CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

Similar documents
Protecting Your Business From Hackers

Cyber Insurance: What is your bank doing to manage risk? presented by

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

Who We Are! Natalie Timpone

Personal Cybersecurity

How to Build a Culture of Security

Safety and Security. April 2015

Security Breaches: How to Prepare and Respond

Employee Privacy in the Electronic Workplace

Legal Aspects of Cybersecurity

Cybercrime and Information Security for Financial Institutions. AUSA Jared M. Strauss U.S. Attorney s Office So. District of Florida

Frequently Asked Questions. OPM Data Breach. Department of the Navy

Why you MUST protect your customer data

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

Evolution of Spear Phishing. White Paper

South Central Power Stop Scams

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

CYBER SECURITY RESOURCE GUIDE. Cyber Fraud Overview. Best Practices and Resources. Quick Reference Guide for Employees. Cyber Security Checklist

Employee Security Awareness Training

Recognizing & Protecting Against Fraud

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Security & Phishing

Cyber security tips and self-assessment for business

Best Practices Guide to Electronic Banking

Data Compromise Notice Procedure Summary and Guide

Preparing for a Breach October 14, 2016

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016

Wire Fraud Scams: How to Protect

Web Cash Fraud Prevention Best Practices

QUALITY HIPAA December 23, 2013

Cyber Security Issues

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Verizon Enhanced Security Authentication

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Sectigo Security Solution

FAQ: Privacy, Security, and Data Protection at Libraries

Preventing and Identifying Phishing Scams January 31, 2017

Chain 365 Cyber Threat Intelligence Enterprise & Cyber Security. August 2017

Defending Our Digital Density.

To learn more about Stickley on Security visit You can contact Jim Stickley at

Frequently Asked Questions. OPM Data Breach. Department of the Navy

Train employees to avoid inadvertent cyber security breaches

Webomania Solutions Pvt. Ltd. 2017

Digital Evidence: I know it s there, how do I get it?

Cybersecurity The Evolving Landscape

ISACA West Florida Chapter - Cybersecurity Event

10 FOCUS AREAS FOR BREACH PREVENTION

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

HIPAA-HITECH: Privacy & Security Updates for 2015

ANNUAL SECURITY AWARENESS TRAINING 2012

Why was an extra step of choosing a Security Image added to the sign-in process?

New Zealand National Cyber Security Centre Incident Summary

Virtual Product Fair. Protect your agency data protect your business

SURVIVING THE CYBERPOCALYPSE. Craig Felty Vice President, Patient Care Services Hancock Regional Hospital

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Cyber Security Guide for NHSmail

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

Create strong passwords

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Cyber Security Risk Management and Identity Theft

WHITEPAPER. Protecting Against Account Takeover Based Attacks

Internal Audit Report DATA CENTER LOGICAL SECURITY

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

ASSESSMENT LAYERED SECURITY

Trustwave SEG Cloud BEC Fraud Detection Basics

Preventing fraud in public sector entities

Cyber Security Updates and Trends Affecting the Real Estate Industry

Target Breach Overview

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

Cyber Attack: Is Your Business at Risk?

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Today s Presentation. Define phishing Explain phishing techniques Examples of phishing Statistics about phishing Defense against Dark Arts Resources

ID Theft and Data Breach Mitigation

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Cybersecurity: Federalism as Defense-in-Depth

falanx Cyber Falanx Phishing: Measure your resilience

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Holiday Season Cyberattacks on Pace to Increase by Nearly 60%

Cyber Security Guide. For Politicians and Political Parties

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Phishing and Ransomware

Frequently Asked Questions (FAQ)

Caribbean Cyber Security: Not Only Government s Responsibility

Your security on click Jobs

Welcome. ScrogginsGrear clients. to Cybersecurity Education Series. Password Management & Public Wi-Fi Security

How Breaches Really Happen

Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)

Competitive Matrix - IRONSCALES vs Alternatives

Transcription:

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL RAHUL GUPTA SENIOR DEPUTY DISTRICT ATTORNEY ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-345-7722 EMAIL: rahul.gupta@da.ocgov.com DAVE WHITE INVESTIGATOR / FORENSIC EXAMINER ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-949-0719 EMAIL: dave.white@da.ocgov.com

CYBER CRIME REAL ESTATE

CYBER THREAT PAST/PRESENT

GLOBAL CYBER THREAT

IC3 2017 CYBER CRIME REPORT: USA

IC3 2017 CYBER CRIME REPORT: CALIFORNIA

January February March IC3 2017 CYBER CRIME REPORT: ORANGE COUNTY FIRST 3 MONTHS IN 2018: # of Victims: 383 392 452 Loss in Millions: $3.8 $3.8 $5.0

REAL ESTATE = DATA BUSINESS https://www.ocar.org/10-code-of-ethics/file.html

CCC 1798.29/.82 WHAT IS PII? Types of information that triggers the notice requirement: 1) An individual's name plus one or more of the following: *Social Security number, driver's license or California Identification Card number, financial account numbers, medical information, health insurance, or information collected through an automated license plate recognition system; or 2) User ID and password or other specified credentials permitting access to online accounts.

CCC 1798.29/.82 Data Breach Notification Data Breach Notice - Requires a business or a govt. agency that owns or licenses unencrypted computerized data, including PII to notify any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The law defines the term encrypted to mean rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security. California residents are also protected with respect to user names and e-mail addresses in combination with a password or security question and answer that would permit access to an online account. The notice must contain specific information, and it must use a title and headings, as specified. Any agency, person, or business that is required to issue a breach notice to more than 500 California residents must also electronically submit a single sample copy to the Attorney General.

ORANGE COUNTY CYBER TRENDS PHISHING SOCIAL MEDIA BEC / WIRE FRAUD RANSOMWARE PHONE SCAMS INSIDER THREATS

PHISING

REAL ESTATE PHISHING

PHISHING PROTECTION TIPS Do you recognize the sender of the email? Is the email general, Dear Sir or Madam? Does it contain any spelling or grammar errors? Does it have a download link or attachment? (Hover) Reply to the email and ask for a phone number I can t view the attachment on my phone right now, but I m really interested, can I call you? Use 2FA Two Factor Authentication Gmail, outlook, etc.

SOCIAL MEDIA RISKS

SOCIAL MEDIA TIPS Limit your social media footprint you don t need that many friends! Limit personal you information shared online. A social media profile is not a real person. Do basic google search / image search if contacted online. Check public data aggregator sites: www.whitepages.com www.spokeo.com www.pipl.com www.familytreenow.com Google yourself/learn How to opt out: https://lifehacker.com/how-to-opt-out-of-the-most-popular-peoplesearch-sites-1791536533

MILLENIAL MYTH

BEC /WIRE FRAUD Fake CEO email to accountant. Agent/Broker gets phished, criminal views emails and waits for closing (which means you were compromised for a while!) Criminal sends fake wiring instructions from either 1) real email address or 2) fake email address change one letter: bill@bestrealestate.com = bill@besttrealestate.com Jill_bestrealestate@gmail.com = jill_bestrrealestate@gmail.com Criminal will set mailbox rules to send victim emails into junk folder of Agent/Broker Criminal sends fake wiring instructions to victim.

BEC/WIRE FRAUD - SUCCESS STORY

BEC/WIRE FRAUD SUCCESS STORY

BEC / WIRE FRAUD TIPS DO NOT SEND WIRING INSTRUCTIONS VIA EMAIL, FAX OR TEXT! Always provide wiring instructions in person or over the phone. Have a set routine with clients, go over the routine, follow the routine. IE: Only send wires on Monday or Tuesday. Call before and after sending wire to confirm wiring instructions, banking and routing numbers are accurate. Use encrypted email features. (provide password over the phone!) Use Virtual Private Network (VPN). Use 2FA (2- factor authentication). If you ve been a victim act fast only 24-48 hour window to freeze funds. Contact bank, local LE and FBI immediately.

RANSOMWARE

RANSOMWARE

RANSOMWARE TIPS Back up, back up, back up! Back up important data to the cloud.

PHONE SCAMS

PHONE SCAMS - TIPS Don t share personal / banking information over the phone. Never let anyone take over / gain remote access to your computer. Never download team viewer at the direction of someone else. Be cautious of customer service / tech support websites.

INSIDER THREATS P vs. Dubose

INSIDER THREATS 2017 VERIZON DATA BREACH REPORT 53,308 security incidents, 2,216 data breaches, 65 countries, 67 contributors 76% of breaches were financially motivated 73% of cyberattacks were perpetrated by outsiders 28% of attacks involved insiders The insider threat can be particularly difficult to guard against it s hard to spot the signs if someone is using their legitimate access to your data for nefarious purposes

INSIDER THREAT TIPS Conduct thorough background checks or all new hires. Do Google / social media searches of all new hires. Do not let one single person hold the keys to the kingdom Keep copies of all server and admin passwords. Limit who has remote login access to the network/computers. Change passwords and remote access before terminating employees. Change passwords routinely. Use strong passwords. Back up, back up, back up! All important data to the cloud.

REAL ESTATE = DATA BUSINESS https://www.ocar.org/10-code-of-ethics/file.html

ORANGE COUNTY CYBER TRENDS PHISHING SOCIAL MEDIA BEC / WIRE FRAUD RANSOMWARE PHONE SCAMS INSIDER THREATS

Cyber resources NAR: https://www.nar.realtor/dataprivacy-security Small business: DHS https://www.dhs.gov/publication/stopthinkco nnect-small-business-resources Small and Medium Business US CERT https://www.us-cert.gov/ccubedvp/smb FBI www.ic3.gov OCDA REFraud@da.ocgov.com OCSD Cyber (714) 647-7000 http://www.ocsd.org/about/staysafeoc/c yber_safety

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL RAHUL GUPTA SENIOR DEPUTY DISTRICT ATTORNEY ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-345-7722 EMAIL: rahul.gupta@da.ocgov.com DAVE WHITE INVESTIGATOR / FORENSIC EXAMINER ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-949-0719 EMAIL: dave.white@da.ocgov.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback