Fraud

Cyber Incident Preparedness for Closing Attorneys

Standard

And what to do if you suspect a compromise

With the increase in wire fraud that is happening in closing offices around the country, our company recently shared two documents that I thought would be beneficial to pass along to all South Carolina dirt lawyers .

The first document is a Public Service Announcement from the FBI dated August 27, 2015 concerning Business Email Compromise (BEC). BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfers. Legitimate e-mail accounts are compromised through social engineering and computer intrusion to conduct unauthorized wire transfers.

We have seen this happen in more than one law firm in South Carolina!

cyber-fraud-theif

This PSA states that the total number of victims from October 2013 through August 2015 was 8,179 and the total exposed dollar loss was $798,897,959!

The second document was prepared by Linda Grahovec, the Director of Education and Marketing for our company. This document provides two cyber incident checklists, one for use in preparing, and the other for use if your office is attacked.

Here are three pieces of advice for all closing attorneys:

  1. Use an e-mail system that requires two-factor authentication;
  2. Never wire funds based on the content of an e-mail. Always assume e-mail has been compromised, and validate the information by phone. A good practice would be to refrain from sending wiring instructions by e-mail.
  3. If you suspect fraud, contact the bank immediately.

Please remain vigilant! Read everything you can on this topic, and continue to update and guard your systems. One incident could easily put a law firm out of business. Title insurance companies are excellent sources of information and training on these topics! Call on them!

Ransomware: A Scary Prospect for Dirt Lawyers

Standard

The Cyberdivision of the FBI is serious about ransomware!  An FBI speaker last Friday at the SC Bar’s excellent tech seminar, an annual seminar I highly recommend for solo and small firm lawyers, emphasized awareness and employee training are critical to prevent data losses in your operation.

Ransomware is a form of malware that is most often delivered through spear phishing e-mails. Spear phishing is a type of e-mail fraud that seeks unauthorized access to confidential data. Ransomware is what it sounds like. Once the fraudster gains access, your system is locked down, and money is demanded to provide access. You have to pay for your own data!

hacker

“H4ck3rz R Us, how can I help you?”

The FBI recommends prevention, business continuity and remediation, but suggests that there is no guarantee of prevention even with the most robust controls in place. Methods of prevention include:

  • Provide extensive awareness and training for your staff.
  • Use strong anti-virus and anti-malware solutions that are set up to update automatically.
  • Regular scans should be conducted of the anti-virus and anti-malware solutions.
  • No user should be assigned administrative access unless that access is absolutely needed.
  • Those with administrative accounts should only use them when necessary.
  • Keep access to a minimum. If a user only needs specific files, he or she should not have access to other files.
  • Ask your IT professionals to implement controls to avoid common ransomware techniques.

But since prevention is not guaranteed, the most attention should be paid to business continuity and remediation. In short, back up your data regularly and regularly verify the integrity of the backups.  Secure backups. Ensure backups are not connected to the computers and networks they are backing up.

The FBI does not endorse paying a ransom to the fraudsters and teaches that paying the ransom does not always ensure regaining access to data.

The FBI encourages victims to contact a local FBI office immediately to report a ransomware attempt and to request assistance. Victims are also encouraged to report cyber events to the FBI’s Internet Crime Complaint Center (www.ic3.gov.)

The SC Bar Warned Us!

Standard

And then it happened to me.

phishing dangerJune 9th’s E-Blast from the SC Bar contained the following warning:

Alert: Phishing emails targeting lawyers
SC Bar members are cautioned to be aware of emails indicating that a complaint has been made against the lawyer or firm, or that they contain a special message from the Bar president. Such emails are not coming from the Bar and would be an attempt to phish members. Delete them immediately. Phishing emails are fraudulent emails that may contain links to phony websites or may request that you share personal or financial information by using a variety of techniques.

There may be clues, including a suspicious “from” email address. The email may include directions to click on a link, which purports to be a copy of the complaint or of the “special message.” Do not click this link, as it could be an attempt to put “ransomware” on the affected computer. Bar members are reminded that any official grievance would come via U.S. mail from the Supreme Court and that any important Bar announcement would appear in E-Blast or would be sent by an individual Bar staff member.

And on June 20, I received the following e-mail:Microsoft Outlook - Memo Style

A “complaint” is enough to strike fear in the heart of any lawyer. The scammers rely on a stress-induced knee-jerk reaction result in clicking on the link. Clicking on the link is the first reflex in our fast-paced world. Fortunately, we have received warning after warning about this kind of phishing activity.

The most obvious clues in this particular scam were:

  1. The e-mail was from “complaint Dept” and the address was complaint.depts@outlook.com. Nothing there reflects the SC Bar.
  2. The name of our bar association is the South Carolina Bar. The South Carolina Bar Association is a common misnomer.
  3. I don’t have a “law practice”. I work for Chicago Title Insurance Company.
  4. The South Carolina Supreme Court handles disciplinary complaints, not the SC Bar. And the Office of Disciplinary Counsel uses snail mail.

A huge thanks to the SC Bar for the warning!  Be careful out there!

Beware of Cyberattacks on Free E-mail Services

Standard

Think a client won’t sue for misdirected funds?  Think again!

domain securityE-mail services, even those with the tightest security possible, can be hacked. We have heard local stories, as close as Rock Hill and Charleston, of funds being misdirected by cybercriminals through intercepting e-mails and sending out fraudulent wiring instructions.

Law firms have taken action: encrypting e-mails, adding tag lines to emails warning that wiring instructions will not be changed, adding warning paragraphs to engagement letters, in addition to normal security efforts. Many offices now require confirmation of all wiring instructions by a telephone calls initiated internally. No verbal verification?  No wires!

Last month, an attorney in New York was sued by her clients in a cybercrime situation. This time, the property was a Manhattan co-op, and the funds amounted to a $1.9 million deposit. The lawsuit alleged that the attorney used an AOL e-mail account that welcomed hackers. The complaint stated that had the attorney recognized the red flags or attempted to orally confirm the proper receipt of the deposit, the funds would have been protected.

The old phrase “you get what you pay for” is definitely applicable in these situation. Attorneys who continue to use free email services are putting themselves and their clients at greater risk for cyberattacks. Criminals understand that free email services have low security against cyber-intrusion, so they naturally gravitate to those accounts for their dirty work.

I heard one expert say that free e-mail services are not only not secure, they are also unprofessional! Surely, lenders will soon look at this issue as they decide who will handle their closings.

E-mail Hacking Scams Hitting Buyers in SC

Standard

Please get the word out to your clients!

hacker

As closing attorneys, title insurance agents and business men and women, we receive daily warnings about a myriad of e-mail hacking scams. Many of these schemes involve wiring instructions and attempts to divert escrow funds to remote accounts. Piecing together the two words “wiring” and “instructions” in the subject line of an e-mail seems to entice the worst kinds of fraudsters.

Our own office was hit a year or so ago. We were escrowing funds for an agent’s large commercial transaction, and the agent received a bogus e-mail purportedly but not actually from us telling him to send the money in a different direction. Thankfully, our very astute agent had attended sufficient seminars and read enough fraud alerts to take the simple step of calling us.  Fraud averted!

American Land Title Association and others have written that fraudsters are now attacking buyers, not just businesses who hold escrow funds. And it is happening here!

Within the last few weeks we have heard of three email securityattempts of this nature in Charleston, at least one of which was successful. A buyer wired $150,000 to the wrong account on a Friday afternoon based on a bogus e-mail, spoofed to appear as if it came from the closing attorney. The e-mail said the firm was busy, and advised the recipient not to call but to respond by e-mail if there were questions. That should have been the first clue. The buyer and the banker both said they thought the e-mail and wiring instructions looked funny. But they sent the money out anyway.

Buyers have not attended the seminars nor read the fraud bulletins that have inundated all of us in the last few years. Closing attorneys and real estate agents may be the best line of defense in this situation.

Please communicate with your clients and let them know that a simple telephone call can prevent the diversion of their savings to criminals!

Feds Play Shell Game in Manhattan And Miami

Standard

Title companies obligated to ID true owners behind shell entities.

Will this obligation migrate closer to home?

money launderingSecretly purchasing expensive residential real estate is evidently a popular way for criminals to launder dirty money. Setting up shell entities allows these criminals to hide their identities. When the real estate is later sold, the money has been miraculously cleaned.

The Federal government is seeking to stop this practice.

The Financial Crimes Enforcement Network (FinCEN) of the United States Department of the Treasury issued orders on January 13 that will require the four largest title insurance companies to identify the natural persons or “beneficial owners” behind the legal entities that purchase some expensive residential properties.

This is a temporary measure (effective March 1 to August 27) and is limited to at this point to the Borough of Manhattan in New York City, and Dade County, Florida, where Miami is located. In those two locations, the designated title insurance companies must disclose to the government the names of buyers who pay cash for properties over $1 million in Miami and over $3 million in Manhattan. FinCEN will require that the natural persons behind legal entities be reported if their ownership in the property is at least 25 percent.

FinCEN’s official mission is to safeguard the financial system of the United States from illicit use, to combat money laundering, and to promote national security through the collection, analysis and dissemination of financial intelligence.

FinancialCrimesEnforcementNetwork-Seal.svgThese orders are a continuation of FinCEN’s focus on anti-money laundering protections for the real estate sector. Previously, the focus was only on transactions involving lending. The new orders expand that focus to include the complex gap of cash purchases.

FinCEN’s Director, Jennifer Shasky Calvery, was quoted in the agency’s press release: “We are seeking to understand the risk that corrupt foreign officials, or transnational criminals, may be using premium U.S. real estate to secretly invest millions in dirty money.”

American Land Title Association officials met with FinCEN to confirm the details of the orders. Michelle Korsmo, Executive Direction of ALTA, indicated that ALTA is supportive of the effort but is concerned that the program must be implemented in order to determine whether it will work. She said it will be difficult for a title insurance company to figure out a transaction involving a major drug kingpin who buys a mansion through a string of shell corporations all over the world.

This phase of the new program is being called temporary and exploratory, meaning that it may or may not work, and if it does work, it may or may not be expanded to other locations. (Query:  why won’t a money launderer who seeks to purchase residential real estate during the initial phase of this program, simply change locations to Chicago, Houston, San Francisco or Los Angeles?)

We have no way of knowing whether or when this program might be expanded to South Carolina, but it is entirely likely that expensive properties along our coast are being used in similar money laundering schemes. Will South Carolina closing attorneys enjoy ferreting out this sort of information for the Government? We will keep a close watch on what occurs in New York and Florida during the first 180 days of this program.

At the Intersection of Football and Mortgage Fraud

Video

Five time NFL Pro-Bowler jailed

football fieldIt’s a sad day in South Carolina! Post-flood, many South Carolinians are reeling from the damage to their homes and businesses. Many are dealing with insurance companies and FEMA, and more continue to boil water and dodge blocked roads and bridges. And in the midst of our State’s recovery, legendary Coach Steve Spurrier is hanging up his visor after eleven years coaching our beloved Gamecocks. As I was thinking about the idea of loss today, I decided to write about a place where football and real estate (in this case real estate fraud!) intersect.

We need only look back as far as October 2, when retired NFL wide receiver Irving Fryar was sentenced to five years in prison by a state court in New Jersey on charges of conspiracy and theft by deception. Fryar’s mother, Allene McGhee, was given three-years’ probation on the same charges.

Irving Fryar was the first wide receiver to be the NFL’s number one draft pick in 1984 when the New England Patriots made him their top selection. In his remarkable 17-year career, he played for the Patriots, the Dolphins, the Eagles and the Redskins. He played in Super Bowl XX with the Patriots and scored the Patriots’ only touchdown in that game in their loss to the Bears. He made it to the Pro Bowl five times and retired in 2001.

He was, at times, a troubled player. In 1986, he missed a game after being injured in a domestic dispute with his pregnant wife. In 1988, he was arrested on weapons charges. There were also headlines involving drug use, depression and even attempted suicide. But he purportedly turned his life around. While still playing, he received a Ph.D. from the North Carolina College of Theology and became a minister. After retirement from the NFL, he founded New Jerusalem House of God in his home town, Mount Holly, New Jersey, and became its preacher. He was also a regular speaker at the NFL rookie symposium and a high school football coach. His message in all these capacities was “don’t do what I did”, and “it’s never too late for salvation”.

So where did this redemption story run off the rails? Prosecutors argued in a three-week jury trial that Fryar and his mother, along with a financial advisor who testified against them, used false employment and income information to close six home equity loans on Ms. McGhee’s home in Willingsboro, New Jersey in 2009 in a six-day period.  Loan applications stated that Ms. McGhee earned $6,000 per month as an events coordinator at her son’s church. Each lender agreed to make a loan on the belief that it would be in first lien position. Four of the loans were closed in a single day! Only a few payments were made, and the lenders had to either foreclose or write off their loans.

This mortgage fraud scheme will sound familiar to Columbia lawyers. Matthew Cox a/k/a Gary Sullivan moved to Columbia in the summer of 2004, buying two homes in northeast Columbia communities. He convinced the sellers in both transactions to enter into seller financing transactions. He forged mortgage satisfactions on the sellers’ mortgages and subsequently obtained multiple institutional mortgages on both properties within several days in February of 2005, amounting to more than $1 million. He then disappeared. This scam was widely reported in the real estate community in Columbia and in newspapers in three states. Matthew Cox was a former Tampa mortgage broker who was eventually convicted of mortgage fraud in Florida, South Carolina and Georgia and served time in federal prison.

I will never forget the phone call from a Columbia lawyer who said courthouse abstractors discovered this scheme on the day of the closings by conferring about the name of the borrower whose title they were all updating!

SpurrierNo dirt lawyer looks back with nostalgia at those days of loose lending practices that were a major factor in the global financial crisis. But Irving Fryar’s story is a reminder that the clean-up from those days is not over!

Now back to football. Steve Spurrier is an outstanding coach who has done a remarkable job in our state. I wish him good luck and God speed in retirement. Now, let’s find our next great coach!

Be Vigilant to Prevent “Business E-mail Compromise” Scams

Standard

fraud alertWire fraud is on the rise! Train your staff!

United States business e-mail accounts are under attack by sophisticated fraudsters.

The FBI, Financial Services Information Sharing and Analysis Center (FS-ISAC) and the United States Secret Service issued a financial services bulletin on June 19 warning against increasing wire transfer fraud against U.S. businesses referred to as “Business E-mail Compromise” (BEC) scams.

The bulletin warned that BEC is a type of payment fraud that involves the compromise of legitimate business e-mail accounts for the purpose of conducting unauthorized wire transfers.  Many compromised accounts belong to business CEOs or CFOs. The funds are primarily sent to Asia, but funds involved in these schemes have been diverted to locations around the globe.

BEC fraud compromises e-mail accounts through phishing, social engineering or malware used to obtain the user’s password. Once an e-mail account is compromised, fraudsters begin accessing and reviewing e-mails, including meeting and calendar information, contacts lists, and information concerning business partners, vendors and customers.

This activity enables the fraudsters to interject themselves into normal business communications masquerading as the person whose account was compromised. This reconnaissance stage lasts until the actor feel comfortable enough to send wire transfer instructions using either the victim’s e-mail or a spoofed e-mail account.   E-mails are typically sent to an employee with the ability to wire funds. A common tactic is to wait until the victim is away on legitimate business travel to send new wire instructions, making it more likely that individual would use e-mail to conduct business and making it more difficult to verify the transaction as fraudulent while the victim is in transit. The requests will sometimes state that the wire transfer is related to urgent or confidential business matters and must not be discussed with other company personnel.

Other incidents involve the compromise of a vendor or supplier’s e-mail account with the intention of modifying the bank account associated with that business. This scheme may also be labeled “vendor fraud” and often involves last minute changes of the bank and account number for future payments.

red-phoneThere is a relatively easy fix: all wire information received via e-mail should be verbally verified using established business telephone numbers.

Other suggestions to guard against this fraud are:

  1. Limit the number of employees with authority to handle wire transfers.
  2. Have a second employee designated as an approver for any wire transfer requests.
  3. Be careful opening attachments and clicking on links even if the e-mail appears to be from a legitimate source if you believe wire instructions may be included in the communication.
  4. Look out for e-mails that contain significant changes in grammar, sentence structure and spelling compared to previous communications.
  5. Look out for suspicious communications particularly toward the end of the week or the end of a business day. The fraudsters will have more time to access and divert funds.
  6. Maintain a file, preferably in non-electronic form, of vendor contact information, including telephone numbers.
  7. Look out for “spoofed” e-mail addresses that are made to look like the real addresses. Fraudsters use tactics like character substitution, addition and omission to make e-mails addresses appear legitimate. Here are some examples using a Chicago Title address, richard.roe@chicagotitle.com
  • roe@chicag0title.com
  • roe@chicagotit1e.com
  • roe@chicagotitlee.com
  • roe@chicagottle.com
  • roe.chicagotitle@gmail.com
  • roa@chicagotitle.com
  1. Be wary of wire transfers to countries outside of normal trading patterns.

ic3 circleIncidents should be reported to local offices of the FBI or Secret Service or to:

Dirt lawyers, protect your businesses and your clients’ funds by following these critical guidelines!