Take a look: deep within the Internet is a secretive place…

Standard

.. where criminals buy and sell your private information

Nobody in my household is old enough to receive publications from AARP. (And if you believe that, I should either say “thank you” or try to sell you that beautiful 8-lane bridge crossing the Cooper River in Charleston.) But, for some reason, AARP’s September Bulletin arrived in my mailbox today, and it contained an excellent article entitled “Inside the Dark Web” that provides the best information on that topic than I’ve read to date. You can read the article here.

The article, written by Doug Shadel with Neil Wertheimer, said much of the available information on the dark web comes from Brett Johnson, an “imposing and charismatic” former criminal once dubbed the “Original Internet Godfather.” Johnson created “Shadowcrew”, one of the first online forums where criminals could buy guns, credit cards, Social Security numbers, and drugs. He landed on the Secret Service’s most-wanted list and was in and out of prison for a decade. The other source of information is a character who is now in prison and who asked to be called “Blue London” in this article. Today, according to this article, Brett and Blue are willing to share detail about the dark web, Brett, as a law enforcement consultant, and Blue, as an inmate who wants to reduce his prison sentence.

dark web

The article describes the entire content of the web. The “surface web”, which makes up 5-10% of the Internet, consists of sites that show up when you use normal search engines like Google, Yahoo and Bing. These sites encompass news, entertainment, products, services and consumer information. The creators of these sites, like Wikipedia, Amazon and WebMD, want lots of people to see them.

The “deep web”, which makes up 90-95% of the Internet, consists of pages requiring a password and can’t be accessed by normal search engines. These sites include online banking, subscription websites, government records, emails and most social media content. Examples include PayPal, Netflix, LinkedIn, Instagram and Dropbox.

The “dark web”, which makes up just 01% of the Internet, consists of sites that provide anonymity to users and go largely unregulated. Many are legal. For example, sites service as outlets for human rights activists can be found on the dark web. But the dark web is also used by criminals to make illicit purchases and sales with total anonymity. Cryptocurrency like Bitcoin is used to make the transactions untraceable.

The article described AlphaBay, a site that, before it was taken down in 2017 by the FBI, had over 200,000 users and took in between $600,000 and $800,000 daily, mostly drug related. But that site also dealt in stolen personal IDs, stolen credit card numbers and hacking tools.

Brett and Blue showed the authors of the article many other inhabitants of the dark web that moved in to take the place of AlphaBay. These sites sell the items marketed on AlphaBay plus logins and passwords, credit reports, and “fullz” which translates to a “complete package of everything needed to commit identity theft: Social Security number, date of birth, mother’s maiden name, address, phone numbers, driver’s license number and more.”  Blue said a fullz can sell for $20-$130, depending on the victim’s age and credit score.

Data can also be sold piecemeal. Brett asked the author his wife’s name and quickly found her Social Security number available for purchase at $2.99. The author also paid a small fee and received a 92-page report containing all his current and previous addresses, phone numbers, social media sites and email addresses. The report also contained descriptions of his family members and neighbors and details about properties he has owned.

Much of the data, according to this article, goes up for sale shortly after it is stolen. The huge data breaches we hear about routinely apparently flood the market and deflate prices. Brett and Blue told the author that they could study social media sites to harvest data for criminal purposes. Many sites use “knowledge-based authentication” (KBA) questions, which should be information that only the user knows. But if the user adds this type of information to social media sites, the scammers can successfully mine the information.

The article provides some advice to stop the cybercriminals. First, we should all simply assume that our information is already “out there” on the Internet, and take action to protect ourselves. Cybersecurity experts and former criminals agree on three steps to help us all stay safe:  freeze credit, closely monitor all accounts and use a password manager. The author said he fully subscribes to this advice and has taken all three steps. I’m at two out of three. What about you?

(You can thank me later for directing you to this outstanding article that you are much too young to read.)

Advertisements

ALTA develops wire fraud rapid response plan

Standard

Dirt lawyers:  post this in your office!

alta-color-regIn this era where cybersecurity is our greatest challenge, American Land Title Association has benefited all of us in the real estate industry by developing a rapid response plan for wire fraud incidents. Two links are here, one to the plan itself and another to a response worksheet.

Many of our offices have been challenged with these incidents, and we have learned that time is of the essence. We are, in fact, hearing more and more stories where the diverted money (or some of it) actually gets returned when action is taken quickly. Every second counts! Use these resources to guide you and your staff in reacting immediately.

This plan guides offices in contacting banks, parties to the transaction and law enforcement officials at various levels. Websites for notices are included.

I recommend that you save these resources in a place where everyone in your office can access them. And I recommend that you make hard copies and post them in a central location in your office.

Be safe out there!

And thank you, American Land Title Association!

Beware of new deceptive strains of payroll phishing

Standard

hacker dollar

This blog has recommended KnowBe4 previously as an impressive source of news on cybersecurity. I have subscribed to the newsletter and receive weekly, timely and scary cybercrime updates in my inbox. I recommend to all lawyers that they spend the time and funds necessary to remain safe and vigilant in the arena of cybersecurity. Nothing is more important to us than the safety of our clients’ funds. In this case, however, it is our operating funds and our employees’ funds that are at risk. Those funds are important, too!

The July 10 newsletter was particularly interesting in that it reports a new strain of payroll phishing that has surfaced recently. The bad actors pose as employees and request a specific pay stub from a payroll administrator or corporate executive. KnowBe4 reports that it has seen hundreds of these phishing attempts, all almost identically worded and possibly coming from one set of fraudsters. All of the emails came from an “oddball Comcast.net email address” with nonsense usernames of similar length.

Please read this newsletter carefully and pay attention to the emails and supporting documents. In this particular case, the bad actors opened a bank account, ordered checks for that account and used one of those checks to support the phishing attempt.

Unfortunately, many of the targeted payroll employees, always willing to help employees with their payroll concerns, have responded to the requests. The emails are simple, direct and dispense with any attempt to construct believable backstories or pretexts.  According to KnowBe4, the emails invite an unthinking, reflexive response from targeted users.

Share this information with your staff members and encourage them to avoid those unthinking, reflexive responses!

Feds extend timeframe of FinCEN order

Standard

Will this obligation eventually extend to South Carolina?

Secretly purchasing expensive real estate continues to be a popular method for criminals to launder dirty money. Setting up shell entities allows these criminals to hide their identities. When the real estate is later sold, the money has been miraculously cleaned.

In early 2016, The Financial Crimes Enforcement Network (FinCEN) of the United States Department of the Treasurer issued an order that required the four largest title insurance companies to identify the natural persons or “beneficial owners” behind the legal entities that purchase some expensive residential properties.

shutterstock_1074483872

At that time, the reach of the project extended to the Borough of Manhattan in New York City, and Dade County, Florida, where Miami is located. In those two locations, the designated title insurance companies were required to disclose to the government the names of buyers who paid cash for properties over $1 million in Miami and over $3 million in Manhattan. The natural persons behind the legal entities had to be reported for any ownership of at least 25 percent in an affected property.

By order effective August 28, 2016, all title insurance underwriters, in addition to their affiliates and agents, were required to be involved in the reporting process, and the footprint of the project was extended.

The targeted areas and their price thresholds as of August 28, 2016 were:

  • Borough of Manhattan, New York; $3 million;
  • Boroughs of Brooklyn, Queens and Bronx, New York; $1.5 million;
  • Borough of Staten Island, New York; $1.5 million;
  • Miami-Dade, Broward and Palm Beach Counties, Florida; $1 million;
  • Los Angeles, San Francisco, San Mateo, Santa Clara and San Diego Counties, California; $2 million; and
  • Bexar County (San Antonio), Texas; $500,000.

By order effective September 22, 2017, wire transfers were included, and the footprint of the project will include transactions over $3 million in the city and county of Honolulu, Hawaii.

The Geographic Targeting Orders were updated again beginning March 21, 2018, and extended to September 16, 2018

Although the initial project was termed temporary and exploratory, FinCEN has indicated that the project is helping law enforcement identify possible illicit activity and is also informing future regulatory approaches.

We have no way of knowing whether or when this program may be expanded to South Carolina, but it is entirely likely that expensive properties along our coast are being used in money laundering schemes. We will keep a close watch on this program for possible expansion!

New Cybersecurity law in SC affects insurance companies and agents

Standard

The effective date is January 1, 2019

South Carolina’s legislature passed a cybersecurity bill on April 18, and Governor Henry McMaster signed it into law on May 3. The new law, which requires that insurers and producers (agents) must establish “strong and aggressive” programs to protect companies and consumers from data breaches, goes into effect at the beginning of next year. The law is called South Carolina Data Security Act, and it will be found at §38-99-10 et seq. of the South Carolina Code.

Insurers and agents must develop, implement and maintain a comprehensive written information security program based on internal risk assessments which contain administrative, technical and physical safeguards for the protection of nonpublic information.

New rules were created that include overseeing third party providers, investigating data breaches and notifying regulators, including the South Carolina Department of Insurance, of cybersecurity events.

security unlocked data breach

Notification is required to the DOI within 72 hours after determining a cybersecurity event has occurred. Each incident must also be investigated to determine the scope of the breach, the nonpublic information compromised, and the measures to restore the security of the information.

Safe guarding individual insurance policy holders’ personal information is a high priority in the wake of several major insurance companies’ data breaches. Insurers and agents are required to mitigate the potential damage caused by date breaches.

South Carolina was the first state to pass this measure based on the model law developed by the National Association of Insurance Commissioners Cybersecurity Working Group. South Carolina Insurance Director Raymond Farmer chaired the group.

How will this new law be applied to real estate lawyers who are also title insurance agents?  My guess is that the title insurance companies, which probably already have complying programs in place, will provide guidance to their agents between now and the end of the year. Stay tuned!

Phishing scam of the week

Standard

I have subscribed to “CyberheistNews” at knowbe4.com and highly recommend this brief newsletter as an excellent source for current information on the latest scams that may hit your office and personal computers.

The news this morning was striking because it involves current events. Social engineering follows seasonal patterns, as we know. We have noticed in our business, that long weekends lead to attacks because of the extra day that we may not be sitting at our desks to keep computer systems and our wires safe. The newsletter cites holiday-themed phishing attacks between Thanksgiving and New Year’s Day.

email fish hook

The news today involves implementation of the European data privacy regulation going into effect on May 25. It’s called General Data Protection Regulation (GDPR) and the scam email looks as if it is from Apple and claims that if you do not take action, your account will be “restricted”. But in fact, as usual, the scammers will attempt to steal your identity and credit card information.

In addition to looking legitimate, according to CyberheistNews, the bogus website is more sophisticated than most phishing sites because the fraudsters correctly set the web directory permissions and encrypted the spoofed site using Advanced Encryption Standard (AES) in order to successfully bypass some anti-phishing tools used in antivirus solutions.

The victim is asked to “update payment details” in order to see their accounts return to normal. Taking this action sends the victim’s payment information to the scammers.

According to the newsletter, companies worldwide are, in fact, working on becoming GDPR compliant and trying to make sure the people whose data they have collected have consented to give them information. Criminals are aware of this and are using this turn of events to their advantage.

And, then, there is the royal wedding. CyberheistNews’ advice about that is that the wedding is a scammer’s dream, and computer users should be advised to seek news about it only from trusted websites.

Don’t click links in emails or social media links related to the royal wedding or open suspicious attachments that claim any kind of problem with GDPR. Delete these emails or forward them to you IT experts.

And subscribe to this newsletter!

Real estate agent rental scam exposed

Standard

Two agents, one in Texas, and one in NY, allegedly involved

Most successful dirt lawyers have excellent working relationships with the real estate agents who assist their clients in buying, selling and leasing real estate. And most effective real estate agents prove themselves to be trustworthy in their business practices. Recently, two almost identical scams in remote states involved alleged real estate agents, according to a May 4 article in Housing Wire titled, “Two real estate agents caught behaving badly”, by Jacob Gaffney.

house sale fingers crossed

The first story is set in Missouri City, Texas, and was originally reported by the television station, KHOU 11 News. According to this story, police are investigating a woman purporting to be a real estate agent who approached John and Pamela Hall offering to sell their dream home located at the corner of Montego Bay and Palm Harbour. The Halls had already vacated the home, and the alleged real estate agent promised to sell the home quickly. Both homeowners signed the paperwork allowing the culprit to list their home.

Several days later, the Halls were called by someone interesting in renting their attractive waterfront home from a listing they saw on Craigslist. When the Halls investigated the Craigslist entry, they discovered that the alleged real estate agent had actually created fraudulent documents, including a power of attorney and a deed, to take title to their home in the name of an LLC. When the Halls drove by their property, they saw someone moving in! The new “tenant” reported that he had paid $5,000 up front to lease the home.

The television station attempted to find the real estate agent’s name in the records of The Texas Real Estate Commission, but no such agent was found. The culprit used different names in dealing with the Halls and the tenant, and, so far, has been successful in stealing $5,000. The scam has no doubt caused a great deal of inconvenience to the Halls, not to mention the potential expenditure of funds in the form of attorney’s fees necessary to straighten out the public records.

The second story took place in Hampton Bays, New York. Southhampton Town Police said they received two complaints in February involving an alleged real estate agent taking deposits for a rental home. The prospective tenants were told the home was not yet available when the respective move-in dates approached, and the home owners had no relationship with the real estate agent and never received rent. Additional victims came forward, and police arrested Melanie Williams, 54, in April, on three counts of fourth degree grand larceny and three counts of first degree scheme to defraud. Detectives say they believe there may be additional victims in this scheme.

The Russian proverb quoted by President Ronald Reagan seems to be good advice in any situation concerning a real estate agent, or any professional for that matter, who is not known personally. Tell your clients to trust but verify!