1
Cyber Fraud How it happens and how to prevent it Presented by: Hector Ariceaga, MBA VP Area Manager First American Title
2
Agenda 1
FRAUD IS REAL - VIDEO
4
SECURITY BEST PRACTICES
2
HOW THE SCAM UNFOLDS
5
WHAT TO DO IF YOU FALL VICTIM
3
THE THREAT VECTORS
6
ADDITIONAL RESOURCES
3
Fraud Is Real
4
5
Fraud Is Real
6
What is at Risk?
Earnest Money or Other Closing Funds
Loan Payoffs
Seller’s Net Proceeds
Professional Commissions
7
The Fraud Process It happens gradually
01 02 03 04
Hacker gains access to victim’s eMail
Hackers will try to root into identity as far as possible
Hacker assumes control of conversation
Hacker strikes by providing fake wiring instructions
8
Setting the Trap Hacker baits victim into handing over credentials
The opportunity arrives Hacker has all the details needed to consummate the fraud
9
10
Consummating the Scam Hacker will send urgent message asking victim to act promptly
11
Threat Vectors
A B C
Hacker gains access to victims e-mail Hacker may or may-not know in advance that there is a Real Estate transaction underway
Hacker compromises social media or other acct Weak Social Media credentials are an easy way for hackers to establish a beachhead inside victim’s accounts
Hacker installs malware in victims computer Hacker installs malware in victims computer that allows him to spy and track victim’s movements online
19
20
21
22
Security Best Practices
01 02 03 04 05
Install AV/Malware Software
Keep All Software Up to Date
Run Scans Regularly
Keep Your OS Updated
Secure Your Network, incl. IOT
23
Security Best Practices
06 07 08 09 10
Think Before You Click
Keep Your Personal Info Private
Don’t Use Open/Free/Unsecured Wi-Fi
Have Strong Data Management Policies
Use Strong/Unique Passwords
Red Flags WATCH OUT FOR SOME OF THESE COMMON TACTICS Seemingly legitimate emailed transaction instructions contain
Emailed transaction instructions direct payment to a beneficiary with
different language, timing, and amounts than previously
which the customer has no payment history or documented business
verified, and authentic, transaction instructions.
relationship, sometimes in amounts similar to those in the transaction
Transaction instructions originate from an email account
Emailed transaction instructions include markings, assertions, or language
closely resembling a known customer’s email account;
designating the transaction request as “Urgent,” “Secret,” or “Confidential.”
however, the email address has been slightly altered by adding, changing, or deleting one or more characters Emailed transaction instructions direct payment to a known
Emailed transaction instructions are delivered in a way that would give
beneficiary; however, the beneficiary’s account information is
the target a limited time or opportunity to confirm the authenticity of
different from what was previously used.
the requested transaction.
Emailed transaction instructions originate from a customer’s employee
Poor grammar, spelling errors or improper formatting.
who is a newly authorized person on the account or is an authorized
Conversational tone and vocabulary different that in previous
person who has not previously sent wire transfer instructions.
communications.
Overly generic greetings.
25
Steps to Take if Fraud Suspected IMMEDIATELY CHANGE PASSWORDS Make sure to change all accounts that may have been
RUN A/V SCANS
accessed as part of the transaction
Scan for viruses and other malware
CONTACT FINANCIAL INSTITUTIONS Institutions may be able to stop or reverse further funds transfers
REPORT TO FBI Internet Crime Complaint Center http://www.fbi.gov/scams-safety/e-scams
CONTACT ALL PARTIES AFFECTED
BROKER SHOULD REPORT
This will be the most embarrassing part but extremely
Report to State or Local Realtor
crucial. Make sure to notify everyone involved in the transaction to be aware of potential fraud
REPORT TO FTC www.ftccomplaintassistant.gov/#crnt&panel1-1
Assoc. and warn other agents
Potential Liability PUT YOUR PORTFOLIO IMAGES HERE
Compromised Systems
Unsecured Communications
Other Actions
Broker’s caused or failed to protect e-mail or
Broker sent confidential information via
Broker through other negligent actions aided
computer systems from compromise.
unsecured channels and information was
in the commission of fraud.
used to perpetuate fraud.
26
27
And One More Thing TEXT WITH IMAGE PLACEHOLDER
ERROS AND OMISSIONS INSURANCE MAY NOT COVER Should the real estate professionals be facing a lawsuit, they may want to look into their Errors and Omissions Insurance. However, there is a possibility that their E&O policy does not cover claims arising from Wire Fraud. This may leave the RE professionals in a situation where they have to pay for their legal defense, and any potential judgements, on their own.
28
Educate Your Clients THESE STEPS CAN GO A LONG WAY TO PREVENTING FRAUD
01 02 03
Provide Consumer Warnings put consumer warnings on websites and communications
Use Secure eMail Communications Remind clients that free eMail accounts are at greater risk of hacking
Educate them about proper Wire procedures Provide notices to consumers informing them that the title companies’ wire instructions will never change during the transaction
04 05 06
Instruct Consumers to Call Before Wiring Consumers must call a known number to verify wire instructions immediately before transmitting
Use Only Verified Contact Information Consumers must only use contact channels known to be safe. Never call or reply to contact info provided via email
Be Skeptical Consumer Warn consumers to be aware an look-out for fraud. If anything appears suspicious, it probable is.
Warn About Fraud – Often! SAMPLE NOTIFICATION VERBIAGE
Be Aware!
Wire Fraud!
Warning: Wire Fraud Advisory!
Be aware! Online banking fraud
Due to increased fraud, buyers,
is on the rise. If you receive
sellers and lenders should confirm
an email containing WIRE
all wiring instructions by phone
TRANSFER INSTRUCTIONS
directly with our office before
call us immediately to verify the
transferring funds.
Wire fraud and email hacking/phishing attacks are on the increase! If you have an escrow or closing transaction with us and you receive an email containing Wire Transfer Instructions, DO NOT RESPOND TO THE EMAIL! Instead, call your escrow officer/closer immediately, using previously known contact information and NOT information provided in the email, to verify the information prior to sending funds.
information prior to sending funds.
29
30
31
Computer Security Resources Choose a Password Manager - http://online-password-manager-review.toptenreviews.com/ Choose Online Backup Service - http://pcsupport.about.com/od/maintenance/tp/online_backup_services.htm Choose Private VPN - http://netforbeginners.about.com/od/readerpicks/tp/The-Best-VPN-Service-Providers.htm BoxCryptor - https://www.boxcryptor.com/app/referral/?code=JGjhHXqRr1SWCRAj Avast Free - http://www.avast.com/en-us/download-thank-you.php?product=FAV-ONLINE&locale=en-us AVG Free – win - http://free.avg.com/us-en/free-antivirus-download AVG Free – mac - http://www.avg.com/us-en/avg-antivirus-for-mac Malwarebites Free - https://www.malwarebytes.org/mwb-download/
Ccleaner - http://www.piriform.com/ccleaner/download AdAware - http://lavasoft.com/products/ad_aware_free.php
32
Informational Brochures
33
ADDITIONAL RESOURCES
01 02 03 04 05
Firstam.epropertywatch.com The FBI calls this new class of lien fraud “The Latest Scam on the Block” Protect against this latest scam is through proactively monitoring
NAR Cyber-Fraud Handout - PDF Protecting your business and your clients from Cyberfraud https://www.nar.realtor/sites/default/files/handouts-andbrochures/2015/protecting-from-cyberfraud-handout-2015-1124.pdf
Identity Theft Recovery Assistance Consumers may receive assistance if believed to be victims of IT. www.identitytheft.gov
FBI – Internet Complaint Center Consumers are encouraged to forward all Phishing eMails to IC3 – www.ic3.gov
NAR – Fraud Alert for Buyers - Video NAR General Counsel Katie Johnson warns buyers about wire fraud scams during the purchase of their home. https://www.nar.realtor/videos/wire-fraud-alert-for-buyers
34
35
Meet Your team STANDING BY TO HELP YOU
Hector
Donna
Marcia
Joyce
VP – Area Manager
Sales Manager
Title Manager
Escrow Manager
hariceaga@firstam.com
dmannila@firstam.com
mlind@firstam.com
jdanderson@firstam.com
503-310-6945
541-246-4796
541-465-8794
541-465-8776
36
THANKS
WE LOOK FORWARD TO HELPING YOU WITH ALL YOUR TITLE AND ESCROW NEEDS
FOLLOW US ON FACEBOOK
FirstAmTitle.LaneCounty
CONTENT TO SHARE http://www.simplifyingthemarket.com/en/?a=3 18973-472984503b605de8ffca062fa8b9aa5c
FOLLOW US ON TWITTER @HectorAriceaga