Pub. 4 Issue 4

17 Issue 4 2018 other sensitive information; • Spoofing: in which the fraudster creates a fake, albeit similar, e-mail account to impersonate and fool victims; • Phishing: which involves the perpetrator sending an e- mail with a link to a recognizable—but fake—website, prompting the recipient to enter his or her credentials, or an attachment containing a malware program. If your e-mail is compromised through hacking, sophis- ticated con artists can lay dormant for weeks, evaluating the company’s vendors, accounting systems, employee communica- tion styles and travel schedules. They end up looking like you, writing like you, and joking like you. They may impersonate the dealer and send employees “urgent” wire transfer requests or wait for a deal to develop and hijack the conversation to re- direct payment. They may even inject themselves between you and your bank to intercept credentials and redirect, or create additional, wire transfers. The aftermath of the crime is generally a mess. The seller blames the buyer, the buyer blames the bank, the bank blames both, and insurance companies rely on complicated policy ex- clusions to avoid paying losses. Unfortunately, this scam is not going away soon. The FBI reported that between January 2015 and December 2016, there was a 2,370% increase in identified exposed losses. And this scam can affect individuals’ lives, including the hacking of realty transactions and court settlements. Title companies and lawyers have been victimized so frequently that many will not accept emailed wire instructions without verifying them by phone. So what do you do? No technique or technology is secure, but creating a layered wall around your business can help prevent and deter scammers. Make sure your computer protections are state of the art and constantly updated. Scammer techniques are constantly updated, and their abilities are augmented by rapidly changing technologies. You can only keep up by requiring your computer vendor to maintain state of the art protections and by following directions for implementation and use. Employee awareness training is a crucial aspect of any cyber security umbrella. Employees must know of crimes like BEC and the related infiltration techniques. They must understand that a company that is a victim of a cybercrime can be crippled or destroyed, leading to the loss of jobs. Regularly monitor employee use of protections. Have your computer vendor develop protocols to protect against hackers. These are not difficult. One can find suggestions throughout the internet such as do not share passwords, do not write down passwords, do not click on links in emails from unknown send- ers, etc. One can implement those suggestions. But how often do you go, or have someone go, desk to desk to see if employees are paying attention. The first time you do, you will be horri- fied to see how many passwords are written on stickies or on blotters, how often passwords are shared, and how susceptible you are to employees clicking on phishing links. This must be handled like any other management challenge – set standards, train, monitor, and discipline for violations. Be especially careful of wire transfer scams. If you are selling, establish immediately the method by which you will be paid. In each email you send or document you create, use a message warning against fraud, such as: “Because of the pos- sibility of fraud, only accept payment directions such as wire transfer instructions if you personally verify the information by a telephone call to our publicly advertised phone number.” If you are the buyer, never accept payment directions, such as wire transfer information, without calling a known person at the seller using the publicly advertised phone number.  THE AFTERMATH OF THE CRIME IS GENERALLY A MESS. THE SELLER BLAMES THE BUYER, THE BUYER BLAMES THE BANK, THE BANK BLAMES BOTH, AND INSURANCE COMPANIES RELY ON COMPLICATED POLICY EXCLUSIONS TO AVOID PAYING LOSSES.