phishing

Secret Service Thwarts $21 million scam

Standard
Photo from secretservice.gov

The United States Secret Service announced in a press release dated September 1 that on August 23, it was successful in thwarting a real estate related business email compromise (BEC) scheme that sought to defraud a purchaser of more than $21 million.

The scheme attempted to divert closing funds to a fraudulent bank account. After quick action by the Secret Service and its private sector partners, the funds were returned to the victim.

Please refer to this Underwriting Memorandum issued by Chicago Title’s South Carolina State Office on September 20 warning that fraudulent wiring instruction schemes are on the rise.

These schemes typically employ altered or fictitious payoff statements. The fraudster often impersonates a mortgage broker, lender, borrower, or an agent of the borrower to request a copy of the payoff statement. Alternatively, the fraudster may intercept the payoff statement by a hacking or phishing ploy.

Armed with the payoff statement, the fraudster will create and transmit a bogus “updated” payoff statement with wiring instructions intending to divert the funds to the fraudster. The statement may also alter contact information so that telephone calls to verify payoff information will be answered by the fraudsters.

Chicago Title’s memorandum advises closing attorneys to take the following proactive measures to minimize the risk that payoff funds will be diverted:

  • Obtain payoff statements early so they can be properly reviewed and verified.
  • Verify banking information and payoff amounts directly with the payee using known, trusted numbers rather than information from the payoff statement.
  • Refer to prior payoff statements from the same payee to confirm the banking information matches.
  • Maintain repetitive wire information within systems or databases to use for future wires. Lock this information to restrict alterations.
  • If it is impossible to make a verbal confirmation by a known trusted telephone number, consider sending overnighting a check.

Be careful out there, closing attorneys!

WannaCry? We don’t want you to have to!

Standard

(Guest blog by IT Guru Cris Hudson)

A global cyberattack happened over the weekend, affecting some 100+ countries, and crippling hospital networks, large manufacturers and even some small governments.

Dubbed “WannaCry”, but technically named “WannaCrypt,” the attack preyed on vulnerabilities in machines where Windows and virus scan programs were not up to date. It delivered its payload via a typical “phishing” email, and once launched, encrypted and locked down files, demanding ransom from those institutions before the files would be released.

How does this affect you? Please be sure that you are working on a current version of Windows, and that you run a regular Windows Update. We still see the occasional office using Windows XP, which Microsoft ended support for in April 2014. Without a more current version of Windows such as Windows 7 or Windows 10, those machines are not able to download updates to guard against attacks such as these.

Also, make sure that you take a moment right now and update your virus scan software. DAT files for most major security providers have been updated to recognize this threat, but only if they’ve been updated since the attack on May 12th, 2017. And as always … backup, backup, backup! If you were to fall prey to something like this, you’ve at least got a fighting chance with a current backup of your server and files.  Without it .. you might definitely be crying.

IRS issues urgent warning about W-2 phishing scam

Standard

On February 2, the Internal Revenue Service issued an urgent alert to all employers about a W-2 email phishing scam. The scam was launched in 2016 but has been expanded this year, according to the bulletin, which can be read here.

The bulletin warned that cybercriminals employ a number of spoofing techniques to create an email that appears to originate from an organization’s executive. The email is sent to employees in human resources and payroll departments, requesting a list of employees and their W-2 forms. These forms, of course, contain identifying information including addresses and Social Security numbers.

w-2-image

Last year, the scam targeted the corporate sector, but this year, the scam appears to be spreading to school districts as well as nonprofit and tribal organizations. Another twist is that the cybercriminals may follow with emails requesting wire transfers. Some companies have lost funds in addition to sensitive information. Some organizations report having received these emails in 2016 and 2017.

The IRS memo urges employers to be vigilant and to share this information with their payroll, finance and human resources departments. Organizations should report incidents to phishing@irs.gov with a subject line of “W2 Scam” and should file a complaint with the Internet Crime Complaint Center (IC3).

Individuals whose W-2 forms have been stolen should take the actions set out in www.identitytheft.gov or www.irs.gov/idenditytheft.  They should also file a Form 14039, Identity Theft Affidavit, if a tax return is rejected because of a duplicated Social Security number.

IRS Commissioner John Koskinen said, “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”

Cyber Incident Preparedness for Closing Attorneys

Standard

And what to do if you suspect a compromise

With the increase in wire fraud that is happening in closing offices around the country, our company recently shared two documents that I thought would be beneficial to pass along to all South Carolina dirt lawyers .

The first document is a Public Service Announcement from the FBI dated August 27, 2015 concerning Business Email Compromise (BEC). BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfers. Legitimate e-mail accounts are compromised through social engineering and computer intrusion to conduct unauthorized wire transfers.

We have seen this happen in more than one law firm in South Carolina!

cyber-fraud-theif

This PSA states that the total number of victims from October 2013 through August 2015 was 8,179 and the total exposed dollar loss was $798,897,959!

The second document was prepared by Linda Grahovec, the Director of Education and Marketing for our company. This document provides two cyber incident checklists, one for use in preparing, and the other for use if your office is attacked.

Here are three pieces of advice for all closing attorneys:

  1. Use an e-mail system that requires two-factor authentication;
  2. Never wire funds based on the content of an e-mail. Always assume e-mail has been compromised, and validate the information by phone. A good practice would be to refrain from sending wiring instructions by e-mail.
  3. If you suspect fraud, contact the bank immediately.

Please remain vigilant! Read everything you can on this topic, and continue to update and guard your systems. One incident could easily put a law firm out of business. Title insurance companies are excellent sources of information and training on these topics! Call on them!

Ransomware: A Scary Prospect for Dirt Lawyers

Standard

The Cyberdivision of the FBI is serious about ransomware!  An FBI speaker last Friday at the SC Bar’s excellent tech seminar, an annual seminar I highly recommend for solo and small firm lawyers, emphasized awareness and employee training are critical to prevent data losses in your operation.

Ransomware is a form of malware that is most often delivered through spear phishing e-mails. Spear phishing is a type of e-mail fraud that seeks unauthorized access to confidential data. Ransomware is what it sounds like. Once the fraudster gains access, your system is locked down, and money is demanded to provide access. You have to pay for your own data!

hacker

“H4ck3rz R Us, how can I help you?”

The FBI recommends prevention, business continuity and remediation, but suggests that there is no guarantee of prevention even with the most robust controls in place. Methods of prevention include:

  • Provide extensive awareness and training for your staff.
  • Use strong anti-virus and anti-malware solutions that are set up to update automatically.
  • Regular scans should be conducted of the anti-virus and anti-malware solutions.
  • No user should be assigned administrative access unless that access is absolutely needed.
  • Those with administrative accounts should only use them when necessary.
  • Keep access to a minimum. If a user only needs specific files, he or she should not have access to other files.
  • Ask your IT professionals to implement controls to avoid common ransomware techniques.

But since prevention is not guaranteed, the most attention should be paid to business continuity and remediation. In short, back up your data regularly and regularly verify the integrity of the backups.  Secure backups. Ensure backups are not connected to the computers and networks they are backing up.

The FBI does not endorse paying a ransom to the fraudsters and teaches that paying the ransom does not always ensure regaining access to data.

The FBI encourages victims to contact a local FBI office immediately to report a ransomware attempt and to request assistance. Victims are also encouraged to report cyber events to the FBI’s Internet Crime Complaint Center (www.ic3.gov.)

The SC Bar Warned Us!

Standard

And then it happened to me.

phishing dangerJune 9th’s E-Blast from the SC Bar contained the following warning:

Alert: Phishing emails targeting lawyers
SC Bar members are cautioned to be aware of emails indicating that a complaint has been made against the lawyer or firm, or that they contain a special message from the Bar president. Such emails are not coming from the Bar and would be an attempt to phish members. Delete them immediately. Phishing emails are fraudulent emails that may contain links to phony websites or may request that you share personal or financial information by using a variety of techniques.

There may be clues, including a suspicious “from” email address. The email may include directions to click on a link, which purports to be a copy of the complaint or of the “special message.” Do not click this link, as it could be an attempt to put “ransomware” on the affected computer. Bar members are reminded that any official grievance would come via U.S. mail from the Supreme Court and that any important Bar announcement would appear in E-Blast or would be sent by an individual Bar staff member.

And on June 20, I received the following e-mail:Microsoft Outlook - Memo Style

A “complaint” is enough to strike fear in the heart of any lawyer. The scammers rely on a stress-induced knee-jerk reaction result in clicking on the link. Clicking on the link is the first reflex in our fast-paced world. Fortunately, we have received warning after warning about this kind of phishing activity.

The most obvious clues in this particular scam were:

  1. The e-mail was from “complaint Dept” and the address was complaint.depts@outlook.com. Nothing there reflects the SC Bar.
  2. The name of our bar association is the South Carolina Bar. The South Carolina Bar Association is a common misnomer.
  3. I don’t have a “law practice”. I work for Chicago Title Insurance Company.
  4. The South Carolina Supreme Court handles disciplinary complaints, not the SC Bar. And the Office of Disciplinary Counsel uses snail mail.

A huge thanks to the SC Bar for the warning!  Be careful out there!