thecompu-doctor
Member
- Reaction score
- 13
- Location
- Richmond Va
I wanted to start a conversation for you all to weigh in on. I have numerous real estate based clients (attorneys, agents, title companies, etc...) that we support. I've seen both among a couple of my real estate attorneys and read about other real estate attorneys being targeted for social engineering email scams. Or more importantly I should say the clients of the attorneys are targeted.
It goes like this: person buying the property gets an email that says its the from "the attorney" but really it is just some bogus gmail/hotmail account. This email will include fraudulent money wire instructions. If the buyer falls for it, then they wire away $75k or something similar. Now I don't know how to truthfully isolate where the breach occurred because I don't have access to all the pieces of the puzzle, meaning the buyer's computer and email, the real estate agent's computer and email and things like that. I do have access to my client's stuff and have done thorough virus/malware scans beyond my MSP scans. We changed their O365 hosted exchange password as an extra precaution in case he was somehow compromised at the email level. It would be nice to see IP's that users have logged into their O365 webmail from, but I'm not aware of a way to do this.
The way I see it, the likely ways this breach occurred are:
So, how do we combat these types of phishing scams? If the breach is not on my client's end, throwing technology tools and better passwords still wont help as the breach occurred elsewhere and the scammer just used my clients name. Even if the breach happened on my clients end, what can we do to help ensure no one falls for the scam? It would be great if we could somehow do a 2FA method so when the lawyer emails wire instructions, the buyer also gets a text with a secure code or something.
Now two ideas I had are:
A slight side note and a danger when it comes to secure email portals. This same client was briefly/slightly compromised a few months back when he received an email from a real estate company vendor he works with regularly telling him to sign into a secure portal for an email message. This was not uncommon for his communications with this particular vendor so he clicked on the link and entered his username and password. Unfortunately that vendor had been hacked, and the hackers sent out bogus emails to their address book with a bogus phishing secure email portal link. It was discovered in a few hours and he went to the real portal for that vendor and updated his password. I also had him change his email password back when this occurred.
It goes like this: person buying the property gets an email that says its the from "the attorney" but really it is just some bogus gmail/hotmail account. This email will include fraudulent money wire instructions. If the buyer falls for it, then they wire away $75k or something similar. Now I don't know how to truthfully isolate where the breach occurred because I don't have access to all the pieces of the puzzle, meaning the buyer's computer and email, the real estate agent's computer and email and things like that. I do have access to my client's stuff and have done thorough virus/malware scans beyond my MSP scans. We changed their O365 hosted exchange password as an extra precaution in case he was somehow compromised at the email level. It would be nice to see IP's that users have logged into their O365 webmail from, but I'm not aware of a way to do this.
The way I see it, the likely ways this breach occurred are:
- the buyer's email or computer were compromised and a hacker saw communications between a lawyer, agent and buyer and started the scam (this is a crime of oportunity)
- lawyer or real estate agent were compromised at the email or computer level (targeted crime)
So, how do we combat these types of phishing scams? If the breach is not on my client's end, throwing technology tools and better passwords still wont help as the breach occurred elsewhere and the scammer just used my clients name. Even if the breach happened on my clients end, what can we do to help ensure no one falls for the scam? It would be great if we could somehow do a 2FA method so when the lawyer emails wire instructions, the buyer also gets a text with a secure code or something.
Now two ideas I had are:
- at the start of the buyer, lawyer relationship the buyer gives the lawyer a passphrase that the lawyer must use when sending wire instructions as they get close to closing on the property
- my concern with something like this is the buyer may forget they didn't see the passphrase if they get fraudulent instructions
- use an encryption email service
A slight side note and a danger when it comes to secure email portals. This same client was briefly/slightly compromised a few months back when he received an email from a real estate company vendor he works with regularly telling him to sign into a secure portal for an email message. This was not uncommon for his communications with this particular vendor so he clicked on the link and entered his username and password. Unfortunately that vendor had been hacked, and the hackers sent out bogus emails to their address book with a bogus phishing secure email portal link. It was discovered in a few hours and he went to the real portal for that vendor and updated his password. I also had him change his email password back when this occurred.
