about homograph attacks, and how to protect yourself.

What is a homograph attack?

According to Malwarebytes Labs, “A homograph attack is a method of deception wherein a threat actor leverages on the similarities of character scripts to create and register phony domains of existing ones to fool users and lure them into visiting. This attack has some known aliases: homoglyph attack, script spoofing, and homograph domain name spoofing.” An example of this is using the Latin alphabet to spoof the letters in a common English domain, e.g. bl00mberg.com or g00gle.com.

How does this affect me?

Cybercriminals are using non-English characters to mimic common English domains in order to trick users. Homograph attacks use a fake, yet believable website to lure you in. These sites are created for phishing, fraudulent purposes, or to introduce malware onto your system. The issue is that every browser builder, certificate authority and registrar have global customers – making their systems and you a potential target.

How can I protect myself?

Here are a few tips from Malwarebytes Labs to help protect yourself.

  1. Regularly update your browser (They may be your first line of defense against homograph attacks)
  2. Confirming that the legitimate site you’re on has an Extended Validation Certificate (EVC).
  3. Avoid clicking links from emails, chat messages, and other publicly available content, most especially social media sites, without ensuring that the visible link is indeed the true destination.

It boils down to being aware of what you click on, before you click on it. Always hover over a link before you proceed to click on the link.

To receive more posts like this from Tandy on Real Estate updates direct to your inbox, please subscribe.

SOURCE:
https://www.theregister.co.uk/2017/04/18/homograph_attack_again/
https://blog.malwarebytes.com/101/2017/10/out-of-character-homograph-attacks-explained/
https://en.wikipedia.org/wiki/Extended_Validation_Certificate

 

Cybersecurity: NAR Email Best Practices

As promised, I will be outlining the National Association of REALTORS® Best Practices from their NAR Data Security and Privacy Toolkit.  The National Association of REALTORS Legal Affairs Department outline the following Best Practices on Email.

Unsecure email accounts are open doors to cyber criminals.  Follow these guidelines to help keep that door securely shut and locked tight.

·        Whenever possible, avoid sending sensitive information via email.

·        If you must send sensitive information via email, make sure to use encrypted email.

·        Never trust contact information in unverified emails.

·        If an email looks even slightly suspicious, do not click on any links in it, and do not reply to it.

·        Clean out your email account regularly.  You can always store important emails on your hard drive.

·        Do not use free wi-fi to transact business.

·        Avoid using free email accounts for business.

·        Use strong passwords.

·        Change your password regularly.

These are quick and easy reminders of good email practices. I cannot emphasize enough the importance of secure email. We are in a very transaction heavy business full of NPPI (non-public personal information), and the information that we share should abide by privacy laws including Gramm-Leach-Bliley Act, should not include NPPI, and must be transmitted via secure, encrypted email. Here is a guide from the Federal Trade Commission on how to comply with the Privacy of Consumer Financial Information Rule. And, as a bonus, here is a webcast offered by the American Land Title Association on Best Practices: Protecting Non-public, Personal Information.

To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.

RESOURCES:
https://www.nar.realtor/sites/default/files/handouts-and-brochures/2015/protecting-from-cyberfraud-handout-2015-11-24.pdf
http://www.realtor.org/law-and-ethics/nars-data-security-and-privacy-toolkit
https://www.ftc.gov/system/files/documents/plain-language/bus67-how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act.pdf

Cybersecurity: Creating strong passwords

Last week I covered two cybersecurity topics Protecting your business and Protecting your cell phone. Today, I wanted to give you a quick tip on how to create strong passwords to help protect your accounts. Strong passwords help to prevent unauthorized users from using your computer, systems and applications. Check out the list of the worst passwords according to Forbes. Hopefully your passwords do not make the list. If they do, the tips below will help you to create a stronger password.

While not fool proof, creating a stronger passwords can help to reduce the chances of becoming a victim of a hacker according to a hacker himself in Advice from a Real Hacker.

  1. Choose a random set of characters that are the maximum that your system will accept. The longer the password, the harder it is to hack.
  2. Use at least 8 characters.
  3. Do not use a dictionary word. Dictionary words are easy to crack.
  4. Do not use your username or name in your password.
  5. Does not use a complete word.
  6. Use at least one of every character type in your password, i.e. uppercase, lowercase, a number and a special character.
  7. Never just use numbers. Don’t use a password made completely of numbers with not uppercase or lower case letter. The 10-digit number key pad do not provide many options for your password, and can be easily broken into.
  8. Use different passwords for different accounts. Using the same password across all of your account is just plain risky. Try varying your passwords, and using a system that works for you.
  9. Create a passphrase for your password where the character limits allow the space.

Remember your strong passwords are only as good as where you store them, so make sure to keep your passwords secure. And, do not leave them by your computer. If you have a hard time remembering all of your passwords, you can always use a trusted password manager. Check out Consumer Reports for more info on password managers, and see PC Magazine for the Best Password Managers of 2017.

Another way to protect yourself is to set-up two-factor authentication.

I hope you find this helpful. To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.

RESOURCES:
http://www.inman.com/2015/03/19/awa-access-without-authorization-hacking-and-what-it-means-to-real-estate/
https://null-byte.wonderhowto.com/how-to/advice-from-real-hacker-protect-yourself-from-being-hacked-0157218/
https://null-byte.wonderhowto.com/how-to/advice-from-real-hacker-create-stronger-passwords-0156907/
https://support.microsoft.com/en-us/instantanswers/9bd5223b-efbe-aa95-b15a-2fb37bef637d/create-a-strong-password
https://en.wikipedia.org/wiki/Passphrase
https://www.forbes.com/sites/ygrauer/2017/01/23/2016s-worst-passwords-are-just-as-bad-as-2015s-so-please-tell-me-yours-is-not-on-the-list/#2f0da6f33879
http://www.pcmag.com/article2/0,2817,2456400,00.asp
http://www.consumerreports.org/digital-security/everything-you-need-to-know-about-password-managers/
http://www.pcmag.com/article2/0,2817,2407168,00.asp

Cybersecurity: Protecting your cell phone

Where would we be without our smart phones today? You can basically conduct your business via your cell phone. It is amazingly convenient, easy to access and backup, and a powerful efficiency tool. But, it is also not without its security issues.

Today cell phone usage blurs the lines between our personal and business lives. From our contacts, online banking, social media accounts, fitness apps, games to our emails and business applications, our phones house access to our life’s operating system. And, with this they store a mass of sensitive information. The National Association of REALTORS says that, “more sensitive data about you and your work (passwords, credit card numbers, contacts, messages, e-mail) is accessible from your mobile device than any other piece of technology you have. Inman News says that REALTORS are walking around with a bulls eye on their back for hackers.

Here are 6 tips to protect your smart phone from The National Association of REALTORS:

  1. Enable your device’s screen lock and change the PIN regularly.
  2. Experts advise against saving passwords at individual sites, such as Amazon or Chase, because they can become saved deep in your phone’s memory. Instead, use an app designed specifically for saving passwords. Click here to learn about password managers.
  3. Update all your apps regularly. Updates provide needed security patches.
  4. Know and regularly review your phone’s security and permission settings. Have you given Facebook permission to access your e-mail contacts?
  5. Use public Wi-Fi with caution. When you’re on a café’s public Wi-Fi, for example, the café has access to everything you transmit, from text messages to data.
  6. Only download apps from a known app store to avoid apps filled with dangerous pieces of malware that could steal your sensitive data.

And, as a business owner RISMedia advises that you should also have the ability to remote track and wipe smart phones to protect your business.

I hope this is helpful to safeguard your smart phones. To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.

SOURCES:
https://www.nar.realtor/articles/legal-you-re-the-ideal-target-for-cybercrime
http://www.inman.com/2015/03/19/awa-access-without-authorization-hacking-and-what-it-means-to-real-estate/
http://rismedia.com/2014/08/07/3-cybersecurity-tips-that-can-pay-off-for-your-business/#close
https://en.wikipedia.org/wiki/Password_manager

Cybersecurity: Protecting your business

REALTORS beware – you are the perfect target for cybercrime
According to The National Association of REALTORS (NAR), “big-name breaches make good headlines, but smaller businesses make easy targets for online criminals. This is partly because many small-business owners believe they are “below the radar” for cybercrime and thus fail to implement safety measures to protect themselves from attack.” There are more than 12 cybercrimes per second. Per NAR, “by 2019, cybercrime will cost businesses an estimated $2 trillion annually.” This post is to help you and your clients to avoid being the next victim.

The dangers of the World Wide Web and specifically, wire fraud
This sounds like a scary headline from 2000 when businesses first started going online. But, now in 2017, the dangers are oh so real. At the REALTORS® Legislative Meetings & Trade Expo in Washington, D.C.  in May NAR General Counsel Katie Johnson identified wire fraud as a “sophisticated scam causing consumers to lose millions of dollars each year.” This according to “The Threat of Wire Fraud is Real” by Erica Christoffer and Graham Wood of REALTOR Magazine. When she asked the audience of real estate professionals if they knew of someone who had been a victim of wire fraud, 1/3 of the audience raised their hand. She then detailed the following:

“Hackers are gaining access to e-mail accounts through captured passwords, and they’ll search inboxes for messages related to real estate transactions, Johnson said. Once they find a victim who’s in the process of buying a home, they’ll send a spoof e-mail that looks like it’s from their agent, title representative, or attorney, and it will say there are “new” wiring instructions, which includes a fraudulent account. The home buyer will then unwittingly wire funds directly into the hacker’s account. Once they send it, the money is gone. Millions of dollars are lost on this.”

MortgageFraudBlog.com gives point in case to Johnson’s scam where fraudulent emails were used to conduct wire fraud and bank fraud from escrow deposits in June 2016 involving three companies and hurting 6 victims with the scam.

How to protect your business
Here are some tips to make sure you take the proper precautions online.

  1. Maintain a data security policy. See samples of policies here.
  2. Maintain a document retention and destruction policy. Identify how long to keep documents and how to destroy the information safely. Be sure to work with your legal counsel to create this.
  3. Notify affected parties of a security breach. Remember immediacy and transparency are key in your communications. In the event of a data breach reference the Federal Trade Commission’s Data Breach Response: A Guide for Business.
  4. Use tech to safeguard personally identifiable information. Implement certain technology-based protections, such as maintaining appropriate firewalls and password controls.
  5. Use strong passwords. Here is how to create a strong password.
  6. Establish procedures for wire transfers and communicate with your clients what to expect in the transaction and what communications they will receive from you. Here are some tips from Clareity Consulting on “Reducing the Risk of Real Estate Wire Fraud”.
  7. And, finally, FOLLOW YOUR POLICIES and educate your associates.

The dangers of free wi-fi
According to KnowBe4, “you should always watch what Wi-Fi hotspots you connect to, and use a VPN to help keep your sensitive information out of the hands of hackers.” If you connect to free wi-fi that is unprotected, the provider could have access to what you transmit over their network. For example, at the Republican National Convention, attendees were hacked by a fake wi-fi network. Here’s what happened per Stu Sjouwerman,

“The PR people at Avast decided to have some fun and created a series of fake Wi-Fi networks at various locations around the Republican National Congress in Cleveland. Avast’s team set up several networks, using names such as “Trump free Wifi” or “Google Starbucks,” which were designed to look as though they were set up for convention attendees. Upon connecting, trusting a random and unprotected network they found in a public setting, the users unwittingly gave Avast access to spy on their devices. Over the course of a day, Avast found over a thousand attendees that were completely negligent in their device’s security. Over 60 percent of the users who connected had their identity completely exposed, and slightly less than half of them checked their email or used messenger apps.”

This is scary business, literally. Lesson learned – Remember to always use a secure network with a username and password, and use a VPN when conducting business. Say to yourself now, “No more free wi-fi – it is NOT worth the risk.”

I hope this is helpful as you work to strengthen your cybersecurity practices. I urge you to download Protecting Your Business and Your Clients from Cyberfraud from The National Association of REALTORS to make sure you have your cybersecurity bases covered. This includes Best Business Practices, Best Email Practices, Best Transaction Practices and Best Damage Control Practices. I will cover these Best Practices in future blog posts, so stay tuned.

To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.

RESOURCES:
https://www.nar.realtor/articles/legal-you-re-the-ideal-target-for-cybercrime
http://www.csoonline.com/article/3019126/security/security-policy-samples-templates-and-tools.html
https://www.nar.realtor/law-and-ethics/protecting-your-business-and-your-clients-from-cyberfraud
https://blog.knowbe4.com/scam-of-the-week-rnc-attendees-get-hacked-through-fake-wi-fi-networks
https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business
http://realtormag.realtor.org/for-brokers/network/article/2016/05/threat-wire-fraud-real
https://clareity.com/wp-content/uploads/2016/08/Reducing-the-Risk-of-Real-Estate-Wire-Fraud.pdf
https://www.rt.com/news/cybercrime-victims-number-grow-427/
https://null-byte.wonderhowto.com/how-to/advice-from-real-hacker-create-stronger-passwords-0156907/
http://www.mortgagefraudblog.com/exclusive-criminal-complaint-concerning-fraudulent-emails-diverting-escrow-deposits/

 

Cybersecurity: Protecting your children online

As a technologist, I am fascinated by bringing our businesses online to create efficiencies and with this, our obligation to provide cybersecurity. In my first blog post on cyber security, I talked about cyber breaches. In my second blog post today on cybersecurity, I would like to talk about our jobs as parents to protect our children in a changing social world. In future posts, I will be covering how you can protect both yourself and your business. Stay tuned to Tandy on Real Estate for these.

According to Shakespeare, “the world is our oyster”, or so it seems now that pretty much anything and everything is available online – whether it is a fact, or as we hear so much of now, an “alternative fact”. What we should remember is, in our world of immediate access, we still need to protect ourselves, and most importantly, our children.

The first thing to remember when approaching cybersecurity is that anything placed online CANNOT be permanently deleted. It will always be online. The “International Information Systems Security Certification Consortium” (ISC2) states that, “anything posted or sent through the Internet is impossible to fully remove.” It is our duty as parents to communicate this to our children, and to help them to build healthy online habits that will protect them as they grow up in their social world.

Here are few tips for child safety from ISC2 and the social networks themselves:

1.       Get to know the social networks. Research these social networks, and remember to include your children in the research process.

a.       Facebook – Facebook’s Parent’s Portal on Safety@Facebook

b.       Instagram – Instagram’s Tips for Parents

c.       Twitter – Twitter Tips for Families

d.       Vine – Tech Guide for Parents on Vine

e.       SnapChat – Snapchat Safety Center

2.       Realize there are age requirements to most social networks and respect these rules- they are in place for a reason.

3.       Make parental approval of social groups or networks part of your house rules.

4.       Talk about what is an acceptable and respectable post.

5.       “Friend” or “follow” your kids so you can check in on their social media activity. You don’t have to participate, just take a look as often as possible.

6.       Data provided to a social network is stored and, most of the time, it is shared by default. Ensure your child’s profile is set to Private. Go into settings and help them adjust the default controls.

These are just a few tips for parents. The biggest part is to start the conversation with your children about social networks, their privacy and how they can participate in the online conversation safely.

Here are a few tips on getting the conversation started 

To receive more Tandy on Real Estate updates direct to your inbox, please subscribe.

SOURCE:
https://safeandsecureonline.org/parents-guardians/
https://safeandsecureonline.org/wp-content/uploads/2016/04/Social-Media.pdf
https://www.facebook.com/safety/parents
https://www.facebook.com/safety
https://www.facebook.com/safety/parents/tips
https://help.instagram.com/154475974694511/
https://about.twitter.com/safety/families
http://www.techguide4parents.com/what-is-the-vine/
https://www.snapchat.com/safety/
https://iamcybersafe.org/

 

 

© 2017 Tandy On Real Estate — Powered by WordPress

Theme by Anders NorenUp ↑