ST. PETERSBURG, FL
A recent article on Bay News 9 shared a story about a couple that just bought a new house in Tampa.
Everything was going great – until their real estate agent’s email was hacked.
The realtor had been targeted in a growing scam that focuses on businesses that do money transfers, like real estate agencies.
They had been monitoring realtors email account for some time, waiting for the opportunity.
The hacker, who was found to be based out of South Africa, put a filter on the realtors Gmail account to block her from seeing email exchanges made from her account to her clients.
The first email the hacker sent said that the clients needed to wire $15,000 to the title company as part of a down-payment agreement.
Trusting the email from their realtor, they called the bank to start the transfer.
An Emerging Global Threat
The FBI has been tracking these scams since 2013 and just recently released a new Fraud Alert warning of an increase in activity. An estimated 270-percent increase in identified victims since January.
Agents say the scams often involve scouting company websites, monitoring the social media accounts of executives, and then hacking into their email.
The FBI calls it a Business Email Compromise and warns that it’s an “emerging global threat.”
When the FBI uncovered the scam, they found multiple logins over 30-40 days.
They found searches for real estate verbiage, directions to the title company the clients were using and the time it was in Florida.
The FBI says this shows the sophistication of these criminals.
They figure out the standard operating procedure and wait for the right time to attack.
Growing Global Threat
The FBI has identified 7,000 companies victimized in the United States alone, leading to $740 million in losses. That doesn’t include unreported loses.
The FBI says it is imperative for businesses to be extra cautious when it comes to money wire transfers, especially because once the money is sent, it’s nearly impossible to recover. While this couple was facing a potential loss of $15,000, the FBI says some victims have lost as much as $250,000.
If this happens to you, immediately report it to the FBI’s Internet Crime Complaint Center and file a complaint.
For additional questions and more information about cyber security download our Cyber Security Planning Guide our contact our cyber liability specialist Aaron Kane at 813-876-4166
- Verify changes in vendor payment location and confirm requests for transfer of funds.
- Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.
- Be careful when posting financial and personnel information to social media and company websites.
- Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.
- Consider financial security procedures that include a two-step verification process for wire transfer payments.
- Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
- If possible, register all Internet domains that are slightly different than the actual company domain.
- Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.