Phishing scam of the week

Standard

I have subscribed to “CyberheistNews” at knowbe4.com and highly recommend this brief newsletter as an excellent source for current information on the latest scams that may hit your office and personal computers.

The news this morning was striking because it involves current events. Social engineering follows seasonal patterns, as we know. We have noticed in our business, that long weekends lead to attacks because of the extra day that we may not be sitting at our desks to keep computer systems and our wires safe. The newsletter cites holiday-themed phishing attacks between Thanksgiving and New Year’s Day.

email fish hook

The news today involves implementation of the European data privacy regulation going into effect on May 25. It’s called General Data Protection Regulation (GDPR) and the scam email looks as if it is from Apple and claims that if you do not take action, your account will be “restricted”. But in fact, as usual, the scammers will attempt to steal your identity and credit card information.

In addition to looking legitimate, according to CyberheistNews, the bogus website is more sophisticated than most phishing sites because the fraudsters correctly set the web directory permissions and encrypted the spoofed site using Advanced Encryption Standard (AES) in order to successfully bypass some anti-phishing tools used in antivirus solutions.

The victim is asked to “update payment details” in order to see their accounts return to normal. Taking this action sends the victim’s payment information to the scammers.

According to the newsletter, companies worldwide are, in fact, working on becoming GDPR compliant and trying to make sure the people whose data they have collected have consented to give them information. Criminals are aware of this and are using this turn of events to their advantage.

And, then, there is the royal wedding. CyberheistNews’ advice about that is that the wedding is a scammer’s dream, and computer users should be advised to seek news about it only from trusted websites.

Don’t click links in emails or social media links related to the royal wedding or open suspicious attachments that claim any kind of problem with GDPR. Delete these emails or forward them to you IT experts.

And subscribe to this newsletter!

Advertisements

Real estate agent rental scam exposed

Standard

Two agents, one in Texas, and one in NY, allegedly involved

Most successful dirt lawyers have excellent working relationships with the real estate agents who assist their clients in buying, selling and leasing real estate. And most effective real estate agents prove themselves to be trustworthy in their business practices. Recently, two almost identical scams in remote states involved alleged real estate agents, according to a May 4 article in Housing Wire titled, “Two real estate agents caught behaving badly”, by Jacob Gaffney.

house sale fingers crossed

The first story is set in Missouri City, Texas, and was originally reported by the television station, KHOU 11 News. According to this story, police are investigating a woman purporting to be a real estate agent who approached John and Pamela Hall offering to sell their dream home located at the corner of Montego Bay and Palm Harbour. The Halls had already vacated the home, and the alleged real estate agent promised to sell the home quickly. Both homeowners signed the paperwork allowing the culprit to list their home.

Several days later, the Halls were called by someone interesting in renting their attractive waterfront home from a listing they saw on Craigslist. When the Halls investigated the Craigslist entry, they discovered that the alleged real estate agent had actually created fraudulent documents, including a power of attorney and a deed, to take title to their home in the name of an LLC. When the Halls drove by their property, they saw someone moving in! The new “tenant” reported that he had paid $5,000 up front to lease the home.

The television station attempted to find the real estate agent’s name in the records of The Texas Real Estate Commission, but no such agent was found. The culprit used different names in dealing with the Halls and the tenant, and, so far, has been successful in stealing $5,000. The scam has no doubt caused a great deal of inconvenience to the Halls, not to mention the potential expenditure of funds in the form of attorney’s fees necessary to straighten out the public records.

The second story took place in Hampton Bays, New York. Southhampton Town Police said they received two complaints in February involving an alleged real estate agent taking deposits for a rental home. The prospective tenants were told the home was not yet available when the respective move-in dates approached, and the home owners had no relationship with the real estate agent and never received rent. Additional victims came forward, and police arrested Melanie Williams, 54, in April, on three counts of fourth degree grand larceny and three counts of first degree scheme to defraud. Detectives say they believe there may be additional victims in this scheme.

The Russian proverb quoted by President Ronald Reagan seems to be good advice in any situation concerning a real estate agent, or any professional for that matter, who is not known personally. Tell your clients to trust but verify!

Two new fraud scams

Standard

The fraudsters keep updating their repertoires!

Fraudsters are creative! It seems as soon as we learn and educate our staff members about new fraud schemes, the swindlers change their schemes to keep us on our toes. I wanted to pass along two new schemes that recently came to my attention.

The first was reported in our company publication, Fraud Insights, and it involved a residential sale in Las Vegas. An astute title insurance company employee, Larissa Conrad, was able to frustrate the fraudster’s plans. Here’s how the scheme unfolded. On March 7, Larissa sent an estimated closing statement to the listing agent. The closing involved the payoff of a Wells Fargo mortgage. The listing agent purportedly sent back to Larissa, by email, an “updated” payoff statement. Larissa compared the two payoff statements carefully. The wiring instructions were particularly troubling:

Larissa called the payoff lender and confirmed her suspicion that the second payoff was from a fraudster. She then called the listing agent, using a trusted telephone number, and reported that someone was posing as him in the transaction and sending emails from an account that looked like his. She wired the correct payoff amount using the correct wiring instructions, saving $153,300.37.

The second scam, involving texting, was reported by CyberheistNews. The victim receives a text asking whether a password reset for a Gmail account has been requested. If not, the text advises, please reply with the word “STOP”. If the victim replies with “STOP”, the next text urges the victim to send a six-digit numerical code in order to prevent the password from being changed. By sending the code back to the attacker, the victim is enables the bad guy to complete the password change and to have access to the account and all its email.

Remember that Google and other companies will not ask whether you don’t want to do something with your account. A reply to a text like this often notifies the fraudster that a valid telephone number has been reached.

two factor authentication

A two-factor authentication process is highly recommended because it provides an additional layer of security and makes it harder for attackers to gain access. The victim’s password alone is not enough to pass a two-factor authentication process. Typically, the first authentication factor would be based on knowledge (a password) and the second factor would be based on possession (of an ID card, a token or a smartphone, for example). Ask your IT professionals for assistance is keeping your accounts safe by using this process.

And, as always, the best advice may be to keep schooling yourself about the various scams as they are reported. I’ll do my best to help!

Despite a decade of litigation by lot owners….

Standard

Two Surfside golf courses are being redeveloped into residential lots

The North and South courses at Deer Track Golf Resort in Deerfield Plantation have been closed for more than ten years and are finally being redeveloped as residential lots. Adjacent lot owners waged class actions in Horry County seeking to have the use of the properties in question restricted to golf courses or open spaces. While these battles were being waged in court, nature attempted to reclaim the properties. One property owner testified that his views changed from overlooking a manicured golf course to overlooking a “sea of weeds”.

Similar battles have been successful in other parts of the country. The cases are fact intensive and turn on the law of implied easements, which, of course, varies widely from state to state. Plats showing golf courses may provide rights in adjacent lot owners, depending on the recorded documents, the sales program and the law of implied easements in the location.

golf course

Let’s look at how the Deerfield Plantation cases were decided. First, the facts:  The golf courses and surrounding residential subdivisions were originally developed beginning in the late 1970’s. The plats contained notes to the effect that the streets were dedicated for public use but the golf courses were to be maintained privately and were specifically not dedicated to public use.

The covenants gave the lot owners no rights, property, contractual, or otherwise, in the golf courses. A Property Report that was delivered to all prospective lot purchasers described the costs of golf memberships, which were not included in lot prices, and stated that to be allowed to use the golf courses, members would be required to pay initial dues and annual dues and fees. The real estate agents made it clear during the sales program that the mere purchase of a lot did not give a lot owner any right or entitlement to use the golf courses. The deeds of the lots did not convey any easements or other interests in the golf courses.

One plaintiff, who was also a real estate agent, testified that he was never told the golf courses would operate in perpetuity and that the real estate agents never told other potential purchasers that the golf courses would always exist on the properties.

What caused the golf courses to fail? When the golf courses opened, there were 30 – 40 golf courses in the Myrtle Beach area. By the time the golf courses closed, there were nearly 125 courses. Property taxes in the golf courses increased from $7,800 per year to $90,000 per year.  And then the economy tanked. These three factors have occurred across the country to varying extents.

Now, let’s look at South Carolina law. In one of the cases, a 38-page Order of Thomas J. Wills, Special Referee, examined the law of implied easements in South Carolina. I’m summarizing and eliminating the citations for this brief discussion.

The Order states that implied easements are not favored by the courts in South Carolina and must be strictly construed. The intent of the parties controls the existence and scope of implied easements, and the best evidence of that intent is the recorded documents. While case law in South Carolina is clear that lot owners in subdivisions hold easements in streets shown on plats by which their lots are sold, the order states that this rule does not extend beyond access, which is necessary and expected for residential purposes. Finally, the order states that no implied easements in views, breezes, light or air exist in this state.

Finally, these golf courses will be redeveloped into new residential subdivisions. Will we see more of this litigation in South Carolina? Probably. While the law in South Carolina appears generally to favor redevelopment in these cases, there is no doubt that the facts in some of the situations may give rise to implied easements in adjacent lot owners, even in the face of our law.

Dirt lawyers: Did you know some County boundary lines in South Carolina are changing?

Standard

For your reading pleasure, here is a repost of an excellent blog (with maps!) by my friend Josh Lonon of The Wyche Firm in Greenville. We will have to pay particular attention as this un-folds. Some of us who have been involved in the practice of real estate law for many years will remember confusion and extra work for title examiners and practitioners when other county boundary lines changed. Thanks, Josh, for the great information!

HOA foreclosures are being challenged on multiple levels in SC

Standard

The HOA won in a recent Court of Appeals case

In January, I blogged about a Federal class action lawsuit filed in Charleston seeking to invalidate non-condo foreclosures by owners’ associations. You can read that blog here but the short version is that the suit challenges foreclosures on the grounds that these non-profit corporations don’t have the power to create liens for unpaid assessments prior to obtaining judicial judgments. Condominium associations established through the Horizontal Property Regime Act have statutory authority to create liens, but the power of non-condo projects is created by restrictive covenants. We’ll have to wait and see how that suit turns out, but if the plaintiffs there are successful, foreclosure practice will change drastically in South Carolina.

gavel house

Our Court of Appeals decided a case* on April 4th that could have made drastic changes in another way. In fact, Richland County’s Master-in-Equity, Joseph Strickland, stated in his order that “the practice of homeowners’ association foreclosures would effectively be eradicated if (the Plaintiffs’) position came to bear.”

This appeal was handled by the law office of my friend, Brian Boger, a Columbia lawyer and well-known champion of consumers’ rights. The appeal argued that the $3,036 successful bid “shocked the conscience” and violated equitable principles. The parties agreed that the home was valued at $128,000. There was a mortgage balance of $66,004, leaving equity of $61,996. The Hales did not argue that there were irregularities in foreclosure process, but instead argued that the low bid should have encouraged the Master to use his gavel to “do equity”.

Comparing the successful bid to their equity using the “Equity Method”, the Hales argued that the bid amounted to 4.8% of the fair market value of the property. The HOA argued, using the “Debt Method”, that the bid must be added to the senior mortgage balance to judge its sufficiency because the successful bidder would have to pay the senior mortgage to have good title. In this case, using the Debt Method, the bid amounted to 54.94% of the fair market value. The Court of Appeals agreed that the Debt Method was the proper method for considering a senior encumbrance in a foreclosure.

The Court found no South Carolina cases that expressly weighed the two methods of judging a bid, but pointed to prior cases that considered the amount of a senior mortgage in the determination and found a 3.15% bid sufficient. One reason the Court of Appeals prefers the Debt Method is that it will result in “fewer set asides”.  In other words, the Court of Appeals is not interested in upsetting the foreclosure practice applecart at this point.

Justice Lockemy dissented, stating that he thought it improper to give a judicial sale buyer credit for assuming a debt it is not legally required to pay. He said the Court’s decision could create a perverse circumstance where a judicial sale bidder purchases property for a de minimis amount simply to capitalize on rental revenue until the senior lienholder forecloses. The majority called this argument a solution in search of a problem because there was no evidence that the successful bidder in this case was engaged in such a scheme and because the successful bidder must satisfy the mortgage to obtain clear title.

Foreclosure practice in South Carolina remains the same…for now.

* Winrose Homeowners’ Association, Inc. v. Hale, South Carolina Court of Appeals Opinion 5549 (April 4, 2018)

Scary telephone identity compromise story from one of our own

Standard

Our company distributes a great publication, Fraud Insights, which tells scary fraud stories every month. Lisa Tyler, National Escrow Administrator, edits this publication and does a great job keeping us informed about new scams. A Fraud Insights story in March came from one of our company employees who told her personal identity compromise story to prevent it happening to the rest of us. I’m going to translate the story to South Carolina terms and call the victim Pam Paralegal.

Pam Paralegal was working on a messy residential purchase file in her office in Charleston and was not focusing on the telephone call on her cell phone that she received purportedly from her personal bank. The caller ID was indeed Pam’s bank’s name. When Pam answered, the caller identified herself as Jill Jones and said she was with the fraud department of the bank. Ms. Jones said she was going to text a code to Pam to confirm Pam’s identity.

scammer calling

Pam received the text code and read it back to Ms. Jones.  Ms. Jones then asked if Pam had authorized a $1,000 transfer from her account that morning. Pam said that she had not made that transfer. Pam told Ms. Jones that she would log into her online account to determine whether that transfer was showing up, but Ms. Jones told Pam the bank had already shut down her ability to access her account via the Internet. Ms. Jones told Pam that she needed her to read off an additional text code to authorize the shutdown. When Pam read the second text code back, the phone line went dead.

Pam immediately started receiving emails from her real bank. The first email confirmed a change in Pam’s password. The second email confirmed Pam had authorized a $1,000 withdrawal via electronic funds transfer. Pam called her bank to report the incident and later received a call back from the real fraud department. Pam was informed that the thieves had stolen $1,000 by using her Social Security number, and that they really had shut down her account.

Pam purchased a credit monitoring service, filed a police report, and contacted all three credit bureaus to make them aware of the incident. And she is still missing $1,000.

Here are seven tips from the Better Business Bureau ® (BBB) offers to protect against telephone scams:

  1. Do not trust caller ID: Victims fall for telephone scams because they assume the number on their caller ID is the correct person. Scammers can easily spoof numbers to make it look like a certain person is calling you, when in reality they are not. Some scammers will use your own telephone number for the caller ID. Others will use your prefix with a different last four digits to make you assume you’re being contacted by a neighbor.
  2. Do not give out personal information: Any legitimate person or business who reaches out to you will already have your information on hand. If they do not, or if you receive a call out of the blue asking for personal information, just hang up.
  3. Scammers usually pose as a trusted source: Like the story from Pam who was called from someone posing as an employee in the fraud department of her bank, scammers will pose as a trusted source to attempt to obtain information from you. Hang up immediately.
  4. Do not press buttons: Many “robocallers” will prompt you to “press 9” to be taken off their call list. Pressing 9 will only do the opposite and flood your phone with even more calls. Pressing a number on the keypad alerts the scammers that they have reached an active telephone number.
  5. Beware of big name companies calling: Scammers impersonate big name companies, charities and legitimate businesses, hoping that you will be more inclined to give personal information to them. If you receive such a call, hang up immediately, find the appropriate number and call the business to verify.
  6. Sign up for the Do Not Call Registry: To cut down on the amount of calls you receive, you can register your phone number for free through the Federal Trade Commission (FTC) Do Not Call Registry. This registry prohibits calls, informational calls, telephone survey calls and calls from companies you have recently done business with.
  7. Do not answer: If you receive a call from a number you don’t recognize, let it go to voicemail. Any legitimate person or business will leave a message. If a scammer decides to leave voicemail, you will have time to think about what is being asked by them, instead of being pressured on the spot to give up your personal information.

That last tactic is the one used in our household and with my business cellphone. If I don’t recognize the number, I don’t answer the call. It makes more sense to return the call of a legitimate caller than to become involved with a scammer or telemarketer. That’s my plan and I’m sticking to it!