cyber fraud new schemes; responding to a successful attack...

Cyber Fraud – New Schemes; Responding to a Successful Attack &

Insurance Coverages

Daryl Bailey – Gray Reed - Houston, Texas

The Internet & the IoT (Internet of Things)

Virtually all economic activities now take place

through digital technology and electronic

communication, leaving business transactions and

assets susceptible to a variety of cyber-related

threats.

- Securities and Exchange Commission, Report of Investigation

Regarding Certain Cyber-Related Frauds (Oct. 16, 2018)

2018 TEXAS LAND TITLE INSTITUTE

NEW TRENDS

Vishing

Mortgage Payoff Scams

Lender Portal Spoofing


The problem

Wire fraud in real estate

is the fastest growing

cybercrime in the USA.


Real Estate Transactions 2017


$1.63B

Est. Attempted

Frauds

$986M

Est. Actual

Loss

?

Funds

Recovered

BEC Domestic Exposure (Est. Actual) January, 2016 to June 2017

Not rocket science

The technical skill level is near zero

for this crime, but the operational

sophistication is very high.

- Ryan Kalember, SVP Cyber Security and

Strategy, Proofpoint


By the numbers

67% of breaches occur in organizations

sized 11-100 employees

The average cyber attack goes unnoticed

for 146 days

84% of compromised networks have

evidence of the breach in their log files

89% of breaches had a financial or

espionage motive

53% of compromised companies learn of

the breach from a third party

90% of cybersecurity expenditure is at the

perimeter, but only 27% of breaches occur

there


Who is Attacking and Why?

Who: External actors

Why: Financial & Espionage


Where are they getting in?


It does not take hackers long to compromise and exfiltrate data


Top Threats Facing REAL ESTATE Companies

1. EAC/BEC/ Wire Fraud

2. Phishing / Account Takeover

3. Money Muling

4. Data Breach

5. IOT / Smart Building Controls

6. Malware / Ransomware


LET’S GO PHISHING

91% of cybercrime starts with phishing


How Phishing Began


Anatomy of an Attack


Anatomy of an Attack - Hacker


Hacker

Vulnerability exploit

Account takeover

Data exfiltration

Wire fraud

Ransomware

Anatomy of an Attack - Hacker


Hacker

Obtain credentials from dark web

Account takeover

Data exfiltration

Wire fraud

Ransomware

Anatomy of an Attack - Phishing


Phishing email

Phishing website steals creds

Account takeover

Data exfiltration

Wire fraud

Ransomware

Anatomy of an Attack - Phishing


Phishing email

Malware installed

Account takeover

Data exfiltration

Wire fraud

Ransomware

Anatomy of an Attack – Malicious Websites


Malicious website

Malware installed

Account takeover

Data exfiltration

Wire fraud

Ransomware

Education

is Needed


Account Takeover



Money Muling

I don’t want to set false

expectations for consumers. The

chance of recovery here is slim.

- James Barnacle, chief of the FBI’s money

laundering unit


Muling by banks occurs quickly


Best practices are not working


Calls and

texts ported

Insurance

denied

Identity

documents stolen

Let Me Tell You a Story…


Not a New Story


Why real estate industry?

1. They are incredibly lucrative(avg $200,000)


Why real estate transactions?

2. Transactions involve

multiple parties all

communicating

electronically


Why real estate transactions?

3. All the information to start a fraud is easily

found online2018 TEXAS LAND TITLE INSTITUTE

Urban Myths of Title

Fraudsters wire $$$

to offshore accounts.



Account holder

name and recipient

don’t match


Winne the Pooh


Winne the Pooh- A Flawed Federal Reserve



Fraudulent wires

can be recalled



All wires over $10,000

are tracked and

reported to the Feds2018 TEXAS LAND TITLE INSTITUTE


If we cannot rely on

the banking system

to stop this fraud,

what do we do?


3 Ways to Help Keep You and Your Customers Safe

People

Processes

Technology


Tips to Prevent E-mail Fraud

Stop the blame game

Who is responsible?

Consumer, client or customer

Real estate professional

Lender representative

Insurance agent

Title agent

Attorney



Draft Alerts and Use Them…OFTEN

Title industry is well aware of the e-mail fraudster and

how to avert these losses

Every exchange should include an alert!


WARNING ! WIRE F RAUD AD V IS O RY Wire fraud and email hacking/phishing attacks are on the increase! If you have an escrow or closing transaction with us and you receive an email containing Wire Transfer Instructions, DO NOT RESPOND TO THE EMAIL! Instead, call your escrow officer/closer immediately, using previously known contact information and NOT information provided in the email, to verify the information prior to sending funds.



!!!!! IMPORTANT WIRE INFORMATION !!!!!

CONSUMER ALERT

** PLEASE READ THE FOLLOWING **

Due to the recent rise in cybercrime sweeping the real estate industry, we want you to be aware

of the following important information:

There have been many instances of real estate agents', brokers', attorneys' and/or consumers'

email addresses being hacked/phished. The cyber criminals forward bogus wire instructions,

redirecting deposits and/or cash to close to a fraudulent bank account. Once received, the

money is quickly sent offshore, where it is difficult if not impossible to retrieve.

Our wire instructions are enclosed/attached and will not be changed or altered in any

way. If someone representing North American Title Company or any other party involved

in your transaction sends you new or revised wire instructions, CALL OUR OFFICE

IMMEDIATELY BEFORE SENDING ANY FUNDS. DO NOT SEND AN E-MAIL.

Any funds should be wired only to Bank of America for further credit to the escrow

account of North American Title Company. We will never ask you to send wires to any

other person or entity. FRAUD WARNING: IF YOU RECEIVE OTHER WIRING INSTRUCTIONS THAT ARE DIFFERENT FROM THE INFORMATION LISTED ABOVE PLEASE CALL YOUR NAT CLOSING SETTLEMENT OFFICER TO CONFIRM. NAT WILL REQUIRE INDEPENDENT CONFIRMATION FOR ANY AMENDED WIRE INSTRUCTIONS FOR INCOMING AND OUTGOING WIRES.

If you feel you have received an e-mail that is not from one of our offices, please contact us

immediately at the phone number listed below.

Jeanne Graham

(954)474-7444


Remind customers just prior to closing

If Customer wants to change wire instructions:

Require them to come in person to office to provide new

information;

Agent calls customer using phone numbers provided at

order inception:

Do not respond to such an email or call the numbers listed;

Do not provide your own wire instructions again in response to

this e-mail.



Exculpatory Clauses in Escrow Agreements – Non-Receipt of Wired Funds


Buyer and Seller agree to save and hold harmless Escrow Agent from any liability arising under and as a result of any

delay in Wire Receipt, including delay or non-delivery due to a fraudulent diversion of the Wire due to cyber-breach

or e-mail fraud perpetrated on the Buyer, Seller, Real estate sales professional, attorney or other escrow or title agent,

and further agree that Escrow Agent may, at its option, require the receipt, release and authorization in writing of all

parties before paying money or delivering or redelivering documents or property to any party or to third parties. Any

change in wire instructions for wire, payment or delivery of funds may require personal appearance by the requesting

party in the offices of the escrow agent or such other security measures which the Escrow Agent shall in its sole

discretion mandate for purposes of protecting the Wire from fraud or theft. Escrow Agent shall not be liable for any

interest or other charges on the money held by it.


Exculpatory Clauses in Escrow Agreements – Non-Receipt of Wired

Funds – After Buyer takes Possession


Should Buyer take possession of the property prior to Wire Receipt,

Buyer and Seller release Escrow Agent from any liability, including

liability which may occur in the event that Wire Receipt does not

occur. Such release includes, but is not limited to, any loss resulting

from Buyer failing to have or obtain adequate insurance coverage on,

or legal title to, the Property, as well as, any loss of funds due to

cyber- breach or fraudulent e-mail attack on the buyer, seller, real

estate sales professional, attorney or other escrow agent or title agent.

Chapter 5, Page 13

Protection vs. Detection

Organizations need both protection & detection.

Protection – firewalls, antivirus, password policies, etc.

But, 10 foot wall = 11 foot ladder

Your IT department or consultants are probably doing a fantastic job

Detection is equally important, and almost always overlooked

Hackers have become increasingly capable

Hacking is inevitable

Most attacks go unnoticed for 146 days. Need to detect immediately!


The Best Defense…PROTECTION


#1: People

People:

Don’t trust

email


People Best Practices

Observe and react in real-time

Never give out your passwords

Don’t click on attachments without verifying

Save information on server not computer

Be curious, skeptical and think before you act

Hire a third party to phish employees


#2: Processes

Processes:

Create a culture

of compliance

and curiosity


Process Best Practices

Create policies and procedures for:

System access

Password management

Information receipt, custody, retention and destruction

Wire and ID confirmation

Put restrictions on use and access

Screen and verify suspicious and “surprising” emails

Educate yourself and train your people

Obtain Complete Third-Party Information Security Assessments


Low-Tech Solutions

No last-minute changes

to wire instructions

PICK UP THE PHONE!


Low-Tech Solutions

If asked to RUSH,

slow down


#3: Technology

Technology:

Leverage hardware

and software to lower

your risk profile


Software Best Practices

Complex passwords

Third party password manager

Anti-virus on all machines (including mobile)

Multi-factor authentication

Monitor networks in real-time

Use email “spam filter” service

Limit permissions and rights


Grim Statistics

Passwords are always a weak link.

How long does it take to crack a simple password?

7 characters – 1 second

8 characters – 5 hours

12 characters – 200 years


The Best Defense…


WARNING ! WIRE F RAUD AD V IS O RY Wire fraud and email hacking/phishing attacks are on the increase! If you have an escrow or closing transaction with us and you receive an email containing Wire Transfer Instructions, DO NOT RESPOND TO THE EMAIL! Instead, call your escrow officer/closer immediately, using previously known contact information and NOT information provided in the email, to verify the information prior to sending funds.

Hardware Best Practices

Secure access and sessions

Encrypt data in transit and at rest

Segregate data

Tether machines

Install firewall, VPN’s and other devices

Don’t share devices

Third party penetration testing

Limit Services & protocols


First Steps if Attacked

Make certain your email subject line reads:

URGENT FRAUD ATTACK – READ NOW

TO PREVENT LOSS



STEP 1 – Contact the financial institution

immediately upon discovering of the

fraudulent transfer.

Step 2 – Request that the financial

institution contact the corresponding

financial institution where the fraudulent

transfer was sent.



STEP 3 – Contact your local Federal Bureau

of Investigation (FBI) office if the wire is

recent. The FBI, working with the United

States Department of Treasury Financial

Crimes Enforcement Network, might be able

to help return or freeze the funds.



Texas has 4 FBI offices – Which one should you call?

One in Dallas covering 137 counties in North Texas as well as portions

of East and West Texas.

A second office in El Paso covering 17 West Texas counties.

One in San Antonio covering the counties of Atascosa, Bandera,

Bexar, Comal, Frio, Gillespie, Gonzalez, Guadalupe, Karnes, Kendall,

Kerr, Kimble, Mason, Medina, Real, Uvalde and Wilson.

The last office is Houston covering 40 counties in Southeast Texas.



STEP 4

File a complaint, regardless

of dollar loss: www.ic3.gov

Or for BEC/EAC victims go

here: www.bec.ic3.gov


Be on guard

Доверяй, но проверяй

Trust but Verify.

– President Ronald Reagan


Be diligent


Nроверяй но Доверяй

Verify, then you can trust.

Cyber Insurance


Cyber Threats


A LITTLE BIT OF HISTORY

Hacking has been around since the first

phones in the 1870s

Computer hacking has been around since

the 1960s

The modern internet was released in 1989

and, with its expansion, hacking and

hackers have increased exponentially

Cyber Threats


People view the financial services

industry and real estate industry as

the most vulnerable

The number of attacks and

successful events increases every

year

Cyber Insurance

HISTORY

Cyber insurance started as part of errors and

omissions and commercial general liability

policies

Starting about 20 years ago, with increased

events and unique resulting damages, cyber

insurance evolved into a separate insurance

product

Today, cyber insurance is a package of discreet

coverage parts – both first party and third party.


Cyber Insurance – Types

Common types (some with subparts),

include:

Event management – first party

Media liability – third party

Network security and privacy –third party

Network interruption – first party

Reputation guard and extortion – first party


Cyber Insurance – What it Covers

It covers many first party costs:

Forensic investigation of breaches

Legal advice for scope of

notification/regulatory obligations

Notification costs for communicating the

breach

Offering credit monitoring to affected

customers

Public relations expenses

Loss of profits/extra expense while

network down (business interruption)


Cyber Insurance – What it Covers

It also covers third party costs:

Legal defense fees to defend breach

claims

Settlements/damages/judgments

related to breach claims

Costs of responding to regulatory

issues

Regulatory fines and penalties


Cyber Insurance – What it does NOT Cover


Cyber Insurance – What it does NOT Cover

Common costs or damages that it

does not cover, include:

Harm to reputation (can be

purchased)

Loss of future revenues

Infrastructure costs – to improve

systems, etc.

Lost value of intellectual property


The New Standard of Care

Wire fraud is

everyone’s problem


Agent and Broker Liable for 85% of Wire Fraud Loss

[Plaintiff] is granted judgment against

defendants [broker and agent], jointly

and severally, on his claim for negligent

misrepresentation in the amount of

$167,129.27…

Bain v. Platinum Realty LLC et al., Case

No. 16-CV-02326-JWL, Dist. Court, D. Kansas, 2018


Jury Question #1 During Deliberations


All Industry Participants on “Notice”

Thus, the real estate industry, and [the bank, mortgage

lender, title company, real estate brokerage and real estate

agent] named in this action, were well aware of the presence

of the wire fraud scam, the risks associated with sending

confidential information over unsecure channels, and the

steps that must be taken to ensure that consumers would not

be victimized by that scam.

- Colorado, June 2017


cyber fraud new schemes; responding to a successful attack...

Documents