Take a look: deep within the Internet is a secretive place…

Standard

.. where criminals buy and sell your private information

Nobody in my household is old enough to receive publications from AARP. (And if you believe that, I should either say “thank you” or try to sell you that beautiful 8-lane bridge crossing the Cooper River in Charleston.) But, for some reason, AARP’s September Bulletin arrived in my mailbox today, and it contained an excellent article entitled “Inside the Dark Web” that provides the best information on that topic than I’ve read to date. You can read the article here.

The article, written by Doug Shadel with Neil Wertheimer, said much of the available information on the dark web comes from Brett Johnson, an “imposing and charismatic” former criminal once dubbed the “Original Internet Godfather.” Johnson created “Shadowcrew”, one of the first online forums where criminals could buy guns, credit cards, Social Security numbers, and drugs. He landed on the Secret Service’s most-wanted list and was in and out of prison for a decade. The other source of information is a character who is now in prison and who asked to be called “Blue London” in this article. Today, according to this article, Brett and Blue are willing to share detail about the dark web, Brett, as a law enforcement consultant, and Blue, as an inmate who wants to reduce his prison sentence.

dark web

The article describes the entire content of the web. The “surface web”, which makes up 5-10% of the Internet, consists of sites that show up when you use normal search engines like Google, Yahoo and Bing. These sites encompass news, entertainment, products, services and consumer information. The creators of these sites, like Wikipedia, Amazon and WebMD, want lots of people to see them.

The “deep web”, which makes up 90-95% of the Internet, consists of pages requiring a password and can’t be accessed by normal search engines. These sites include online banking, subscription websites, government records, emails and most social media content. Examples include PayPal, Netflix, LinkedIn, Instagram and Dropbox.

The “dark web”, which makes up just 01% of the Internet, consists of sites that provide anonymity to users and go largely unregulated. Many are legal. For example, sites service as outlets for human rights activists can be found on the dark web. But the dark web is also used by criminals to make illicit purchases and sales with total anonymity. Cryptocurrency like Bitcoin is used to make the transactions untraceable.

The article described AlphaBay, a site that, before it was taken down in 2017 by the FBI, had over 200,000 users and took in between $600,000 and $800,000 daily, mostly drug related. But that site also dealt in stolen personal IDs, stolen credit card numbers and hacking tools.

Brett and Blue showed the authors of the article many other inhabitants of the dark web that moved in to take the place of AlphaBay. These sites sell the items marketed on AlphaBay plus logins and passwords, credit reports, and “fullz” which translates to a “complete package of everything needed to commit identity theft: Social Security number, date of birth, mother’s maiden name, address, phone numbers, driver’s license number and more.”  Blue said a fullz can sell for $20-$130, depending on the victim’s age and credit score.

Data can also be sold piecemeal. Brett asked the author his wife’s name and quickly found her Social Security number available for purchase at $2.99. The author also paid a small fee and received a 92-page report containing all his current and previous addresses, phone numbers, social media sites and email addresses. The report also contained descriptions of his family members and neighbors and details about properties he has owned.

Much of the data, according to this article, goes up for sale shortly after it is stolen. The huge data breaches we hear about routinely apparently flood the market and deflate prices. Brett and Blue told the author that they could study social media sites to harvest data for criminal purposes. Many sites use “knowledge-based authentication” (KBA) questions, which should be information that only the user knows. But if the user adds this type of information to social media sites, the scammers can successfully mine the information.

The article provides some advice to stop the cybercriminals. First, we should all simply assume that our information is already “out there” on the Internet, and take action to protect ourselves. Cybersecurity experts and former criminals agree on three steps to help us all stay safe:  freeze credit, closely monitor all accounts and use a password manager. The author said he fully subscribes to this advice and has taken all three steps. I’m at two out of three. What about you?

(You can thank me later for directing you to this outstanding article that you are much too young to read.)

Advertisements

ALTA develops wire fraud rapid response plan

Standard

Dirt lawyers:  post this in your office!

alta-color-regIn this era where cybersecurity is our greatest challenge, American Land Title Association has benefited all of us in the real estate industry by developing a rapid response plan for wire fraud incidents. Two links are here, one to the plan itself and another to a response worksheet.

Many of our offices have been challenged with these incidents, and we have learned that time is of the essence. We are, in fact, hearing more and more stories where the diverted money (or some of it) actually gets returned when action is taken quickly. Every second counts! Use these resources to guide you and your staff in reacting immediately.

This plan guides offices in contacting banks, parties to the transaction and law enforcement officials at various levels. Websites for notices are included.

I recommend that you save these resources in a place where everyone in your office can access them. And I recommend that you make hard copies and post them in a central location in your office.

Be safe out there!

And thank you, American Land Title Association!

Beware of new deceptive strains of payroll phishing

Standard

hacker dollar

This blog has recommended KnowBe4 previously as an impressive source of news on cybersecurity. I have subscribed to the newsletter and receive weekly, timely and scary cybercrime updates in my inbox. I recommend to all lawyers that they spend the time and funds necessary to remain safe and vigilant in the arena of cybersecurity. Nothing is more important to us than the safety of our clients’ funds. In this case, however, it is our operating funds and our employees’ funds that are at risk. Those funds are important, too!

The July 10 newsletter was particularly interesting in that it reports a new strain of payroll phishing that has surfaced recently. The bad actors pose as employees and request a specific pay stub from a payroll administrator or corporate executive. KnowBe4 reports that it has seen hundreds of these phishing attempts, all almost identically worded and possibly coming from one set of fraudsters. All of the emails came from an “oddball Comcast.net email address” with nonsense usernames of similar length.

Please read this newsletter carefully and pay attention to the emails and supporting documents. In this particular case, the bad actors opened a bank account, ordered checks for that account and used one of those checks to support the phishing attempt.

Unfortunately, many of the targeted payroll employees, always willing to help employees with their payroll concerns, have responded to the requests. The emails are simple, direct and dispense with any attempt to construct believable backstories or pretexts.  According to KnowBe4, the emails invite an unthinking, reflexive response from targeted users.

Share this information with your staff members and encourage them to avoid those unthinking, reflexive responses!

With great power comes great responsibility

Standard

Six sensational ways to stop cyber villains

Cybersecurity is job #1 for dirt lawyers. Even in our close-knit state, we hear of attacks every week. A lawyer’s office could easily be forced out of business by one of these evil attacks. In our office, we read everything printed on the topic, and I offer you the six best, simplest tips I’ve seen. The first five are from American Land Title Association, developed with the help of the FBI, and the sixth is from the South Carolina Bar.

  1. Call, don’t e-mail: Confirm all wiring instructions by phone before transferring funds. Use the phone number from the recipient’s website or business card.
  2. Be suspicious: It’s not common for the companies involved in real estate transactions to change wiring instructions and payment information. Use common sense, stay alert to things that don’t look or feel quite right in a transaction and use your “Spidey senses”!
  3. Confirm it all: Ask your bank to confirm not just the account number but also the name on the account before sending a wire.
  4. Verify immediately: Call the recipient to validate that the funds were received. Detecting that you sent the money to the wrong account within 24 hours gives you the best chance of recovering your money.
  5. Forward, don’t reply: When responding to an email, hit forward instead of reply, then start typing with a known email address. Criminals use email addresses that are similar to real ones. By typing email addresses you will make it easier to discover if a fraudster is after you.

Thank you, ALTA and FBI, for those great tips!

The best tip, by far, that I have seen comes from the South Carolina Bar.  This tip is not only excellent for avoiding cyber fraud, it’s a great way of avoiding mistakes of all kinds in real estate practices. Here it is:

  1. Give yourself and your staff permission to slow down! We know things are hot out there not only in terms of the weather but also in terms of the speed of closings. Many of us who weathered the financial downturn remember what it was like when things were hot in 2005 – 2007. Closing speed can be increased only so much without causing error after error. Remember illegal flips prior to the financial downturn?  How many of them could have been prevented if someone had stopped long enough to think or long enough to bounce the scenario off of a friendly title insurance company underwriter? The same is true of protecting your clients’ money. Stop and think and allow your staff members to spend the time to stop and think.

Thank you, South Carolina Bar, for this great tip.

And, finally, I strongly recommend insurance against cyber fraud. Check with your E&O carrier to see what it offers. If it does not offer insurance to protect against this danger, find a company that does!  Call your title insurance company for suggestions!