Keep From Becoming a Victim of Cybercrime
April 5, 2018
Kristin E. Rosan
Partner, Madison & Rosan, LLP Attorneys at Law
Increasingly, real estate professionals are under attack by cybercriminals. Why? Because the industry is inherently consumer friendly and promotional personal information (email addresses and social media) is easily observable online. I can find your picture, figure out who you do business with (i.e., LinkedIn), and even get your email and phone numbers online. If you have not been attacked yet, you should expect to be attacked eventually. Nobody is immune. Experian, Uber, Target, LinkedIn, J.P. Morgan, Home Depot, Sony, Hilton Hotels, and Chipotle are just a few of the more prominent victims of criminal hacking. This is why protecting computer systems from a cybercriminal attack has quickly become a billion-dollar industry.
Though the methods cybercriminals use have changed over time, the underlying con remains the same. Initially, title companies began receiving fraudulent cashier’s checks. Telephone scams and fake emails followed, and now professionals are inundated with phishing emails. All, if successful, are ways for criminals to insert themselves in your transaction and steal your (or your client’s) money.
Phishing has become the method of choice as of late, but this can take several forms. Initially, it was an email from a friend or relative in trouble seeking financial assistance by requesting wired funds. Another phishing scheme involves an email sent from a company you do business with that appears to be from that company. It contains a link that, if clicked, allows the hacker access to your computer. The hacker can then send emails from an account similar to yours to clients or business associates to insert themselves in a transaction. For example, my name is Kristin Rosan, and the hacker sends an email to a colleague of mine from the address firstname.lastname@example.org. Do you think the recipient will realize that my last name is misspelled? Or how about email@example.com? Will they catch that? Making matters worse, because the hacker has read my email, the hacker has all of the details to make the recipient believe the email is from me, thus luring the recipient into the scheme.
Some phishing links take you to a website that appears identical to a website on which you conduct business (online banking, e-retail, or online email access). When you enter your username and password on the website, the hacker gains access to your personal financial information.
Cybercriminals are becoming increasingly clever and harder to spot. It is estimated that cybercrime cost the global economy $450 billion to $6 trillion dollars in 2017. Becoming a victim could result in financial devastation for you and your clients.
Now that I have your attention, below are some best practices to utilize to avoid becoming a victim.
- Make sure you have up-to-date security software
- Refrain from using general internet provider email accounts (e.g., Gmail, AOL, MSN, and Yahoo!)
- Don’t use flash drives that you do not own
- Scrutinize sender and links, attachments, or ZIP files in emails from outside your organization
- Don’t use public Wi-Fi
- Utilize strong passwords (passwords that have numbers and symbols) that are unrelated to any personal information that can be located online
- Disclose to clients that you will never ask for personal financial information via email
- Consider hiring an outside consultant to check your systems and make recommendations
- Verify that your Errors & Omissions policy covers cybercrimes, and, if it doesn’t, purchase a cyber insurance policy
- Always confirm financial information by telephoning your client
The one thing we can count on is that cybercrime is here to stay. Being aware of the methods and practices cybercriminals use is the first step in staying ahead of them; conducting a thoughtful analysis of your practice and any exposures is the next. Finally, employ the recommendations above to protect yourself and your clients from cyberattack.