What is Cyber fraud?• Cyber fraud refers to any type of

deliberate deception for unlawful gain that occurs online or through electronic means.

2

Old ScamsOld scams were easy to recognize:• Bad grammar and spelling• Weird syntaxes• Outrageous claims• Quick money • Would go to your spam folder

3

An Example of an Old ScamGOVGODWINEMEFELE<postmaster@cooky112.de>

!!!***+++URGENTNOTICE+++***!!!

Is my pleasure inform You that your deliveryman has arrived at the airport with your cash trunk boxes value $8.3 million dollars US currency being your inheritance/compensationpayment?

Most importantly you are advised to send your full data to him on this email address reply, which include your Full Name, Current Residential Address, Direct Cell Number, and A copy of any identity card with social security Numbericals to verify that you are the right receiver to avoid mistake and enable him deliver your cash consignment boxes to your house without any further delay.

CONGRATULATION!MR.GODWINEMEFELE,EXECUTIVEGOVERNOR,CENTRALBANKOFNIGERIA

4

New ScamsNew scams are not so easy to recognize:• Highly sophisticated• Virtually indistinguishable from legitimate email • Looks to be from trusted source• Right timing, right tone

5

An Example of a New ScamFrom: JackLawyern <jack@lawyem.com>To: BrendaBuyer<Brenda@buyer.net>Cc: EddieEscrow;Rinda RealEstateSubject: NewWiring Instructions

Hifolks,

We’realmosttothefinishline!Justgottheheadsupthatthere’sbeenatweaktothewiringinstructions– seeattachedfornewinfo.Let’sgetthisbabywrappeduptoday.Congratsagaintoall.Brenda,youandRogerandlittleBobbySuearegoingtoloveyournewplaceonFranklinRoad.

Cheers,Jack-O

JackLawyernLawyern &LawyernHandinHandwithGeorgiaHomebuyersforThreeGenerations

6

On the Frontline…• Some of the Largest Cyber Crimes in History:

• Home Depot’s system was breached and exposed data from 50 Million credit cards

• Yahoo – Over 1.5 Billion user’s data was breached

• IRS – Hackers stole over 700,000 social security numbers

• WikiLeaks published emails taken from the servers of the Democratic National Committee.

7

Statistics From the 2018 FBI IC3 Report• 2014-2018 Victim Losses: $7.45 Billion• 2018 Victim Losses: $2.7 Billion

– Top 3 States• CA - $450.5 Million• NY - $201.1 Million• TX - $195.6 Million

• 2014-2018 Total Reported Complaints: 1.5 Million• 2018 Total Reported Complaints: 351,937

– Top 3 States • CA – 49,031• TX – 25,589• FL – 23,984

8

On the Frontline…• DDoS – Hackers force numerous internet connected devices to send

communication to one service or website to cripple infrastructure or networks

• Botnets – Users’ computers are infected with malware and the Hacker takes control of each computer and organizes them into a network of bots the hacker can remotely manage

• Phishing – Hacker’s attempt to obtain personal information typically through email

• Man-In-The-Middle – Hacker’s relays and can alter communications between two parties who believe they are communicating with each other.

9

Be on Guard• Watch out for email hacking to:

– Our system– Customer’s system

• Scams come in many forms– Earnest Money scams– Wire proceeds scams– Breaching the payee

• Hackers use malware – E.g. Keystroke recorder

10

How to stay on guard• ALTA Best Practice Pillar 3

– Best Practice: Adopt and maintain a written privacy and information security program to protect Non-public Personal Information as required by local, state and federal law.

• Layered approach to making it more difficult to surmount the defenses.

• Physical security of computers & information• Physical access to work areas• Physical access to computers, servers, routers• Prohibit use of removal media

11

How to stay on guard• Network security

– Robust malware, ransomware, virus protection– IT vendor with appropriate experience, vetting and

capabilities– Restrict use of company systems to company

business– Require passwords to be changed frequently

12

How to stay on guard• Password Best Practices

– Best practices for strong passwords include the following:• Passwords should not contain all or part of your name or ID.• Passwords should be at least eight characters long, but the longer the better.

– Passwords should contain characters from the following four categories: upper case letters, lower case letters, numbers and symbols (e.g., &, %, $, #).

– Use special symbols• Use @ for letter a• $ for letter S• ! for l or 1

– Change Passwords Every Three to Six Months, giving potential hackers less time– Do not maintain a password database– If an admin assigns a password, the user should be forced to change it on first login– Password protect phones and tablets with Locator Service

13

How to stay on guard• This password will never be broken:

Yd#ph1CnYfwLdc@Gtu

• Neither will this one:Remember!! A-B-C Always Be Closing!!

• Or this one:put that coffee down coffee is for closers

14

How to stay on guard• Practical Tips

– Steps you can take to prevent theft• Lock up the stock• Positive Pay & Reverse Positive Pay

– Watch out for phishing emails• Tricking someone into providing login information – fake web pages,

redirection– Social Engineering – Hackers seeking to manipulate people to

perform actions or divulge personal information– Emails

• Set up Two Factor Authentication on you emails– Go to google, search “gmail two factor authentication”, “hotmail two factor authentication”, etc.

• Do not click on links unless you are sure its legitimate. If not, send a separate email to the person (do not reply) to confirm its legitimate.

• Use a paid antivirus program that includes internet security

15

How to stay on guard – Check email address and link for validity

16

How to stay on guard – Check email, spelling and grammer

17

How to stay on guard – Wire Fraud• Wires

– Add an email signature footer fraud warning – Instruct the client to call before wiring any monies– Do not accept wire instructions by email– Confirm wire instructions through an outbound call

you know is valid– Red flags should be raised if you receive changes to

the wire instructions – the client should confirm the changes in person or through an outbound call you know is valid

18

How to stay on guard – TRG Cyber-Fraud Prevention Wire Policy

• Wire Instructions signed in person• Approved master wire instructions on file with TRG• Wire Instructions which require verbal confirmation

– Instructions signed and sent via overnight carrier or US mail

– Instructions submitted with the $AFE app or DocuSign with ID check

• Changes to wire instruction must be submitted– In person– Via $AFE app or DocuSign with ID check

19

How to Respond to Wire Fraud IncidentsALTA Rapid Response Plan for Wire Fraud Incidents

• Step 1 – Alert company management and internal wire response team• Step 2 – Report the wire fraud to sending and receiving banks• Step 3 – Report wire fraud to law enforcement

• Local Police• FBI• Secret Service

• Step 4 – Call sending bank again to confirm recall request has been processed • Step 5 – Notify the parties to the transaction (buyer, seller, agents, brokers, etc.) using

know, trusted phone numbers• Step 6 – Review your email logs to determine if your email accounts have been

compromised and Incident Response Plan to determine if you need to update passwords• Step 7 – Determine if insurance carrier or legal counsel must be contacted• Step 8 – If funds were wired our of the US, hire an attorney in that country to help recover

funds• Step 9 – Document your response and retain such documentation• Step 10 – File a complaint with the FBI Internet Crime Complaint Center (IC3)

(www.ic3.gov)

20

Here are two recent scenarios that we’ve encountered:

Scenario 1 – Cyberfraud attempt unsuccessful…Title Resources was alerted to the real estate agent commission scheme, from a title agent that had a contract pending and had received, by email, instructions of a bank routing number and account to send the real estate commission due at disbursement.

Shortly before the closing day, an email message was received by the agent, directing the title agent to change the bank routing number and account number to a different bank for the commission check to be disbursed.

Fortunately, the escrow officer saw the change, and recognized the name of the real estate agent as a friend. The escrow officer called the real estate agent, to confirm the change of the bank and account number. The agent was told that no change had been made and that the email was an attempted fraudulent diverting of their funds by a criminal hacker.

21

Stories from the Frontline…

Stories from the Frontline…Scenario 2 – Cyberfraud attempt successful…

In this instance, a settlement agent received an e-mail requesting a change to the existing wiring instructions. This e-mail was sent by a hacker who gained information about the transaction. The settlement agent relied on the e-mail without independently verifying the change request and a loss was incurred.

22

Don’t Let it Happen to You!

• Be sure to verify from known phone numbers, not on the email involved in the change, and verify any change of routing and account numbers for sending any disbursement of proceeds, any real estate commissions, or any other change of wiring done immediately before a closing.

23

Questions?

24