News & Insights

The Anatomy of Wire and Cyber Fraud in Real Estate

Just how sophisticated are cyber criminals nowadays? According to the Federal Bureau of Investigation, there were $6.9 billion wire and cyber fraud victim losses in 2021 alone, and it’s now become a major problem in the real estate world. Victims are left feeling violated, unsafe and taken advantage of. This blog post will describe the ins and outs of wire and cyber fraud, what to look out for, and how you can protect yourself from being a victim.

How fraudsters get your information

With the number of wire transfers going up yearly, criminals are spending more time and resources to get between people and their money. And the truth is, the bad actors who commit these crimes are getting more clever by the day. With that in mind, it’s important to understand the most common tactics fraudsters use so you can stay alert.

Social engineering is a type of psychological attack where attackers mislead you into doing something they want you to do. Cyber attackers use this technique on the internet because it’s extremely effective and can be used to target millions of people. They use this tactic to trick users into making security mistakes or to give away sensitive information.

Phishing is a type of social engineering and refers to an attack that uses email, text messaging or a messaging service (like those on social media sites) that tricks you into taking an action, such as clicking on a link or opening an attachment. Phishing often involves a combination of solid marketing and effective social engineering.

Spear-phishing is a specifically targeted form of phishing, such as pretending to be the CEO of a company. These types of attacks require much more effort on behalf of a perpetrator and may take weeks and months to pull off.

“Smishing” or SMS phishing, is the same tactic as phishing, but via text message.

Examples of phishing messages include:

  • Your company sends you an email saying they need to re-validate your account info or the account will be suspended, with a “please log in here” request.
  • Your company sends you or your employees an email saying that invoices are attached and to “please click here.”
  • Your “boss” emails you asking you to do an important project, and to “click here” for more information.
  • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

In order to protect yourself from being a phishing victim, don’t open emails and attachments from suspicious sources, use multifactor authentication, be cautious of tempting offers, and don’t click on links.

Social media can also be used by cyber attackers to monitor usage and gain access to your personal information. Once they’ve gathered enough information, they guess the answers to the secret questions that reset your online passwords. After gaining access, they can then create targeted email attacks against you (spear-phishing) or call someone in your organization pretending to be you. In addition, these attacks can spill into the physical world, such as identifying where you work or live.

To avoid this, keep your business and personal life separate, limit your posts (especially while on vacation), do not accept invitations from people you don’t know, do not click on any URL links, and be aware of URL shorteners.

Malware is short for “malicious software” that is used to perform malicious actions. It’s also considered a “virus” and is typically a file or code delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker wants. And because malware comes in so many variants, there are numerous methods to infect computer systems. Though varied in type and capabilities, malware usually has one of the following objectives:

  • Provide remote control for an attacker to use an infected machine
  • Send spam from the infected machine to unsuspecting targets
  • Investigate the infected user’s local network
  • Steal sensitive data

Ransomware is a special type of malware that is actively spreading across the internet today, threatening to destroy victim’s documents and other files. The goal is to make money from your infected computer or device, perhaps by selling the data they’ve stolen from you, sending spam emails, launching denial of service attacks, or performing extortion. It can also encrypt certain files or your entire hard drive. The most common method comes in via an infected attachment or link via phishing emails.

The best way to recover from a ransomware infection and not pay a ransom is to recover your files from backups. It’s also critical that you:

  • Install anti-virus software from trusted vendors.
  • Make sure your operating systems, applications, and devices are enabled to automatically install updates.
  • Only download and install apps from trusted online stores.
  • Only install mobile apps that have been posted online for a long time, downloaded by a large number of people, and have numerous positive reviews.
  • Keep anti-virus / anti-malware running and current.

Passwords are used every day – from accessing your email and online banking to purchasing goods and accessing your smartphone. But passwords are also one of our weakest points. The most damaging compromises tend to be our personal or work email credentials. Once the criminals obtain email credentials, they can gain access and control our bank accounts, see what we are working on, and then inject themselves at the opportune moment.

Strong passwords are essential to protecting yourself and it’s important that you don’t use the same password for social media, your work email and your bank.

How Ligris is keeping you safe

The safety and confidentiality of our clients is a top priority at Ligris, and we’ve taken every step to ensure no one is a victim of wire and cyber attacks.

Communication from day one is key. We detail our protocol for cyber safety and explain the formal process of verifying wire information. We also warn clients that we will never email to request social security numbers or bank account information, unless it’s via encrypted email – and even then, they must call to verbally verify.

Additional steps the firm has taken include conducting a monthly training to help employees spot and immediately report phishing emails, implementing a password policy which requires the use of strong passwords for all systems and user accounts, creating an Incident Response Plan that addresses ransomware attacks in addition to other potential incidents, and much more.

We share this information not to scare you, but to educate you on the lengths fraudsters will go to steal your data so you can stay alert. The best advice is to work with lawyers who have cyber insurance, cyber protocol, wire protocols, and use encrypted email. This will ensure that not only your sensitive information is secure, but that you’re working with attorneys who are looking out for your best interest. To learn more about how to keep yourself safe, contact Stefan Nathanson at Ligris + Associates PC today.

Posted In: Articles