CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL RAHUL GUPTA SENIOR DEPUTY DISTRICT ATTORNEY ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-345-7722 EMAIL: rahul.gupta@da.ocgov.com DAVE WHITE INVESTIGATOR / FORENSIC EXAMINER ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-949-0719 EMAIL: dave.white@da.ocgov.com
CYBER CRIME REAL ESTATE
CYBER THREAT PAST/PRESENT
GLOBAL CYBER THREAT
IC3 2017 CYBER CRIME REPORT: USA
IC3 2017 CYBER CRIME REPORT: CALIFORNIA
January February March IC3 2017 CYBER CRIME REPORT: ORANGE COUNTY FIRST 3 MONTHS IN 2018: # of Victims: 383 392 452 Loss in Millions: $3.8 $3.8 $5.0
REAL ESTATE = DATA BUSINESS https://www.ocar.org/10-code-of-ethics/file.html
CCC 1798.29/.82 WHAT IS PII? Types of information that triggers the notice requirement: 1) An individual's name plus one or more of the following: *Social Security number, driver's license or California Identification Card number, financial account numbers, medical information, health insurance, or information collected through an automated license plate recognition system; or 2) User ID and password or other specified credentials permitting access to online accounts.
CCC 1798.29/.82 Data Breach Notification Data Breach Notice - Requires a business or a govt. agency that owns or licenses unencrypted computerized data, including PII to notify any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The law defines the term encrypted to mean rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security. California residents are also protected with respect to user names and e-mail addresses in combination with a password or security question and answer that would permit access to an online account. The notice must contain specific information, and it must use a title and headings, as specified. Any agency, person, or business that is required to issue a breach notice to more than 500 California residents must also electronically submit a single sample copy to the Attorney General.
ORANGE COUNTY CYBER TRENDS PHISHING SOCIAL MEDIA BEC / WIRE FRAUD RANSOMWARE PHONE SCAMS INSIDER THREATS
PHISING
REAL ESTATE PHISHING
PHISHING PROTECTION TIPS Do you recognize the sender of the email? Is the email general, Dear Sir or Madam? Does it contain any spelling or grammar errors? Does it have a download link or attachment? (Hover) Reply to the email and ask for a phone number I can t view the attachment on my phone right now, but I m really interested, can I call you? Use 2FA Two Factor Authentication Gmail, outlook, etc.
SOCIAL MEDIA RISKS
SOCIAL MEDIA TIPS Limit your social media footprint you don t need that many friends! Limit personal you information shared online. A social media profile is not a real person. Do basic google search / image search if contacted online. Check public data aggregator sites: www.whitepages.com www.spokeo.com www.pipl.com www.familytreenow.com Google yourself/learn How to opt out: https://lifehacker.com/how-to-opt-out-of-the-most-popular-peoplesearch-sites-1791536533
MILLENIAL MYTH
BEC /WIRE FRAUD Fake CEO email to accountant. Agent/Broker gets phished, criminal views emails and waits for closing (which means you were compromised for a while!) Criminal sends fake wiring instructions from either 1) real email address or 2) fake email address change one letter: bill@bestrealestate.com = bill@besttrealestate.com Jill_bestrealestate@gmail.com = jill_bestrrealestate@gmail.com Criminal will set mailbox rules to send victim emails into junk folder of Agent/Broker Criminal sends fake wiring instructions to victim.
BEC/WIRE FRAUD - SUCCESS STORY
BEC/WIRE FRAUD SUCCESS STORY
BEC / WIRE FRAUD TIPS DO NOT SEND WIRING INSTRUCTIONS VIA EMAIL, FAX OR TEXT! Always provide wiring instructions in person or over the phone. Have a set routine with clients, go over the routine, follow the routine. IE: Only send wires on Monday or Tuesday. Call before and after sending wire to confirm wiring instructions, banking and routing numbers are accurate. Use encrypted email features. (provide password over the phone!) Use Virtual Private Network (VPN). Use 2FA (2- factor authentication). If you ve been a victim act fast only 24-48 hour window to freeze funds. Contact bank, local LE and FBI immediately.
RANSOMWARE
RANSOMWARE
RANSOMWARE TIPS Back up, back up, back up! Back up important data to the cloud.
PHONE SCAMS
PHONE SCAMS - TIPS Don t share personal / banking information over the phone. Never let anyone take over / gain remote access to your computer. Never download team viewer at the direction of someone else. Be cautious of customer service / tech support websites.
INSIDER THREATS P vs. Dubose
INSIDER THREATS 2017 VERIZON DATA BREACH REPORT 53,308 security incidents, 2,216 data breaches, 65 countries, 67 contributors 76% of breaches were financially motivated 73% of cyberattacks were perpetrated by outsiders 28% of attacks involved insiders The insider threat can be particularly difficult to guard against it s hard to spot the signs if someone is using their legitimate access to your data for nefarious purposes
INSIDER THREAT TIPS Conduct thorough background checks or all new hires. Do Google / social media searches of all new hires. Do not let one single person hold the keys to the kingdom Keep copies of all server and admin passwords. Limit who has remote login access to the network/computers. Change passwords and remote access before terminating employees. Change passwords routinely. Use strong passwords. Back up, back up, back up! All important data to the cloud.
REAL ESTATE = DATA BUSINESS https://www.ocar.org/10-code-of-ethics/file.html
ORANGE COUNTY CYBER TRENDS PHISHING SOCIAL MEDIA BEC / WIRE FRAUD RANSOMWARE PHONE SCAMS INSIDER THREATS
Cyber resources NAR: https://www.nar.realtor/dataprivacy-security Small business: DHS https://www.dhs.gov/publication/stopthinkco nnect-small-business-resources Small and Medium Business US CERT https://www.us-cert.gov/ccubedvp/smb FBI www.ic3.gov OCDA REFraud@da.ocgov.com OCSD Cyber (714) 647-7000 http://www.ocsd.org/about/staysafeoc/c yber_safety
CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL RAHUL GUPTA SENIOR DEPUTY DISTRICT ATTORNEY ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-345-7722 EMAIL: rahul.gupta@da.ocgov.com DAVE WHITE INVESTIGATOR / FORENSIC EXAMINER ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-949-0719 EMAIL: dave.white@da.ocgov.com