On June 9th 2017, the CCIM Miami-Dade-Monroe District hosted its CCIM Monthly Meeting at Morton’s Steakhouse in Coral Gables. The topic was on Cyber Awareness by Chris Scott, an expert on Cyber Security. Mr. Scott is also an "ethical hacker", advising banks and businesses on internet fraud.
|Miami-Dade CCIM District Monthly Meeting / Cyber Awareness re Fraud|
Fraud is Everywhere in Our Digital Workplace
As we transact business in the information age, where global economies rely heavily on computers and e-commerce, we need to be alert to the various sources of fraud perpetrated via email and especially with bank wire transfers. In commercial real estate, we spend a large portion of the day on our computers using the internet emailing clients, researching properties, market values, property owners, and analyzing investment properties. The computer and the internet have become an integral part of the profession.
Mr. Scott warned us to be extremely careful with our digital communications as cyber fraud is on the increase. In particular, the headers of an email should be carefully examined to see the URL and information regarding the sender.
According to the AFP Payments Fraud and Control Survey, 73% of companies were targets of payments fraud in 2015, up from 62 percent in 2014. Moreover, 39% of corporate practitioners from these companies report the potential loss from fraud was greater than $250,000. And the preferred payment method responsible for fraud loss was checks and wire transfers.
Common Fraud Tactics
Mr. Scott lists common fraud tactics:
- Phishing - An email that tricks recipient into taking some type of harmful action
- Business Email Compromise (BEC) - A certain attack where the attacker pretends to be an authorized user of a system in order to gain access to it
- Ransomware - A certain malicious software made to block access to a computer system
- Wire Fraud - Targeting of banks and financial institutions via wire transfers
As an example, ten employees work for a boutique real estate company. The company decides to hire a new employee to work in accounts payables. A cyber criminal, without being noticed, may have already compromised the real estate company’s network as a result of prior surveillance and email communication. Cyber criminals do their homework and may have set up a fake URL that closely resembles the company information and web site. They monitor the existing network traffic and observe the writing styles of key figures in preparation to compromise the systems.
Another scenario: What if the Cyber Criminal masquerading as the company’s boss or high ranking employee sends an email to the new employee with wire instructions to send $100,000 to client? He or she may not be fooled but that email, but what if the Cyber Criminal more clever?
Mr. Scott provides helpful tips against Cyber Criminals. They are:
- · Check the email address and email header. Look for the sender’s name and email header.
- · Be suspicious of attachments. Only download and open those that you are expecting.
- · Notice the email’s greeting. Does the sender know your name and use it?