CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

Transcription

1 CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL RAHUL GUPTA SENIOR DEPUTY DISTRICT ATTORNEY ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: DAVE WHITE INVESTIGATOR / FORENSIC EXAMINER ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: dave.white@da.ocgov.com

2 CYBER CRIME REAL ESTATE

3 CYBER THREAT PAST/PRESENT

4 GLOBAL CYBER THREAT

5 IC CYBER CRIME REPORT: USA

6 IC CYBER CRIME REPORT: CALIFORNIA

7 January February March IC CYBER CRIME REPORT: ORANGE COUNTY FIRST 3 MONTHS IN 2018: # of Victims: Loss in Millions: $3.8 $3.8 $5.0

8 REAL ESTATE = DATA BUSINESS

9 CCC /.82 WHAT IS PII? Types of information that triggers the notice requirement: 1) An individual's name plus one or more of the following: *Social Security number, driver's license or California Identification Card number, financial account numbers, medical information, health insurance, or information collected through an automated license plate recognition system; or 2) User ID and password or other specified credentials permitting access to online accounts.

10 CCC /.82 Data Breach Notification Data Breach Notice - Requires a business or a govt. agency that owns or licenses unencrypted computerized data, including PII to notify any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The law defines the term encrypted to mean rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security. California residents are also protected with respect to user names and addresses in combination with a password or security question and answer that would permit access to an online account. The notice must contain specific information, and it must use a title and headings, as specified. Any agency, person, or business that is required to issue a breach notice to more than 500 California residents must also electronically submit a single sample copy to the Attorney General.

11 ORANGE COUNTY CYBER TRENDS PHISHING SOCIAL MEDIA BEC / WIRE FRAUD RANSOMWARE PHONE SCAMS INSIDER THREATS

12 PHISING

13 REAL ESTATE PHISHING

14 PHISHING PROTECTION TIPS Do you recognize the sender of the ? Is the general, Dear Sir or Madam? Does it contain any spelling or grammar errors? Does it have a download link or attachment? (Hover) Reply to the and ask for a phone number I can t view the attachment on my phone right now, but I m really interested, can I call you? Use 2FA Two Factor Authentication Gmail, outlook, etc.

15 SOCIAL MEDIA RISKS

16 SOCIAL MEDIA TIPS Limit your social media footprint you don t need that many friends! Limit personal you information shared online. A social media profile is not a real person. Do basic google search / image search if contacted online. Check public data aggregator sites: Google yourself/learn How to opt out:

17 MILLENIAL MYTH

18 BEC /WIRE FRAUD Fake CEO to accountant. Agent/Broker gets phished, criminal views s and waits for closing (which means you were compromised for a while!) Criminal sends fake wiring instructions from either 1) real address or 2) fake address change one letter: bill@bestrealestate.com = bill@besttrealestate.com Jill_bestrealestate@gmail.com = jill_bestrrealestate@gmail.com Criminal will set mailbox rules to send victim s into junk folder of Agent/Broker Criminal sends fake wiring instructions to victim.

19 BEC/WIRE FRAUD - SUCCESS STORY

20 BEC/WIRE FRAUD SUCCESS STORY

21 BEC / WIRE FRAUD TIPS DO NOT SEND WIRING INSTRUCTIONS VIA , FAX OR TEXT! Always provide wiring instructions in person or over the phone. Have a set routine with clients, go over the routine, follow the routine. IE: Only send wires on Monday or Tuesday. Call before and after sending wire to confirm wiring instructions, banking and routing numbers are accurate. Use encrypted features. (provide password over the phone!) Use Virtual Private Network (VPN). Use 2FA (2- factor authentication). If you ve been a victim act fast only hour window to freeze funds. Contact bank, local LE and FBI immediately.

22 RANSOMWARE

23 RANSOMWARE

24 RANSOMWARE TIPS Back up, back up, back up! Back up important data to the cloud.

25 PHONE SCAMS

26 PHONE SCAMS - TIPS Don t share personal / banking information over the phone. Never let anyone take over / gain remote access to your computer. Never download team viewer at the direction of someone else. Be cautious of customer service / tech support websites.

27 INSIDER THREATS P vs. Dubose

28 INSIDER THREATS 2017 VERIZON DATA BREACH REPORT 53,308 security incidents, 2,216 data breaches, 65 countries, 67 contributors 76% of breaches were financially motivated 73% of cyberattacks were perpetrated by outsiders 28% of attacks involved insiders The insider threat can be particularly difficult to guard against it s hard to spot the signs if someone is using their legitimate access to your data for nefarious purposes

29 INSIDER THREAT TIPS Conduct thorough background checks or all new hires. Do Google / social media searches of all new hires. Do not let one single person hold the keys to the kingdom Keep copies of all server and admin passwords. Limit who has remote login access to the network/computers. Change passwords and remote access before terminating employees. Change passwords routinely. Use strong passwords. Back up, back up, back up! All important data to the cloud.

30 REAL ESTATE = DATA BUSINESS

31 ORANGE COUNTY CYBER TRENDS PHISHING SOCIAL MEDIA BEC / WIRE FRAUD RANSOMWARE PHONE SCAMS INSIDER THREATS

32 Cyber resources NAR: Small business: DHS nnect-small-business-resources Small and Medium Business US CERT FBI OCDA OCSD Cyber (714) yber_safety

33 CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL RAHUL GUPTA SENIOR DEPUTY DISTRICT ATTORNEY ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: DAVE WHITE INVESTIGATOR / FORENSIC EXAMINER ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: dave.white@da.ocgov.com