Ransomware: A Scary Prospect for Dirt Lawyers

Standard

The Cyberdivision of the FBI is serious about ransomware!  An FBI speaker last Friday at the SC Bar’s excellent tech seminar, an annual seminar I highly recommend for solo and small firm lawyers, emphasized awareness and employee training are critical to prevent data losses in your operation.

Ransomware is a form of malware that is most often delivered through spear phishing e-mails. Spear phishing is a type of e-mail fraud that seeks unauthorized access to confidential data. Ransomware is what it sounds like. Once the fraudster gains access, your system is locked down, and money is demanded to provide access. You have to pay for your own data!

hacker

“H4ck3rz R Us, how can I help you?”

The FBI recommends prevention, business continuity and remediation, but suggests that there is no guarantee of prevention even with the most robust controls in place. Methods of prevention include:

  • Provide extensive awareness and training for your staff.
  • Use strong anti-virus and anti-malware solutions that are set up to update automatically.
  • Regular scans should be conducted of the anti-virus and anti-malware solutions.
  • No user should be assigned administrative access unless that access is absolutely needed.
  • Those with administrative accounts should only use them when necessary.
  • Keep access to a minimum. If a user only needs specific files, he or she should not have access to other files.
  • Ask your IT professionals to implement controls to avoid common ransomware techniques.

But since prevention is not guaranteed, the most attention should be paid to business continuity and remediation. In short, back up your data regularly and regularly verify the integrity of the backups.  Secure backups. Ensure backups are not connected to the computers and networks they are backing up.

The FBI does not endorse paying a ransom to the fraudsters and teaches that paying the ransom does not always ensure regaining access to data.

The FBI encourages victims to contact a local FBI office immediately to report a ransomware attempt and to request assistance. Victims are also encouraged to report cyber events to the FBI’s Internet Crime Complaint Center (www.ic3.gov.)

Advertisements

Beware of Cyberattacks on Free E-mail Services

Standard

Think a client won’t sue for misdirected funds?  Think again!

domain securityE-mail services, even those with the tightest security possible, can be hacked. We have heard local stories, as close as Rock Hill and Charleston, of funds being misdirected by cybercriminals through intercepting e-mails and sending out fraudulent wiring instructions.

Law firms have taken action: encrypting e-mails, adding tag lines to emails warning that wiring instructions will not be changed, adding warning paragraphs to engagement letters, in addition to normal security efforts. Many offices now require confirmation of all wiring instructions by a telephone calls initiated internally. No verbal verification?  No wires!

Last month, an attorney in New York was sued by her clients in a cybercrime situation. This time, the property was a Manhattan co-op, and the funds amounted to a $1.9 million deposit. The lawsuit alleged that the attorney used an AOL e-mail account that welcomed hackers. The complaint stated that had the attorney recognized the red flags or attempted to orally confirm the proper receipt of the deposit, the funds would have been protected.

The old phrase “you get what you pay for” is definitely applicable in these situation. Attorneys who continue to use free email services are putting themselves and their clients at greater risk for cyberattacks. Criminals understand that free email services have low security against cyber-intrusion, so they naturally gravitate to those accounts for their dirty work.

I heard one expert say that free e-mail services are not only not secure, they are also unprofessional! Surely, lenders will soon look at this issue as they decide who will handle their closings.

E-mail Hacking Scams Hitting Buyers in SC

Standard

Please get the word out to your clients!

hacker

As closing attorneys, title insurance agents and business men and women, we receive daily warnings about a myriad of e-mail hacking scams. Many of these schemes involve wiring instructions and attempts to divert escrow funds to remote accounts. Piecing together the two words “wiring” and “instructions” in the subject line of an e-mail seems to entice the worst kinds of fraudsters.

Our own office was hit a year or so ago. We were escrowing funds for an agent’s large commercial transaction, and the agent received a bogus e-mail purportedly but not actually from us telling him to send the money in a different direction. Thankfully, our very astute agent had attended sufficient seminars and read enough fraud alerts to take the simple step of calling us.  Fraud averted!

American Land Title Association and others have written that fraudsters are now attacking buyers, not just businesses who hold escrow funds. And it is happening here!

Within the last few weeks we have heard of three email securityattempts of this nature in Charleston, at least one of which was successful. A buyer wired $150,000 to the wrong account on a Friday afternoon based on a bogus e-mail, spoofed to appear as if it came from the closing attorney. The e-mail said the firm was busy, and advised the recipient not to call but to respond by e-mail if there were questions. That should have been the first clue. The buyer and the banker both said they thought the e-mail and wiring instructions looked funny. But they sent the money out anyway.

Buyers have not attended the seminars nor read the fraud bulletins that have inundated all of us in the last few years. Closing attorneys and real estate agents may be the best line of defense in this situation.

Please communicate with your clients and let them know that a simple telephone call can prevent the diversion of their savings to criminals!