social engineering

Phishing scam of the week

Standard

I have subscribed to “CyberheistNews” at knowbe4.com and highly recommend this brief newsletter as an excellent source for current information on the latest scams that may hit your office and personal computers.

The news this morning was striking because it involves current events. Social engineering follows seasonal patterns, as we know. We have noticed in our business, that long weekends lead to attacks because of the extra day that we may not be sitting at our desks to keep computer systems and our wires safe. The newsletter cites holiday-themed phishing attacks between Thanksgiving and New Year’s Day.

email fish hook

The news today involves implementation of the European data privacy regulation going into effect on May 25. It’s called General Data Protection Regulation (GDPR) and the scam email looks as if it is from Apple and claims that if you do not take action, your account will be “restricted”. But in fact, as usual, the scammers will attempt to steal your identity and credit card information.

In addition to looking legitimate, according to CyberheistNews, the bogus website is more sophisticated than most phishing sites because the fraudsters correctly set the web directory permissions and encrypted the spoofed site using Advanced Encryption Standard (AES) in order to successfully bypass some anti-phishing tools used in antivirus solutions.

The victim is asked to “update payment details” in order to see their accounts return to normal. Taking this action sends the victim’s payment information to the scammers.

According to the newsletter, companies worldwide are, in fact, working on becoming GDPR compliant and trying to make sure the people whose data they have collected have consented to give them information. Criminals are aware of this and are using this turn of events to their advantage.

And, then, there is the royal wedding. CyberheistNews’ advice about that is that the wedding is a scammer’s dream, and computer users should be advised to seek news about it only from trusted websites.

Don’t click links in emails or social media links related to the royal wedding or open suspicious attachments that claim any kind of problem with GDPR. Delete these emails or forward them to you IT experts.

And subscribe to this newsletter!

Cyber Incident Preparedness for Closing Attorneys

Standard

And what to do if you suspect a compromise

With the increase in wire fraud that is happening in closing offices around the country, our company recently shared two documents that I thought would be beneficial to pass along to all South Carolina dirt lawyers .

The first document is a Public Service Announcement from the FBI dated August 27, 2015 concerning Business Email Compromise (BEC). BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfers. Legitimate e-mail accounts are compromised through social engineering and computer intrusion to conduct unauthorized wire transfers.

We have seen this happen in more than one law firm in South Carolina!

cyber-fraud-theif

This PSA states that the total number of victims from October 2013 through August 2015 was 8,179 and the total exposed dollar loss was $798,897,959!

The second document was prepared by Linda Grahovec, the Director of Education and Marketing for our company. This document provides two cyber incident checklists, one for use in preparing, and the other for use if your office is attacked.

Here are three pieces of advice for all closing attorneys:

  1. Use an e-mail system that requires two-factor authentication;
  2. Never wire funds based on the content of an e-mail. Always assume e-mail has been compromised, and validate the information by phone. A good practice would be to refrain from sending wiring instructions by e-mail.
  3. If you suspect fraud, contact the bank immediately.

Please remain vigilant! Read everything you can on this topic, and continue to update and guard your systems. One incident could easily put a law firm out of business. Title insurance companies are excellent sources of information and training on these topics! Call on them!