A Layered Approach to Wire Fraud Prevention
Wire fraud is rampant in real estate; you need more than one way of fighting back. This article shows you how to use a layered approach for maximum protection.
In 2018, business email compromise losses reached $12.5 billion. Today, that figure continues to grow at an alarming rate. But prevention is always the best solution; attacks like these can be avoided.
Nowadays, powerful safeguards exist to protect your business. In this article, we’ll discuss the different layers you’ll need to fend off and handle attacks from fraudsters effectively. These include:
A Layered Approach to Wire Fraud PreventionDownload PDF
In 2018, 48% of data breaches came from malicious or criminal attacks, while 27% came from human error.
When it comes to wire fraud prevention, your employees are the first line of defense. Your real estate organization is only as strong as the weakest link in your security chain.
Below are some ways you can raise workplace awareness and implement adequate education on cybersecurity. If you’d like to read more on this subject, then take a look at the full blog post here.
Wire Fraud Detection Training
In Q1 of 2018, social engineering attacks rose by 500%. This shows us that the ability to discern between fake and genuine communication is crucial in blocking wire fraud attempts.
Showing your employees real examples will help them identify the small, tell-tale signs of fraudulent impersonation. Google’s phishing quiz is an excellent way to test if your workforce knows what social engineering looks like. With realistic examples of legitimate vs. phishing emails on each page, it shows the elements of genuine or fake messages.
Third-Party Phishing Tests
Running phishing exercises will give you valuable insight into how well your real estate company can handle social engineering attacks.
For example, PhishMe is free for organizations with less than 500 employees. Compare the average cost of $34,604 a year for a small business hit by a cyber incident. Running regular phishing tests is a cost-effective precaution. The outcome is that your business becomes known as a trusted partner for wire transactions.
Good Digital Hygiene
Limit Public Information
Every employee should limit the amount of personal information that’s publicly available. For instance, any of their posts and details on social media should be private. If fraudsters can’t get to the data, they can’t use it to craft phishing emails.
Also, it’s vital that your employees never distribute information outside of standard company software platforms. Be particularly cautious of emails, electronic documents, or other third-party sites.
Use a Password Manager
In 2018, 62% of phishing campaigns captured at least one set of user credentials. Using the same credentials for multiple accounts puts sensitive information at extreme risk. For this reason, it’s good practice to use separate, hard-to-guess passwords for each account.
Enable Two-Factor Authentication
Employees should also enable two-factor authentication (2FA) across their devices. 2FA is the use of two steps to gain access to an account.
Google’s form of two-step verification was able to block 76% of targeted attacks with SMS codes, 90% with on-device prompts, and 100% with security keys. This proves that 2FA is a strong deterrent for cyber scammers.
This type of authentication adds an extra layer of security, especially in the case of brute force attacks or password spraying. Including this second step will stop a cybercriminal who won’t have access to the phone receiving the code.
Make IT a Trusted Department
Your workforce needs to feel secure, knowing there are no negative consequences for communicating threats and anomalies. When questions are welcomed, it creates a safer environment for everyone.
If there’s no trust in your office, it’ll hinder efforts to prevent, stop, or reverse wire fraud attacks. Without trust, employees aren’t empowered to step up with crucial information, leaving your business exposed to attempted cyber attacks.
Cybercriminals change and expand their tactics constantly, resulting in the need for robust business processes that meet the challenge. Well-crafted procedures and communication protocols act as internal firewalls for employees who handle sensitive data.
Previous phishing attempts, such as the Nigerian Prince scam, were obvious to most people, and it was easy to avoid falling victim. But today, 47% of small businesses suffered at least one cyberattack in 2018, and 44% of those experienced between two to four attacks.
By having a well-defined set of procedures to prevent wire fraud, you ensure your real estate business is ready for the ever-evolving strategies fraudsters use. Here, we’ll discuss some of the key business processes you should implement. If you’d like more details on them, take a look at our in-depth blog post here.
Email fraud grew by 87% in 2018, meaning the threat of fraudsters hijacking wire transactions is greater than ever. Verifying identity at the beginning of a transaction where you are executing a wire is critical.
CertifID’s identification platform works well for this. With digital device analysis and knowledge-based authentication, our software can verify the identity of each transaction participant and flag any suspicious activity in real-time.
Dual Control Procedure
When the outcome of a wire transaction rests on one individual, there’s more room for error. The person who’s entering the information into your bank’s treasury platform should not be the one releasing it.
With a strong dual control procedure, the information is subject to additional validation before any funds get sent.
Confirmation of Data Integrity
When handling a wire transfer, it is best to communicate directly with the person who will be sending you the funds.
With many people relaying information back and forth, inaccuracies can occur. This opens up opportunities that fraudsters could exploit.
Always verify the receipt and accuracy of all information before the other party initiates a wire transfer.
This is of critical importance for buyers in real estate transactions as they must transfer the closing funds themselves. Their real estate agent, attorney, lender, or another advisor can’t do it for them.
Make sure all participants understand what follows the exchange of wiring instructions and that there is explicit confirmation of details from both parties.
Let your employees know it’s acceptable to delay the closing or funding of a transaction if they aren’t 100% sure of the information’s integrity or that the money will arrive safely in the intended account.
In fact, you should encourage your staff to refuse wires if they don’t feel comfortable with any requests. In instances where they have any concern with the parties legitimacy, they should send a check instead.
Physical Perimeter Security
Wire fraud doesn’t only occur through the internet; your physical office can also be infiltrated. Enforce a “clean desk” policy where documents containing sensitive information are kept out of sight, away from casual visitors.
Security doesn’t just stop at your office. Over 80% of North American C-suites believe the risk of a data breach is higher when employees work off-site. Mitigate your risks by restricting levels of access; only give permissions to parties directly involved in transactions. That way, if an employee’s device gets lost or stolen, it won’t allow unrestricted access to any important details about ongoing transactions.
Wire Fraud Prevention
Over 90% of real estate agencies operate websites, and agents use email, computers, and smartphones daily. This constant online presence means realtors have a higher risk of encountering data breaches and wire fraud which can put title agencies that work with these realtors at risk.
Here, we’ll show you the key pieces of software you need for potent wire fraud prevention.
In Q1 2019 alone, v blocked 843,096,461 attacks across 203 countries. This speaks volumes on the effectiveness of antivirus programs to keep fraudsters out.
Not only do your employees need to install antivirus software on all their devices, but they must be sure to keep it updated. Networks often have inherent vulnerabilities, and cyber perpetrators are always looking for new ways to utilize these weaknesses.
Always choose operating systems that are still in widespread use and supported by the developers. Not only do you run into problems by using older operating systems, but you also become a prime target for fraudsters.
Identity Verification Software
CertifID is a must-have weapon in your arsenal of wire fraud software. Using digital device verification and knowledge-based authentication, it can verify the identities of all involved parties. Knowing the true identities of transaction participants eliminates any room for fraudsters to hijack the transaction.
With CertifID, all wire transfers are guaranteed against fraud up to $1,000,000. For less than $10 per transaction, our software helps you move money with little to no risk. You build a stronger relationship with clients when they can have complete trust and confidence in how you handle their funds.
A whopping 93% of realtors prefer to communicate with their clients through email. Fraudsters know this and focus their attacks on email communications.
The result? Email fraud grew by 87% in 2018.
Avoid this issue by using software from a provider that specializes in blocking spam, such as Mimecast or Spam Bully. These industry leaders will filter your emails and protect you against spam, phishing, viruses, and malicious attachments. Should any employee have a lapse in judgment, the spam filter acts as a fail-safe, preventing successful attacks.
Also, protect your emails by getting your IT team to enable email encryption. If you are ever in a situation where you have to send emails on an unsecured network, cyber perpetrators won’t be able to read them.
Since domain hacking starts with your email being compromised, prevent this by taking a three-pronged approach.
First, you will need to enable 2FA for your domain management portals. Then restrict access to only those who need it.
Second, you need to implement Domain Name System Security Extensions (DNSSEC).
These extensions block cyber scammers from compromising or taking over your DNS or digital address. DNSSEC verifies the information on your DNS and can detect any intercepted requests.
The third prong to protect your domain from hacking and wire fraud is configuring a Sender Policy Framework (SPF).
This allows you to specify which IP addresses and/or hostnames are authorized to send on behalf of your domain.
If you want to know more about wire fraud prevention software, read the detailed blog post here.
Wire Fraud Prevention
By investing in decent hardware for your company, you can catch wire fraud attempts before they can do any damage. Below are some practical ways you can tighten up security with hardware.
Two-Factor Authentication Hardware
2FA can also come as a hardware solution. Instead of receiving a text or email, you use a physical key to confirm your identity. For instance, the YubiKey requires you to insert the physical key into the USB port of your computer, then tap the key for authentication.
Should the mobile device be lost or stolen, any thief that tries to access accounts won’t be successful, unless the YubiKey is with the phone.
Perimeter security hardware is equipment for intrusion detection, log monitoring, and AI. In the past, perimeter security hardware would be your first line of defense. But perimeters are now disappearing, which means the emphasis should be on zero-trust based security instead.
This is not to say that perimeter security isn’t useful. When combined with workplace education and business processes, it can strengthen the foundation of your company’s cybersecurity.
An advanced perimeter security system like Cisco or WatchGuard helps to keep cyber perpetrators out of your network. These security systems deliver web content filtering, antivirus scanning, reputation, application, and protocol protection. They also give advanced threat protection for zero-day exploits, data loss prevention, auditing policies, and geolocation blocking.
A total of 81% of organizations have seen Wi-Fi related security issues in the last year. Workers often use free, unsecured, public Wi-Fi connections that don’t use encryption. As a result, cyber scammers, with a 2.4 GHz antenna, can capture data from any nearby Wi-Fi source.
If any real estate employees use an unsecured Wi-Fi connection to transmit information about a transaction, that data could be intercepted and exploited by cybercriminals.
To prevent this, you need to create two networks for your internet; one for you and your employees, and one for visitors. When you keep visitors on a separate network, anything they do to jeopardize that network won’t affect your sensitive data.
Mobile Device Management
To prevent mobile data from being compromised, your IT department needs to implement mobile device management (MDM) software. Should any mobile phones get lost or stolen, they can immediately use data loss prevention policies.
MDM software allows employees to work on their preferred devices without putting your cybersecurity at risk. It also ensures that your data doesn’t go with them when they leave your business.
An excellent type of systems monitoring hardware uses artificial intelligence (AI). One such solution, Balbix BreachControl works with deep learning and specialized AI algorithms. Since it utilizes the data you collect, the more you have, the better your AI’s predictive capabilities become.
To feed your AI the information it needs, you should collect logs at every critical point in your network, such as your firewall and router. Once your AI can differentiate between legitimate and suspicious activity, it can be used to spot subtle intrusions immediately.
Avoid Critical Loss
After about three or four years, hard drives have a small chance of failure. Because of this, you need backup plans in place so as not to lose all your real estate company’s data.
Make sure you have a non-redundant, robust, and encrypted backup strategy. Using a comprehensive email solution can block even the most advanced ransomware attempts.
A good rule to follow is the 3-2-1 system. You need three copies of your data (including the original) with the backups in two different types of storage, with one being off-site.
When you have your encrypted data spread across different mediums, you have a safety net when cybercriminals attack.
For more on wire fraud prevention hardware, see the comprehensive blog post here.
Fund Recovery Planning
Only 52% of small businesses have a clearly defined policy for cybersecurity. This low percentage demonstrates how unprepared organizations are for digital threats.
Recovering from wire fraud depends on quick action, and that hinges on your business protocols. Since fraudsters are moving money in real-time through money mules, it’s a race. At the end, the fastest response determines who will keep the funds.
You should create internal communication protocols that immediately alert your team when wire fraud has taken place.
Choose an individual who will be responsible for leading the recovery effort. They will be the person communicating with banking partners, law enforcement, and legal teams and need to be ready at a moment’s notice.
They must know and understand the information required to initiate a wire transfer recall. A solid grasp of the sequence and manner in which the information must be implemented is essential. They will have to put in place the follow-up procedures needed until the funds have been identified, frozen, and returned to the proper account.
With fraudster’s strategies continuously evolving, you can’t afford to let your guard down. Just as any respectable military has multiple branches to protect different points of penetration, your cybersecurity needs to have multiple layers.
By using a layered approach, you’ll ensure your cybersecurity is multi-dimensional and covers all aspects and vulnerabilities. If you aren’t sure about your current cyber security coverage or if you are wondering what are the next steps your company can take, try our free Risk Analysis. Having robust software and hardware underpinned by excellent workplace education will be what keeps your company data safe.