You must first complete Cyber Security Glossary before viewing this Lesson
Reading Time: 18 minutes

TRANSCRIPT

in real estate by the way wire fraud is
00:01
going up five hundred percent a year
00:03
year-over-year the last three years on
00:05
the show today we’re gonna have Tom
00:07
conkright is a title professional has
00:10
been a title professional and
00:11
unfortunately his firm fell victim to a
00:13
to a scheme which then prompted him to
00:16
develop a company that is supporting the
00:20
industry from a prevention standpoint so
00:22
we’re excited to have have Tom on the
00:24
show and kind of talk about his
00:26
experience and what his company is doing
00:28
to help prevent this so here’s the
00:30
founder and CEO and the company is
00:33
called it is certified and tom is on the
00:36
line so we have two Tom’s hey Tom Cronk
00:38
right welcome to the show bill and Tom
00:40
thank you happy to be here and couldn’t
00:43
couldn’t agree more with the statements
00:45
that were made the last few minutes well
00:47
as Tom said it’s cent you have
00:49
first-hand experience from being a title
00:52
company at one point and then you went
00:54
forth to start this company certified
00:57
let’s tell people about that experience
01:00
that led you to the company that you are
01:01
now the CEO of yeah thank you Bill
01:05
so our our path through this wire fraud
01:08
experience is an interesting one my
01:11
business partner Lawrence dollar and I
01:12
are both attorneys we founded a company
01:15
in Michigan called
01:16
Sun title still operating today as one
01:18
of the largest in the state and we we
01:21
end up having a wire fraud incident and
01:24
knock on wood the only one to date but
01:27
that took place a few years ago spring
01:29
of 2015 and and why that significant is
01:33
in 15 nobody was really talking about
01:37
the issue it was it was all new and
01:41
essentially what happened was we had we
01:44
had been contacted by a buyer and he was
01:48
purchasing a property he was out of
01:50
state he was purchasing a property with
01:52
a gas station on the southeast side of
01:53
Grand Rapids Michigan and we opened up a
01:57
tidal order and it felt like a normal
01:59
commercial transaction at one point and
02:03
all of this was kind of documented in
02:05
this Purchase Agreement that we were
02:06
following we received a certified check
02:09
for a hundred and eighty five thousand
02:11
dollars and
02:13
we had deposited that check and then a
02:15
few days later the the inspections were
02:19
completed on the property and we were
02:21
asked to wire a hundred and eighty of
02:23
that hundred and eighty five to an
02:26
account that was allegedly held by the
02:28
seller so think of it as taking a check
02:31
in depositing that making sure that
02:33
check was good and then wiring off that
02:35
kind of standard practice in the escrow
02:38
industry what the fraudsters knew that
02:41
we did not at the time was how long it
02:44
takes a check to fully clear the Federal
02:46
Reserve so a couple days after we had
02:49
wired the funds that quote-unquote
02:51
certified check had bounced because it
02:53
was a fraudulent check so that’s hard
02:57
enough to get your head around in the
02:58
sense that hey you just lost a hundred
03:00
eighty thousand dollars overnight what
03:03
the next two years of our experience on
03:05
wire fraud unfolded for us we couldn’t
03:09
have imagined so and it really gets to
03:12
the level of sophistication and patience
03:16
that these cyber criminals are are
03:21
displaying in the links they’ll go to to
03:24
defraud someone and if you know anything
03:26
about Grand Rapids Michigan it’s a very
03:28
conservative area you’d think hey this
03:29
is the last place in the world that you
03:32
know a cyber syndicate that’s looking at
03:35
doing some type of a fraud would even
03:37
focus on so it was it was kind of a
03:39
blind siding event for for us as
03:42
business owners and even operationally
03:45
so here’s how it went our our money left
03:49
Grand Rapids and went to New York well
03:52
we didn’t know is a German national had
03:55
flown in at the instructions of someone
03:58
else in the syndicate to go into a bank
04:01
branch where the money had landed and
04:03
and launder the money frankly they call
04:06
it money mewling you probably heard that
04:07
term from the FBI so they had an
04:09
international money mule involved in
04:11
kind of leg one of the transfers so the
04:14
money lands from Grand Rapids to New
04:16
York and then it spoilers down into
04:18
three different wires into Texas and why
04:20
they do this and they do it with
04:22
incredible timing and accuracy is
04:24
they’re trying to avoid recall or
04:26
detection
04:28
so that they can convert that cash to
04:30
either cryptocurrency or they can
04:33
convert the wire into a down payment on
04:36
some other property credit cards being
04:39
paid instantaneously I mean they they
04:41
move the money really quick so in Texas
04:45
they’re her a cast of characters waiting
04:47
there for the money to arrive and they
04:49
started doing a bunch of different
04:51
things they again put a down payment on
04:53
a piece of property they paid off a
04:54
bunch of credit cards they had prepaid
04:56
with some some kind of prepaid Visa
04:59
cards some commodities were purchased
05:03
off of our our wire so ultimately we
05:06
litigated and we were able to after two
05:09
years of litigation get a bulk of our
05:10
funds back what’s interesting though is
05:14
after we had kind of finished our civil
05:19
recovery no getting as much money back I
05:22
got a call from the Department of
05:23
Justice around some of the the
05:27
co-conspirators that were involved in
05:29
our fraud and this is where a lot of
05:32
people we can think or we’re creating
05:35
awareness around wire fraud and the loss
05:36
of financial funds but there’s also a
05:39
much more personal and disruptive aspect
05:43
to this in the sense that if you’re
05:45
called if you’re called by the
05:47
Department of Justice to help in some
05:49
type of investigation or trial and I was
05:52
so what what uncovered in an
05:57
investigation was that our fraud
06:00
actually involved one of the one of the
06:04
broadest cyber syndicates running out of
06:06
western Africa called the Nigerian the
06:10
the Nigerian black axe or the Neo
06:13
Nigerian movement and we end up getting
06:18
wrapped up in a pretty significant trial
06:21
that I had to testify last October with
06:25
one of the main North American leaders
06:28
of The Syndicate
06:30
so you coined it vast bill and you said
06:33
you know prevention is really the best
06:37
because you just don’t want this to
06:39
happen
06:40
so so that’s kind of our our experience
06:43
with not only where we victims we lost
06:46
funds we fought to get them back civilly
06:49
but then on the back end really called
06:52
to bring those people and hold them
06:54
accountable during you know through a
06:56
trial and in you know with the with the
06:59
Department of Justice it was a
07:00
fascinating and a lot of times
07:02
terrifying aspect and I say that because
07:04
some of the co-conspirators had actually
07:07
taken hits out on witnesses with other
07:10
trials so there was just a there was a
07:13
whole nother aspect of this group that
07:16
went beyond financial and was much more
07:19
kinetic in nature guys that play rough
07:23
it sounds like in fact I remember when
07:25
we had our FBI agent friend on the show
07:27
talking about that that’s one of the
07:28
things he said just because it’s maybe
07:31
computers technical thing these criminal
07:34
elements gangs coalition’s whatever you
07:36
want to call them they are have their
07:38
hands in many illegal things and they
07:41
play rough in many cases at probably
07:44
most cases yeah I like to tell people
07:46
they’re not taking the money and
07:48
improving the roads for us to go on
07:50
vacation when we’re overseas there
07:53
they’re just doing bad things and
07:55
there’s just so much leaving the country
07:57
and now that we have a kind of an
08:00
anonymous crypto currency base even
08:04
harder to detect when you know US funds
08:07
are transmitted you know transferred to
08:09
crypto and then ultimately just some
08:11
other fiat currency so no i-i’ll let go
08:14
what you’re saying we learned that
08:15
firsthand these guys definitely play
08:18
rough it’s a nine billion dollar
08:20
industry for them right now
08:21
you know I I heard one of the I was
08:24
speaking with the FBI
08:25
earlier this year and he said hey if you
08:27
created a nine billion dollar company
08:29
you’d make investments in it you’d
08:31
refine your strategy you’d build the
08:33
infrastructure I say he said it’s no
08:35
different they’re doing the exact same
08:37
thing it’s a good business form there’s
08:39
no doubt yeah Tom before we get into
08:41
which you all are specifically doing for
08:43
the for the industry talk a little bit
08:45
about you know based on your experience
08:47
you know a big part of our listeners are
08:49
home buyers property owners in in real
08:52
estate agents and
08:53
any thoughts on you know what they could
08:56
be doing as part of a transactions to
08:58
mitigate their their own risk yeah I
09:00
think the biggest thing and the best
09:02
line of defense is really understanding
09:06
the process of how real estate
09:10
transactions are funded sitting down
09:13
with your agent having your agent more
09:17
importantly sit down with the title
09:19
provider typically the agent or the
09:21
lender selects the title provider and a
09:23
transaction this is it’s not just a
09:25
Texas thing this is everywhere in the US
09:27
right if you’re in the middle of a
09:29
transaction or you’re nearing close and
09:30
nobody has mentioned anything about wire
09:32
fraud or how I get my cash to close to
09:36
you in a secure way many states require
09:39
those to be wired because wire transfers
09:42
are the safest way to to transmit money
09:46
they’re much safer than cheques because
09:48
they’re instantaneous but they’re also a
09:50
single point of failure meaning if the
09:52
end point somehow is is diverted by a
09:55
fraudster there’s no calling that back
09:58
in most cases so I think the first thing
10:01
is if anybody is thinking about has
10:04
started or nearing the end of the
10:06
process you’ve got to raise your hand
10:08
with your attorney with the real estate
10:10
agent title and settlement provider and
10:13
have a conversation about what to expect
10:16
and frankly what are some of those flags
10:19
that if they come up you can spot them
10:23
as malicious or potentially fraudulent
10:25
versus those that can be trusted if
10:29
somebody is sending you just to give you
10:31
some examples if somebody is sending you
10:35
wiring information through an email
10:37
that’s a huge problem or if you receive
10:41
wiring information because you stopped
10:43
in an office and you sign for them or
10:45
whatever the process was and you feel
10:46
like you got it from a credential source
10:48
and then somebody calls you and says hey
10:49
it’s been updated or we changed banks or
10:53
there’s some other reason why you may
10:57
need to wire to a different account
10:58
those are the types of things that you
11:01
just really have to be suspect of
11:03
because – what tom was saying earlier
11:07
they’re creating pitch-perfect messages
11:11
that have transaction level information
11:13
embedded in them so you’ll think it’s
11:15
coming in thinking all this has to be my
11:17
attorney this has to be the title
11:18
company because who would know this we
11:19
were just talking about this they know
11:22
it because they’re reading somebody’s
11:23
email in real time and then they’re
11:26
impersonating them to get you as someone
11:29
in the transaction to divert funds so
11:33
those are the types of things that you
11:36
just have to get educated and get
11:39
basically the cadence or the you know
11:41
what are the rules of the road here
11:43
around wires before before I’m asked to
11:48
before I’m asked to send funds well what
11:51
comes to mind in fact I’m thinking about
11:52
my son isn’t in the and his wife are in
11:55
the process of buying a new home and as
11:57
I’m talking to him about getting ready
11:59
were like 15 days before they close I
12:02
mean the buyers and sellers they have a
12:04
lot on their mind already and probably
12:07
works too the fraudsters advantage in
12:09
that they’re thinking about changing
12:11
their electricity over they’re thinking
12:13
about how am I gonna move this what am I
12:14
gonna do with all this stuff what’s the
12:16
timing gonna be they have have the
12:19
inspection work out where the repairs
12:21
made all those many many things and
12:23
they’re distracted they’re just going
12:25
through the process they expect like I
12:28
did when I bought my home years ago they
12:31
expect everything to be secured to not
12:32
even worry about this right now
12:34
no I agree I think the challenge with
12:36
real estate that’s different from from
12:38
other transactions is there’s there’s no
12:41
muscle memory because we’re in the
12:44
market so infrequently the average
12:47
consumer so you may have closed down
12:50
your house whatever it was right on
12:53
average we’re hovering around 10 years
12:55
up from 7 years before the great
12:58
recession and so much changes in the
13:01
industry in 12 months now we as industry
13:05
participants we say oh yeah that was a
13:07
two year ago thing or three years ago
13:08
thing but somebody hasn’t been in the
13:11
market for the last whatever many years
13:14
and they are completely reliant in a lot
13:16
of cases on their advisors to
13:20
safely guide them through the closing
13:22
process now you may know how to find
13:24
property values and lookup that’s
13:26
different I’m talking about the blocking
13:28
and tackling of getting a real estate
13:32
transaction closed and insured properly
13:35
and that’s exactly right what we’re
13:37
seeing and this was an alarming trend
13:39
that we started to see in April of this
13:41
year is that the fraudsters aren’t
13:44
waiting until the week of closing to
13:47
reach out and try to solicit wires from
13:51
buyers they’re reaching out week one we
13:54
helped a gentleman in New York with a
13:56
full recovery in August he hadn’t even
13:59
signed the purchase agreement yet and
14:01
wired a hundred and fourteen thousand
14:02
dollars to a fraudster thinking he was
14:04
communicating with his lawyer that got
14:06
hacked we know that that’s that’s the
14:09
challenge is the timing of this so if
14:12
your real estate agent or more
14:14
importantly I would say your title and
14:15
settlement provider aren’t ahead of this
14:17
thing and you’re a first-time homebuyer
14:20
and you’ve never wired funds in your
14:21
life you certainly haven’t bought a home
14:23
and the first time you’re learning about
14:25
anything related to a wire transfer is
14:29
coming from the fraudster really hard to
14:32
defend against that right now that’s I
14:35
know I like what tom was saying that’s
14:37
my biggest concern as well is you’re
14:41
going through due diligence there you
14:43
know asking for everything short of a
14:45
blood sample for the loan I mean we’re
14:47
just we’re doing all this stuff and in
14:49
that they thread in oh and oh by the way
14:52
you know to make sure we don’t lose this
14:55
house you need to wire your however much
14:58
your fifty eight hundred thousand
15:00
dollars to this account so we can season
15:02
that before closing we are talking with
15:05
Tom Kronk right the CEO of certified
15:08
also Tom Carpentier president of Stewart
15:11
insurance and we’re gonna take a short
15:13
break when we come back we’re gonna talk
15:14
about some of the potential things and
15:16
things that we can do to prevent this
15:18
and some other ideas on cybercrime stay
15:20
with us please
15:22
you
15:24
[Music]
Up next
AUTOPLAY

26:27
NOW PLAYING
REM #3

In today’s connected world, almost everyone has at least one Internet-connected devices. With the number of these devices on the rise, it is important to implement a security strategy to minimize their potential for exploitation (see Securing the Internet of Things). Internet-connected devices may be used by nefarious entities to collect personal information, steal identities, compromise financial data, and silently listen to—or watch—users. However, taking a few precautions in the configuration and use of your devices can help prevent this type of activity.

What are the risks to your wireless network?

Whether it’s a home or business network, the risks to an unsecured wireless network are the same. Some of the risks include:

Piggybacking

If you fail to secure your wireless network, anyone with a wireless-enabled computer in range of your access point can utilize your connection. The typical indoor broadcast range of an access point is 150 – 300 feet. Outdoors, this range may extend as far as 1,000 feet. So, if your neighborhood is closely settled, or if you live in an apartment or condominium, failure to secure your wireless network could potentially open your internet connection to many unintended users. These users may be able to conduct illegal activity, monitor and capture your web traffic, or steal personal files.

Wardriving

Wardriving is a specific kind of piggybacking. The broadcast range of a wireless access point can make internet connections available outside your home, even as far away as your street. Savvy computer users know this, and some have made a hobby out of driving through cities and neighborhoods with a wireless-equipped computer—sometimes with a powerful antenna— searching for unsecured wireless networks. This practice is known as “wardriving.”

Evil Twin Attacks

In an evil twin attack, an adversary gathers information about a public network access point,  then sets up their system to impersonate it. The adversary uses a broadcast signal stronger than the one generated by the legitimate access point, then, unsuspecting users connect using the stronger signal. Because the victim is connecting to the internet through the attacker’s system, it’s easy for the attacker to use specialized tools to read any data the victim sends over the internet. This data may include credit card numbers, username and password combinations, and other personal information. Always confirm the name and password of a public Wi-Fi hotspot prior to use. This will ensure you are connecting to a trusted access point.

Wireless Sniffing

Many public access points are not secured and the traffic they carry is not encrypted. This can put your sensitive communications or transactions at risk. Because your connection is being transmitted “in the clear,” malicious actors could use sniffing tools to obtain sensitive information such as passwords or credit card numbers. Ensure that all the access points you connect to use at least WPA2 encryption.

Unauthorized Computer Access

An unsecured public wireless network combined with unsecured file sharing could allow a malicious user to access any directories and files you have unintentionally made available for sharing. Ensure that when you connect your devices to public networks that you deny sharing files and folders. Only allow sharing on recognized home networks, and only while it is necessary to share items. When not needed, ensure that file sharing is disabled. This will help prevent an unknown attacker from accessing your device’s files.

Shoulder Surfing

In public areas malicious actors can simply glance over your shoulder as you type. By simply watching you, they can steal sensitive or personal information. Screen protectors which prevent shoulder-surfers from seeing your device screen can be purchased for little money. For smaller devices, such as phones, be cognizant of your surroundings while viewing sensitive information or entering passwords.

Theft of Mobile Devices

Not all attackers rely on gaining access to your data via wireless means. By physically stealing your device, attackers could have unrestricted access to all of its data, as well as any connected cloud accounts. Taking measures to protect your devices from loss or theft is important, but should the worst happen, a little preparation may protect the data inside. Most mobile devices, including laptop computers, now have the ability to fully encrypt their stored data—making devices useless to attackers who cannot provide the proper password or PIN. In addition to encrypting device content, it is also advisable to configure your device’s applications to request login information before allowing access to any cloud-based information. Lastly, individually encrypt or password-protect files that contain personal or sensitive information. This will afford yet another layer of protection in the event an attacker is able to gain access to your device (see Protecting Portable Devices: Physical Security).

What can you do to minimize the risks to your wireless network?

  • Change default passwords – Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. These default passwords are easily available to obtain online, and so provide only marginal protection. Changing default passwords makes it harder for attackers to access a device. Use and periodic changing of complex passwords is your first line of defense in protecting your device (see Choosing and Protecting Passwords).
  • Restrict access – Only allow authorized users to access your network. Each piece of hardware connected to a network has a media access control (MAC) address. You can restrict access to your network by filtering these MAC addresses. Consult your user documentation for specific information about enabling these features. You can also utilize the “guest” account, which is a widely used feature on many wireless routers. This feature allows you to grant wireless access to guests on a separate wireless channel with a separate password, while maintaining the privacy of your primary credentials.
  • Encrypt the data on your network – Encrypting your wireless data prevents anyone who might be able to access your network from viewing it (see Understanding Encryption). There are several encryption protocols available to provide this protection. Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and WPA2 encrypt information being transmitted between wireless routers and wireless devices. WPA2 is currently the strongest encryption. WEP and WPA are both still available; however, it is advisable to use equipment that specifically supports WPA2, as using the other protocols could leave your network open to exploitation.
  • Protect your Service Set Identifier (SSID) – To prevent outsiders from easily accessing your network, avoid publicizing your SSID. All Wi-Fi routers allow users to protect their device’s SSID, which makes it more difficult for attackers to find a network. At the very least, change your SSID to something unique. Leaving it as the manufacturer’s default could allow a potential attacker to identify the type of router and possibly exploit any known vulnerabilities.
  • Install a firewall – Consider installing a firewall directly on your wireless devices (a host-based firewall), as well as on your home network (a router- or modem-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer (see Understanding Firewalls).
  • Maintain antivirus software – Install antivirus software and keep your virus definitions up-to-date. Many antivirus programs also have additional features that detect or protect against spyware and adware (see Understanding Anti-virus SoftwareRecognizing and Avoiding Spyware, and Why is Cyber Security a Problem?).
  • Use file sharing with caution – File sharing between devices should be disabled when not needed. You should always choose to only allow file sharing over home or work networks, never on public networks. You may want to consider creating a dedicated directory for file sharing and restrict access to all other directories. In addition, you should password protect anything you share. Never open an entire hard drive for file sharing (see Choosing and Protecting Passwords).
  • Keep your access point software patched and up-to-date – The manufacturer of your wireless access point will periodically release updates to and patches for a device’s software and firmware. Be sure to check the manufacturer’s website regularly for any updates or patches for your device.
  • Check your Internet provider’s, or router manufacturer’s, wireless security options – Your internet service provider and router manufacturer may provide information or resources to assist in securing your wireless network. Check the customer support area of their websites for specific suggestions or instructions.
  • Connect using a virtual private network – Many companies and organizations have a virtual private network (VPN). VPNs allow employees to connect securely to their network when away from the office. VPNs encrypt connections at the sending and receiving ends and keep out traffic that is not properly encrypted. If a VPN is available to you, make sure you log onto it any time you need to use a public wireless access point.

Author

NCCIC

Back to: 🔥Synchronous Post Broker Course-2020s > Intra/Inter Office Confidentiality