SMBs Including Real Estate, Watch Out for these Cyber Security Threats!

/0 Comments/in /by

There used to be a time when hackers only targeted retailers, but these days, they can target almost any business in any industry, especially those that are not aware of the best cyber security practices.

cyberattack

One of these groups is the real estate industry, and according to a recent survey, approximately half of all businesses in real estate are not prepared to handle any type of cyberattack. Though Federal law requires specific industries, like banks and hospitals, to have security in place, the real estate industry is not one of them. If you work in real estate, here are some common cyber security threats to keep an eye out for.

Business Email Compromise – BEC

A BEC, or business email compromise, is a type of cyberattack that tricks a company into wiring cash into the bank account of a criminal. Hackers do this by “spoofing” email addresses, and then then sending messages to recipients that look like they are coming from someone they trust, such as the CEO or the head of accounting.

This happens a lot; the FBI has found that billions of dollars have been lost due to BEC scams. Yes, this is pretty scary, but there is more. The FBI has also said that those in the real estate industry are targeted, and anyone who participates in a real estate transaction is a possible victim.

Wire Scams During Mortgage Closings

There are also scams during closings. Here’s how it works. Before the sale of a home is complete, the buyer gets an email from their Realtor, a title attorney, or another trusted person in the industry with the details of the date, time, and locations where the closing will take place. Scammers know this, so they create a different email that tells the buyer where to wire the money. But it’s right to the bank account of the scammer. Within minutes of the transfer, the money is pulled out of the account, and the scammer is gone.

The Internet Crime Complaint Center, part of the FBI, shared statistics that from 2015 to 2017 there were more than 10,000 victims of these scams, and the losses here totaled more than $56 million…and it’s growing all of the time.

Ransomware

Another thing that those in the real estate industry need to be aware of is ransomware. This is a type of malware that shuts down a network or a device so that you can’t get into it until you pay up. This is a very profitable scam for hackers, and it is becoming very popular year over year. All it takes is one person on your team to click on a link, and the entire network could be compromised.

Keep in mind that ransomware attacks don’t just target computers. These attacks can target any devices that connects to the internet, including smart thermostats, smart lights, and smart homes. When a digital device gets a ransomware infection, they stop working.

Malware

Though most people have heard about ransomware, there are other forms of malware, too. For example, you have likely heard of spyware or Trojans, which are still out there. Specifically, these are used for cybercriminals to spy on those they are targeting. They can get access to a victim’s bank account, or even steal their email inbox. Hackers also use malware to steal personal info or employee information, and they can get things like personal client information Social Security numbers, credit card numbers, and more. Just knowing this, you can understand why those in the real estate industry are targets.

Cloud Computing Providers

If you work in the real estate industry, your livelihood is at risk thanks to cloud computing. This, you might know, is a more economical way to backup information, so while it is necessary, there are risks. However, hackers can get into these “clouds,” and if they do, they can get access to all of the data in there.

It may seem that by using a cloud computing company that you are actually lowering your risk of becoming a target, but the truth is this: there is still a risk because your devices are likely not as secure as you think, and your passwords are probably not as strong as you think. This means making sure you’re not using the same passcode for any other accounts and enabling two factor authentication for everything.

Don’t Let Your Real Estate Company Become a Victim of a Cyberattack

Now that you know your real estate company can be a target of a scammer, you may wonder how you can lower your risks. Here are some great tips:

  • Write New Policies – One thing you can do is to write new policies to keep things safe. For instance, when you think of BEC scams, if you have a policy in place where you ban wiring money to someone based only on information from an email, you won’t have to worry about BEC scams any longer. Instead, make it a rule that you must talk to the person sending the email, and you must be the one to make the call to confirm. Don’t call the number that is in the email, though. Confirm that it is correct. It could be the number of the scammer.
  • Teach Your Staff – You also want to make sure to have better training for your staff. Most of the attempts at hacking come from email, so when you train your staff to stop blindly opening attachments nor click on links in emails, you can protect yourself from these scams. You also should look into a Cyber, Social & Identity Protection Certification This is where you can learn more about the methods and strategies that you can employ to cut down on any incidents. You can also learn about developing procedures that help keep your clients safer.
  • Teach Your Clients – Speaking of clients, you want to help them, too. All wire scams having to do with closings can be prevented in most cases. Make sure your clients know that in the process of selling or buying a home, there are going to be a lot of emails floating around, including those from Realtors, mortgage companies, insurance companies, home inspectors, real estate attorneys, and more. Make sure they know that before clicking on anything or wiring money that they should first call their Realtor. They should never, ever send money unless they get the go-ahead to do it, and then they still need to make sure to confirm that the transfer is going to the right place.
  • Back Up Your Devices and System – Always make sure that everything is backed up, including your devices and your network. This way, if you do get hacked, you won’t have to pay a ransom, and the information is easy to get back.
  • Check on Cloud Computing Contracts – It is also a good idea to look into what you are getting from your cloud computing provider. They don’t like to take responsibility for a cyberattack, and there might even be something in your contract with them that says they won’t. So, you should start your own negotiations with the company in question about what you can do about something like this.
  • Buy Cyber-Liability Insurance – Finally, you should consider getting cyber-liability insurance. This could definitely help make things less risky for your real estate business. There are all types of different policies out there, so do some research or speak to a professional.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Protecting your Child’s Identity from Child Identity Theft

/0 Comments/in /by

Did your kid ever get a pre-approved credit card offer? If so, this is a sign that their identity might have been taken by a scammer. Child identity theft is when someone uses the minor’s Social Security number to commit fraud. This might include applying for benefits, opening up a credit card, or even taking out a loan. 

Child identity theft

This can go on for many years, and you might not know for a very long time. However, there are some things that you can do to keep your child’s identity safe. 

What are the Warning Signs of Child ID Theft and How it Occurs

Typically, child identity theft occurs when a kid’s Social Security number is stolen. There are many ways this can happen including from electronic data breaches and stealing official documents. Fortunately, there are some signs that this could be happening: 

  • Receiving a Pre-Approved Credit Card Offer – As said above, a pre-approved credit card offering could be a sign that your child’s credit is being used. Credit card companies only send an offer like this if they have access to your credit file. 
  • Getting Turned Down for Government Benefits – You might be trying to apply for benefits for your child when you find out you were denied. It could be because your child’s information is being used elsewhere. 
  • Getting a Notice from the IRS – If you get a letter that your child didn’t pay taxes, this is problematic, too. 
  • Getting a Call or Letter from a Bill Collector – If you get a call or letter from a collection agency for your child, there is a big issue. 

How to Protect Your Child’s Identity

Here are a few tips to protect the identity of your child:

  • Unless it is absolutely necessary, do not share your child’s Social Security number.
  • Lock away and keep your child’s info secure.
  • If you have documents with your child’s information on them, shred them before you toss them out.
  • Keep an eye on anyone in your home who might be tempted to use your child’s identity.
  • Learn about any school directory information policy. Find out if you can opt out, and then do it. 

What Should You do if You Child’s Information is Stolen

If you believe that your child’s information has been compromised, you should do the following: 

  • First, contact the top three major credit reporting companies: Experian, Equifax, and TransUnion.
  • Ask each agency to do a manual search of the Social Security number, and then do a search with the name AND the Social Security number.
  • Keep a record of phone calls and letters.

If you can confirm that your child is a victim of ID theft, immediately do the following: 

  • Contact the credit bureaus and explain what is happening. Ask them to remove any inquiries, collection notices, and accounts. You then have to show proof that the child is actually a minor. 
  • You also must contact any company where the information was used and ask them to close any accounts that are open due to ID theft. 
  • Put a fraud alert on the credit report of your child by contacting the credit bureaus. 
  • Consider putting a credit freeze on your child. This is the best way to ensure nothing happens to your child’s identity. This ensures that their credit is locked until they are an adult or until you choose to unfreeze it. 
  • Get a copy of the credit report of the child. If there is a credit report, they are very likely a victim of ID theft. If there is no report, that is good news. 
  • Report the incident with the FTC online or via phone.
  • Create a report at identitytheft.gov. 

Probably the most important tip here is to consider putting a credit freeze on your child’s credit report to protect their identity. Setting up a child’s credit freeze is a very different process than freezing an adults credit. The credit bureaus don’t make it easy, in fact, they try to make it as difficult as possible. Fortunately, CreditParent makes this process relatively seamless. For a significantly low fee, all the parent needs to do is gather their child’s information and submit it to CreditParent and they do all the heavy lifting. 

Having their identity stolen could be a bad thing for the future of your child, so take the steps now to fix it.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Wire Fraud: How Criminal Prey on the Real Estate, Construction, Manufacturing and Art Industries

/0 Comments/in /by

In any industry where money is transferred or large bills are paid,the door is open for hacks. In manufacturing they pay large vendors for all materials and sometimes overseas. In construction developers pay contractors huge sums of money for labor and materials. You might be buying a home or an expensive piece of art, and either way, these transactions are typically not done in cash. You might think that in well-established industries such as the real estate industry, construction and manufacturing, there are checks and balances, but this isn’t totally the case. The same goes for the art industry.

Most of us won’t be buying multi-million-dollar pieces of art imported from Italy, but many people reading this will buy a home.

As we look at the home buying process and scams, the information is pretty frightening. The Internet Crime Complaint Center, which is part of the FBI, released a report that showed email fraud in the real estate industry rose more than 1,110% from 2015 to 2017. The amount of money lost in real estate fraud rose approximately 2,200%. What does this mean? It means scammers are more efficient than ever before. In 2020 that number jumped another 13%. Recently in a real estate transaction a psychology professor at UC Berkeley, wired $921,235.10 to scammers.

In 2017, almost 10,000 people reported that they were a victim of fraud and identity theft during real estate transactions, and in total, the money lost topped $56 million. Only recently has the real estate community been paying attention to this, but it’s just not enough. Again, the same thing can be said about the art world. Both of these industries are having big issues with fraud.

The Story You Have to Hear

 Every once in a while, I meet someone in my travels who seem to have the perfect life…or at least I would consider it to be pretty great. These people are smart, they have made the right choices, they have worked hard, and they have reaped some amazing awards. A couple of years ago I met a married couple who had this perfect life. The guy was literally into money. His job was to not just handle investments for companies, but for actual countries. He brought in huge commissions for this work, and the pair could literally buy anything that they wanted. However, this also made them a target for scammer.

With all of the money they had, the couple soon got into a new hobby: collecting fine art. Though I don’t know a ton about art, I can tell you that their collection was pretty amazing. They primarily collected at type of art called hyperrealism. Essentially, artists who work in hyperrealism create paintings that look like photographs. Look it up…it’s very cool.

Long story short, the guy decided that he wanted to buy a new painting. It had a price tag of $200,000, and he did this via email. Now typically, this is where alarm bells might go off, but the guy didn’t think this was weird, as he had done it like this several times before. This time, though, things were different.

You see, as he was emailing with the gallery he purchased the paintings from, a hacker was able to intercept the emails because the gallery got hacked. Instead of wiring the $200,000 to the gallery, he wired it directly to the hacker.

Keep in mind, this guy was in finance, and people in this industry are specifically conditioned to know about risk. After talking about it later, he said that there were a couple of things in the emails that could be a sign that something was wrong, but again, doing transactions via email is pretty standard in the art industry as it is in real estate.

Thankfully, his bank noticed the transaction because the account that he wired to was brand new, and the system his bank used was set up to flag any transactions that go to a new account, especially with that amount of money.

Once his bank got in contact with him, he immediately contacted the gallery and they confirmed that they had not gotten the money, and instead, it was probably a fraud. Of course he panicked, and thought his $200,000 was about to vanish. He called anyone and everyone he could think of to stop the transaction.

Finally, he realized that his company had a connection to someone higher up at the bank. He was able to get a personal call in, and they were able to stop the wire from completing. He was very lucky, but not everyone is.

Understanding How the Hack Works

 Though scammers have options at their fingertips, they do tend to like this hack, and they use it to target collectors, art galleries, manufacturers, construction companies, developers, and of course real estate companies, and more. So, if you work in these industries, or you interact with people in these industries, make sure you keep your eyes open.

Essentially, these hackers get information from data breaches, which give them email addresses and passwords from millions of people. So, when the art gallery sends an invoice to the art collector via email, the hacker realizes it, and they will step in.

The hacker takes on the persona of the dealer, the real estate agent, the developers bookkeeper, or the construction companies accountant, and comes up with a story that the client might believe, such as they need to issue a new invoice because there was a typo on it, or they need to change the instructions that the client must follow. They do this so that they can justify a change in the wiring and might even say that they can offer a small discount for the inconvenience. Usually, the buyer or the admin is happy to do this, and once the money is sent, the hacker collects it and disappears.

Victims of These Scams

 When we look at these scams, both the buyer and the seller, and all the companies involved are victims here. They are all left in the dark, and the hacker hijacks the communication. In other words, they control the emails, and they play both of the parts. In the art industry, for instance, when the gallery sends an email to its customer, the hacker intercepts the email and pretends to be the customer. The same thing happens when the customer sends an email to the gallery.

Since the hacker does this, there is plenty of time to cover their tracks and disappear. In the meantime, time and money is lost, and in some cases, the art gallery has even had to shut down for good.

Tips to Keep You Safe

If you work in any of these industries, keep these tips in mind:

  • Email account passwords should be very strong and unique. Don’t ever use the same password for more than one account. When creating a password, use uppercase and lowercase letters, and mix them with characters and numbers…and change them frequently.
  • Use password manager software and have a different password for every account.
  • Set up two-step authentication for your email account. When you log in, you will get a one-time password to your mobile phone, which means someone would need your password and your phone to get into your account.
  • Use an escrow service if you are sending large sums of cash.
  • Pick up the phone and call to confirm every step of the transaction.
  • Keep your anti-virus software updated.
  • When you send an invoice through email, text or call the recipient to check that they got it and that the account number is correct.
  • Talk to your staff about the importance of security, and make sure they understand what phishing scams are. Also, teach them not to click on any attachments or links in an email unless they have confirmed and verified the link or attachment by phone.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

The Significant Risks of the Remote Desktop

/0 Comments/in , /by

Are you one of the millions of Americans who are now working from home? Or have you been working from home for awhile? Either way, it is likely that you are using some type of remote desktop protocol. If you are, there are some things that you should be aware of.

None of us believe that we will be hacked, but we have seen over and over again that it is possible. Even the biggest companies out there have been hacked, and a small company is even more at risk of this. Add the use of a program called Remote Desktop offered by Microsoft or Google Chrome or many other third-party remote access programs, and you need to be aware of some things.

Essentially, Remote Desktop allows you to access a computer remotely. It might be in your home or your office, and you can give access to others who are also working remotely in the form of a “remote assistance scam”. However, when you give access, or have this access, your network may be wide open for hackers. There have been thousands and thousands of cases where people have become victims of various remote desktop/remote assistance scams, and if a hack is successful, it can destroy a small business, wreck a persons bank account or lead to identity theft.

What is Remote Desktop?

Remote Desktop is a very common software, and if you work on a computer with Windows, you probably have this program, and you don’t even know it. Though it’s a great tool, it is not as secure as it should be.

Criminals are well-aware of this, of course, and they have worked to create a number of tools for hacking into the software. When they get access to networks, the hackers can also access company info and steal things like login information. Once they have this information, the hackers can buy and sell them so other hackers can use them. Once they are in, they have access to anything and everything on the network.

You are at Risk

It is estimated that there are more than 3 million businesses out there that have access to Remote Desktop. Most of these are small businesses, and many of them manage their own IT services. If you own a small business and you have an IT department, you fall into this category. Additionally, hackers know that these companies are weaker, and they target businesses like this…and any company that has Remote Desktop is also a target.

What You Can Do About It

At this point, you are probably wondering what you can do to protect your company or yourself from hackers who like to use Remote Desktop to access networks. Here are some tips:

  • If you don’t use Remote Desktop, you should remove it from your computer.
  • Make sure that when there is a Windows Update, that you update it as soon as you possibly can. It’s possible that this update could have a security patch that is imperative for keeping hackers out.
  • Ensure that your wireless connections are encrypted, and also password protected.
  • If you want to keep Remote Desktop, you can, but choose to only use it on a computer that is running on a VPN, or virtual private network.
  • Use a firewall, too, so you can restrict access.
  • Another thing you can do is set up two-factor authentication.
  • Beware of any pop ups or phone calls that lead to someone requesting remote access to our device.
  • Understand that none of this is fool proof. The only way to totally protect yourself from hacks via Remote Desktop is to totally delete the program.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.