Phishing scam of the week

Standard

I have subscribed to “CyberheistNews” at knowbe4.com and highly recommend this brief newsletter as an excellent source for current information on the latest scams that may hit your office and personal computers.

The news this morning was striking because it involves current events. Social engineering follows seasonal patterns, as we know. We have noticed in our business, that long weekends lead to attacks because of the extra day that we may not be sitting at our desks to keep computer systems and our wires safe. The newsletter cites holiday-themed phishing attacks between Thanksgiving and New Year’s Day.

email fish hook

The news today involves implementation of the European data privacy regulation going into effect on May 25. It’s called General Data Protection Regulation (GDPR) and the scam email looks as if it is from Apple and claims that if you do not take action, your account will be “restricted”. But in fact, as usual, the scammers will attempt to steal your identity and credit card information.

In addition to looking legitimate, according to CyberheistNews, the bogus website is more sophisticated than most phishing sites because the fraudsters correctly set the web directory permissions and encrypted the spoofed site using Advanced Encryption Standard (AES) in order to successfully bypass some anti-phishing tools used in antivirus solutions.

The victim is asked to “update payment details” in order to see their accounts return to normal. Taking this action sends the victim’s payment information to the scammers.

According to the newsletter, companies worldwide are, in fact, working on becoming GDPR compliant and trying to make sure the people whose data they have collected have consented to give them information. Criminals are aware of this and are using this turn of events to their advantage.

And, then, there is the royal wedding. CyberheistNews’ advice about that is that the wedding is a scammer’s dream, and computer users should be advised to seek news about it only from trusted websites.

Don’t click links in emails or social media links related to the royal wedding or open suspicious attachments that claim any kind of problem with GDPR. Delete these emails or forward them to you IT experts.

And subscribe to this newsletter!

Advertisements

Real estate agent rental scam exposed

Standard

Two agents, one in Texas, and one in NY, allegedly involved

Most successful dirt lawyers have excellent working relationships with the real estate agents who assist their clients in buying, selling and leasing real estate. And most effective real estate agents prove themselves to be trustworthy in their business practices. Recently, two almost identical scams in remote states involved alleged real estate agents, according to a May 4 article in Housing Wire titled, “Two real estate agents caught behaving badly”, by Jacob Gaffney.

house sale fingers crossed

The first story is set in Missouri City, Texas, and was originally reported by the television station, KHOU 11 News. According to this story, police are investigating a woman purporting to be a real estate agent who approached John and Pamela Hall offering to sell their dream home located at the corner of Montego Bay and Palm Harbour. The Halls had already vacated the home, and the alleged real estate agent promised to sell the home quickly. Both homeowners signed the paperwork allowing the culprit to list their home.

Several days later, the Halls were called by someone interesting in renting their attractive waterfront home from a listing they saw on Craigslist. When the Halls investigated the Craigslist entry, they discovered that the alleged real estate agent had actually created fraudulent documents, including a power of attorney and a deed, to take title to their home in the name of an LLC. When the Halls drove by their property, they saw someone moving in! The new “tenant” reported that he had paid $5,000 up front to lease the home.

The television station attempted to find the real estate agent’s name in the records of The Texas Real Estate Commission, but no such agent was found. The culprit used different names in dealing with the Halls and the tenant, and, so far, has been successful in stealing $5,000. The scam has no doubt caused a great deal of inconvenience to the Halls, not to mention the potential expenditure of funds in the form of attorney’s fees necessary to straighten out the public records.

The second story took place in Hampton Bays, New York. Southhampton Town Police said they received two complaints in February involving an alleged real estate agent taking deposits for a rental home. The prospective tenants were told the home was not yet available when the respective move-in dates approached, and the home owners had no relationship with the real estate agent and never received rent. Additional victims came forward, and police arrested Melanie Williams, 54, in April, on three counts of fourth degree grand larceny and three counts of first degree scheme to defraud. Detectives say they believe there may be additional victims in this scheme.

The Russian proverb quoted by President Ronald Reagan seems to be good advice in any situation concerning a real estate agent, or any professional for that matter, who is not known personally. Tell your clients to trust but verify!

Family squabble leads to promissory estoppel claim

Standard

SC Court of Appeals doesn’t buy it

The facts of a recent Court of Appeals* case involve a dispute between brothers who immigrated from India. Sam Patel moved first, in 1979, and settled in Chicago. Sam’s extended family followed and lived with Sam and his wife. In 1989, Sam moved to Lynchburg, South Carolina, after he purchased a store on Willow Grove Road.

Sam’s family, along with his parents and his younger brother, Kim, followed. The family worked in and lived on the store property. The business grew, and the brothers acquired a store in Sumter. Kim Patel operated the store in Sumter, while Sam Patel continued to operate the store in Lynchburg. Over the years, Sam helped Kim financially.

grocery store country

By 2010, Sam owned three parcels in Lynchburg and operated a liquor store, a grill and a gas station. Sam, himself, faced financial difficulties at this time, and his properties were foreclosed on by First Citizens. At Sam’s request, Kim purchased the properties through the foreclosure in the name of a limited liability company. Sam continued to run businesses on the properties and placed his businesses in the name of another limited liability company.

Sam’s LLC obtained the operating, lottery and alcohol licenses for the properties and made improvements. But Kim’s LLC expended funds for gasoline purchases and property taxes. There was never a lease or written agreement between the brothers or their entities concerning rent and expenses. And when Sam failed to pay rent, Kim’s LLC brought a suit for ejectment and damages. Sam and his LLC counterclaimed, alleging Kim had promised to convey the title to him.

At trial, the brothers gave conflicting accounts of their verbal arrangement. Kim testified that he told Sam he could continue to operate the businesses for six or seven months rent-free so Sam could get back on his feet. After that time frame, Kim expected his brother to pay rent, taxes, insurance and maintenance. Sam testified that Kim purchased the properties in order to convey them back to Sam. Sam intended to repay Kim over three to five years and have title returned to him after repayment.

The special referee’s order stated that Sam owned an equitable interest in the properties and had a right to repurchase them, but that Sam owed Kim approximately $42,000 for expenses.

The Court of Appeals held that Sam’s claim of an equitable interest based on promissory estoppel failed, stating that promissory estoppel is a flexible doctrine that aims to achieve equitable results, but it, like all creatures of equity, has limitations. The court said promissory estoppel is a quasi-contract remedy with four elements:  (1) a promise unambiguous in its terms; (2) reasonable reliance upon the promise; (3) the reliance is expected and foreseeable by the party who makes the promise; and (4) the party to whom the promise is made must sustain injury in reliance on the promise. The court held that Sam’s claim failed on the first two elements.

The testimony of Sam and Kim at trial made it clear, according to the Court, that there was no meeting of the minds as to the terms of the alleged contract. In other words, there was no unambiguous promise to be enforced. And Sam’s reliance was held to be unreasonable in light of the ambiguities of the alleged promise.

The case was remanded to the special referee to conduct the eviction proceeding and to determine rent and expenses between the parties.

 

A&P Enterprises, LLC. v. SP Grocery of Lynchburg, LLC, South Carolina Court of Appeals Opinion 5545 (March 28, 2018).

Two new fraud scams

Standard

The fraudsters keep updating their repertoires!

Fraudsters are creative! It seems as soon as we learn and educate our staff members about new fraud schemes, the swindlers change their schemes to keep us on our toes. I wanted to pass along two new schemes that recently came to my attention.

The first was reported in our company publication, Fraud Insights, and it involved a residential sale in Las Vegas. An astute title insurance company employee, Larissa Conrad, was able to frustrate the fraudster’s plans. Here’s how the scheme unfolded. On March 7, Larissa sent an estimated closing statement to the listing agent. The closing involved the payoff of a Wells Fargo mortgage. The listing agent purportedly sent back to Larissa, by email, an “updated” payoff statement. Larissa compared the two payoff statements carefully. The wiring instructions were particularly troubling:

Larissa called the payoff lender and confirmed her suspicion that the second payoff was from a fraudster. She then called the listing agent, using a trusted telephone number, and reported that someone was posing as him in the transaction and sending emails from an account that looked like his. She wired the correct payoff amount using the correct wiring instructions, saving $153,300.37.

The second scam, involving texting, was reported by CyberheistNews. The victim receives a text asking whether a password reset for a Gmail account has been requested. If not, the text advises, please reply with the word “STOP”. If the victim replies with “STOP”, the next text urges the victim to send a six-digit numerical code in order to prevent the password from being changed. By sending the code back to the attacker, the victim is enables the bad guy to complete the password change and to have access to the account and all its email.

Remember that Google and other companies will not ask whether you don’t want to do something with your account. A reply to a text like this often notifies the fraudster that a valid telephone number has been reached.

two factor authentication

A two-factor authentication process is highly recommended because it provides an additional layer of security and makes it harder for attackers to gain access. The victim’s password alone is not enough to pass a two-factor authentication process. Typically, the first authentication factor would be based on knowledge (a password) and the second factor would be based on possession (of an ID card, a token or a smartphone, for example). Ask your IT professionals for assistance is keeping your accounts safe by using this process.

And, as always, the best advice may be to keep schooling yourself about the various scams as they are reported. I’ll do my best to help!