Cyber Fraud New Schemes; Responding to a Successful Attack...
Transcript of Cyber Fraud New Schemes; Responding to a Successful Attack...
Cyber Fraud – New Schemes; Responding to a Successful Attack &
Insurance Coverages
Daryl Bailey – Gray Reed - Houston, Texas
The Internet & the IoT (Internet of Things)
Virtually all economic activities now take place
through digital technology and electronic
communication, leaving business transactions and
assets susceptible to a variety of cyber-related
threats.
- Securities and Exchange Commission, Report of Investigation
Regarding Certain Cyber-Related Frauds (Oct. 16, 2018)
2018 TEXAS LAND TITLE INSTITUTE
The problem
Wire fraud in real estate
is the fastest growing
cybercrime in the USA.
2018 TEXAS LAND TITLE INSTITUTE
Real Estate Transactions 2017
2018 TEXAS LAND TITLE INSTITUTE
$1.63B
Est. Attempted
Frauds
$986M
Est. Actual
Loss
?
Funds
Recovered
BEC Domestic Exposure (Est. Actual) January, 2016 to June 2017
Not rocket science
The technical skill level is near zero
for this crime, but the operational
sophistication is very high.
- Ryan Kalember, SVP Cyber Security and
Strategy, Proofpoint
2018 TEXAS LAND TITLE INSTITUTE
By the numbers
67% of breaches occur in organizations
sized 11-100 employees
The average cyber attack goes unnoticed
for 146 days
84% of compromised networks have
evidence of the breach in their log files
89% of breaches had a financial or
espionage motive
53% of compromised companies learn of
the breach from a third party
90% of cybersecurity expenditure is at the
perimeter, but only 27% of breaches occur
there
2018 TEXAS LAND TITLE INSTITUTE
Who is Attacking and Why?
Who: External actors
Why: Financial & Espionage
2018 TEXAS LAND TITLE INSTITUTE
Top Threats Facing REAL ESTATE Companies
1. EAC/BEC/ Wire Fraud
2. Phishing / Account Takeover
3. Money Muling
4. Data Breach
5. IOT / Smart Building Controls
6. Malware / Ransomware
2018 TEXAS LAND TITLE INSTITUTE
Anatomy of an Attack - Hacker
2018 TEXAS LAND TITLE INSTITUTE
Hacker
Vulnerability exploit
Account takeover
Data exfiltration
Wire fraud
Ransomware
Anatomy of an Attack - Hacker
2018 TEXAS LAND TITLE INSTITUTE
Hacker
Obtain credentials from dark web
Account takeover
Data exfiltration
Wire fraud
Ransomware
Anatomy of an Attack - Phishing
2018 TEXAS LAND TITLE INSTITUTE
Phishing email
Phishing website steals creds
Account takeover
Data exfiltration
Wire fraud
Ransomware
Anatomy of an Attack - Phishing
2018 TEXAS LAND TITLE INSTITUTE
Phishing email
Malware installed
Account takeover
Data exfiltration
Wire fraud
Ransomware
Anatomy of an Attack – Malicious Websites
2018 TEXAS LAND TITLE INSTITUTE
Malicious website
Malware installed
Account takeover
Data exfiltration
Wire fraud
Ransomware
I don’t want to set false
expectations for consumers. The
chance of recovery here is slim.
- James Barnacle, chief of the FBI’s money
laundering unit
2018 TEXAS LAND TITLE INSTITUTE
Best practices are not working
2018 TEXAS LAND TITLE INSTITUTE
Calls and
texts ported
Insurance
denied
Identity
documents stolen
Why real estate industry?
1. They are incredibly lucrative(avg $200,000)
2018 TEXAS LAND TITLE INSTITUTE
Why real estate transactions?
2. Transactions involve
multiple parties all
communicating
electronically
2018 TEXAS LAND TITLE INSTITUTE
Why real estate transactions?
3. All the information to start a fraud is easily
found online2018 TEXAS LAND TITLE INSTITUTE
Urban Myths of Title
All wires over $10,000
are tracked and
reported to the Feds2018 TEXAS LAND TITLE INSTITUTE
Urban Myths of Title
If we cannot rely on
the banking system
to stop this fraud,
what do we do?
2018 TEXAS LAND TITLE INSTITUTE
3 Ways to Help Keep You and Your Customers Safe
People
Processes
Technology
2018 TEXAS LAND TITLE INSTITUTE
Tips to Prevent E-mail Fraud
Stop the blame game
Who is responsible?
Consumer, client or customer
Real estate professional
Lender representative
Insurance agent
Title agent
Attorney
2018 TEXAS LAND TITLE INSTITUTE
Tips to Prevent E-mail Fraud
Draft Alerts and Use Them…OFTEN
Title industry is well aware of the e-mail fraudster and
how to avert these losses
Every exchange should include an alert!
2018 TEXAS LAND TITLE INSTITUTE
WARNING ! WIRE F RAUD AD V IS O RY Wire fraud and email hacking/phishing attacks are on the increase! If you have an escrow or closing transaction with us and you receive an email containing Wire Transfer Instructions, DO NOT RESPOND TO THE EMAIL! Instead, call your escrow officer/closer immediately, using previously known contact information and NOT information provided in the email, to verify the information prior to sending funds.
Tips to Prevent E-mail Fraud
2018 TEXAS LAND TITLE INSTITUTE
!!!!! IMPORTANT WIRE INFORMATION !!!!!
CONSUMER ALERT
** PLEASE READ THE FOLLOWING **
Due to the recent rise in cybercrime sweeping the real estate industry, we want you to be aware
of the following important information:
There have been many instances of real estate agents', brokers', attorneys' and/or consumers'
email addresses being hacked/phished. The cyber criminals forward bogus wire instructions,
redirecting deposits and/or cash to close to a fraudulent bank account. Once received, the
money is quickly sent offshore, where it is difficult if not impossible to retrieve.
Our wire instructions are enclosed/attached and will not be changed or altered in any
way. If someone representing North American Title Company or any other party involved
in your transaction sends you new or revised wire instructions, CALL OUR OFFICE
IMMEDIATELY BEFORE SENDING ANY FUNDS. DO NOT SEND AN E-MAIL.
Any funds should be wired only to Bank of America for further credit to the escrow
account of North American Title Company. We will never ask you to send wires to any
other person or entity. FRAUD WARNING: IF YOU RECEIVE OTHER WIRING INSTRUCTIONS THAT ARE DIFFERENT FROM THE INFORMATION LISTED ABOVE PLEASE CALL YOUR NAT CLOSING SETTLEMENT OFFICER TO CONFIRM. NAT WILL REQUIRE INDEPENDENT CONFIRMATION FOR ANY AMENDED WIRE INSTRUCTIONS FOR INCOMING AND OUTGOING WIRES.
If you feel you have received an e-mail that is not from one of our offices, please contact us
immediately at the phone number listed below.
Jeanne Graham
(954)474-7444
Tips to Prevent E-mail Fraud
Remind customers just prior to closing
If Customer wants to change wire instructions:
Require them to come in person to office to provide new
information;
Agent calls customer using phone numbers provided at
order inception:
Do not respond to such an email or call the numbers listed;
Do not provide your own wire instructions again in response to
this e-mail.
2018 TEXAS LAND TITLE INSTITUTE
Tips to Prevent E-mail Fraud
Exculpatory Clauses in Escrow Agreements – Non-Receipt of Wired Funds
2018 TEXAS LAND TITLE INSTITUTE
Buyer and Seller agree to save and hold harmless Escrow Agent from any liability arising under and as a result of any
delay in Wire Receipt, including delay or non-delivery due to a fraudulent diversion of the Wire due to cyber-breach
or e-mail fraud perpetrated on the Buyer, Seller, Real estate sales professional, attorney or other escrow or title agent,
and further agree that Escrow Agent may, at its option, require the receipt, release and authorization in writing of all
parties before paying money or delivering or redelivering documents or property to any party or to third parties. Any
change in wire instructions for wire, payment or delivery of funds may require personal appearance by the requesting
party in the offices of the escrow agent or such other security measures which the Escrow Agent shall in its sole
discretion mandate for purposes of protecting the Wire from fraud or theft. Escrow Agent shall not be liable for any
interest or other charges on the money held by it.
Tips to Prevent E-mail Fraud
Exculpatory Clauses in Escrow Agreements – Non-Receipt of Wired
Funds – After Buyer takes Possession
2018 TEXAS LAND TITLE INSTITUTE
Should Buyer take possession of the property prior to Wire Receipt,
Buyer and Seller release Escrow Agent from any liability, including
liability which may occur in the event that Wire Receipt does not
occur. Such release includes, but is not limited to, any loss resulting
from Buyer failing to have or obtain adequate insurance coverage on,
or legal title to, the Property, as well as, any loss of funds due to
cyber- breach or fraudulent e-mail attack on the buyer, seller, real
estate sales professional, attorney or other escrow agent or title agent.
Chapter 5, Page 13
Protection vs. Detection
Organizations need both protection & detection.
Protection – firewalls, antivirus, password policies, etc.
But, 10 foot wall = 11 foot ladder
Your IT department or consultants are probably doing a fantastic job
Detection is equally important, and almost always overlooked
Hackers have become increasingly capable
Hacking is inevitable
Most attacks go unnoticed for 146 days. Need to detect immediately!
2018 TEXAS LAND TITLE INSTITUTE
People Best Practices
Observe and react in real-time
Never give out your passwords
Don’t click on attachments without verifying
Save information on server not computer
Be curious, skeptical and think before you act
Hire a third party to phish employees
2018 TEXAS LAND TITLE INSTITUTE
#2: Processes
Processes:
Create a culture
of compliance
and curiosity
2018 TEXAS LAND TITLE INSTITUTE
Process Best Practices
Create policies and procedures for:
System access
Password management
Information receipt, custody, retention and destruction
Wire and ID confirmation
Put restrictions on use and access
Screen and verify suspicious and “surprising” emails
Educate yourself and train your people
Obtain Complete Third-Party Information Security Assessments
2018 TEXAS LAND TITLE INSTITUTE
Low-Tech Solutions
No last-minute changes
to wire instructions
PICK UP THE PHONE!
2018 TEXAS LAND TITLE INSTITUTE
#3: Technology
Technology:
Leverage hardware
and software to lower
your risk profile
2018 TEXAS LAND TITLE INSTITUTE
Software Best Practices
Complex passwords
Third party password manager
Anti-virus on all machines (including mobile)
Multi-factor authentication
Monitor networks in real-time
Use email “spam filter” service
Limit permissions and rights
2018 TEXAS LAND TITLE INSTITUTE
Grim Statistics
Passwords are always a weak link.
How long does it take to crack a simple password?
7 characters – 1 second
8 characters – 5 hours
12 characters – 200 years
2018 TEXAS LAND TITLE INSTITUTE
The Best Defense…
2018 TEXAS LAND TITLE INSTITUTE
WARNING ! WIRE F RAUD AD V IS O RY Wire fraud and email hacking/phishing attacks are on the increase! If you have an escrow or closing transaction with us and you receive an email containing Wire Transfer Instructions, DO NOT RESPOND TO THE EMAIL! Instead, call your escrow officer/closer immediately, using previously known contact information and NOT information provided in the email, to verify the information prior to sending funds.
Hardware Best Practices
Secure access and sessions
Encrypt data in transit and at rest
Segregate data
Tether machines
Install firewall, VPN’s and other devices
Don’t share devices
Third party penetration testing
Limit Services & protocols
2018 TEXAS LAND TITLE INSTITUTE
First Steps if Attacked
Make certain your email subject line reads:
URGENT FRAUD ATTACK – READ NOW
TO PREVENT LOSS
2018 TEXAS LAND TITLE INSTITUTE
First Steps if Attacked
STEP 1 – Contact the financial institution
immediately upon discovering of the
fraudulent transfer.
Step 2 – Request that the financial
institution contact the corresponding
financial institution where the fraudulent
transfer was sent.
2018 TEXAS LAND TITLE INSTITUTE
First Steps if Attacked
STEP 3 – Contact your local Federal Bureau
of Investigation (FBI) office if the wire is
recent. The FBI, working with the United
States Department of Treasury Financial
Crimes Enforcement Network, might be able
to help return or freeze the funds.
2018 TEXAS LAND TITLE INSTITUTE
First Steps if Attacked
Texas has 4 FBI offices – Which one should you call?
One in Dallas covering 137 counties in North Texas as well as portions
of East and West Texas.
A second office in El Paso covering 17 West Texas counties.
One in San Antonio covering the counties of Atascosa, Bandera,
Bexar, Comal, Frio, Gillespie, Gonzalez, Guadalupe, Karnes, Kendall,
Kerr, Kimble, Mason, Medina, Real, Uvalde and Wilson.
The last office is Houston covering 40 counties in Southeast Texas.
2018 TEXAS LAND TITLE INSTITUTE
First Steps if Attacked
STEP 4
File a complaint, regardless
of dollar loss: www.ic3.gov
Or for BEC/EAC victims go
here: www.bec.ic3.gov
2018 TEXAS LAND TITLE INSTITUTE
Be on guard
Доверяй, но проверяй
Trust but Verify.
– President Ronald Reagan
2018 TEXAS LAND TITLE INSTITUTE
Cyber Threats
2018 TEXAS LAND TITLE INSTITUTE
A LITTLE BIT OF HISTORY
Hacking has been around since the first
phones in the 1870s
Computer hacking has been around since
the 1960s
The modern internet was released in 1989
and, with its expansion, hacking and
hackers have increased exponentially
Cyber Threats
2018 TEXAS LAND TITLE INSTITUTE
People view the financial services
industry and real estate industry as
the most vulnerable
The number of attacks and
successful events increases every
year
Cyber Insurance
HISTORY
Cyber insurance started as part of errors and
omissions and commercial general liability
policies
Starting about 20 years ago, with increased
events and unique resulting damages, cyber
insurance evolved into a separate insurance
product
Today, cyber insurance is a package of discreet
coverage parts – both first party and third party.
2018 TEXAS LAND TITLE INSTITUTE
Cyber Insurance – Types
Common types (some with subparts),
include:
Event management – first party
Media liability – third party
Network security and privacy –third party
Network interruption – first party
Reputation guard and extortion – first party
2018 TEXAS LAND TITLE INSTITUTE
Cyber Insurance – What it Covers
It covers many first party costs:
Forensic investigation of breaches
Legal advice for scope of
notification/regulatory obligations
Notification costs for communicating the
breach
Offering credit monitoring to affected
customers
Public relations expenses
Loss of profits/extra expense while
network down (business interruption)
2018 TEXAS LAND TITLE INSTITUTE
Cyber Insurance – What it Covers
It also covers third party costs:
Legal defense fees to defend breach
claims
Settlements/damages/judgments
related to breach claims
Costs of responding to regulatory
issues
Regulatory fines and penalties
2018 TEXAS LAND TITLE INSTITUTE
Cyber Insurance – What it does NOT Cover
Common costs or damages that it
does not cover, include:
Harm to reputation (can be
purchased)
Loss of future revenues
Infrastructure costs – to improve
systems, etc.
Lost value of intellectual property
2018 TEXAS LAND TITLE INSTITUTE
Agent and Broker Liable for 85% of Wire Fraud Loss
[Plaintiff] is granted judgment against
defendants [broker and agent], jointly
and severally, on his claim for negligent
misrepresentation in the amount of
$167,129.27…
Bain v. Platinum Realty LLC et al., Case
No. 16-CV-02326-JWL, Dist. Court, D. Kansas, 2018
2018 TEXAS LAND TITLE INSTITUTE
All Industry Participants on “Notice”
Thus, the real estate industry, and [the bank, mortgage
lender, title company, real estate brokerage and real estate
agent] named in this action, were well aware of the presence
of the wire fraud scam, the risks associated with sending
confidential information over unsecure channels, and the
steps that must be taken to ensure that consumers would not
be victimized by that scam.
- Colorado, June 2017
2018 TEXAS LAND TITLE INSTITUTE