now browsing by tag


#school | #ransomware | Town Hit by Ransomware; System Shut Down to Limit Damage – East Greenwich News

Source: National Cyber Security – Produced By Gregory Evans By Elizabeth F. McNamara Town Manager Andrew Nota said Saturday the town had been hit with computer ransomware and had shut down the system townwide to evaluate the damage and rebuild. “There have been numerous system breaches in municipalities in Rhode Island, New England and nationally […] View full post on

#school | #ransomware | Cyber security expert breaks down ransomware attacks

Source: National Cyber Security – Produced By Gregory Evans MONROE, La. (KNOE) – Gov. John Bel Edwards declared a state of emergency following a cyber-attack on Nov. 18. An apparent “ransomware” virus infected 1,500 of the state’s 30,000 computers last week. Source: (MGN) An apparent “ransomware” virus infected 1,500 of the state’s 30,000 computers. This […] View full post on

#cybersecurity | #hackerspace | Secure Developer Workstations Without Slowing Them Down

Source: National Cyber Security – Produced By Gregory Evans

Fueled by automation, the adoption of DevOps processes and more, the role of the developer has become increasingly important and widespread for enterprises going through digital transformation. Developers need access to privileged credentials in order to access key developer tools like Kubernetes or Jenkins admin console. These credentials can be saved locally, making developers’ workstations — whether they are Macs or PCs — high-value targets for hackers.

These workstations are often vulnerable to something as simple as a phishing email, which attackers can use as an entry point to get access to the developer’s credentials. Because of these vulnerabilities, developers’ workstations are extremely important to secure. However, developers are famous for prizing speed above all else — and seeing security as little more than a speed bump.  So how to ensure that developers take security seriously?

Securing privileged access through the principle of least privilege needs to be a top security priority. It is no secret that no-one should have full-time admin rights. But, what does that mean for developers?

Security teams face a difficult dilemma. They need to better secure developer workstations while still providing them the elevated permissions and privileges—and freedom—they need to get their job done. And they need to do all that without impacting velocity.

I recently encountered this comment on the Stackoverflow forum:

 “There is almost no legitimate operational reason for restricting admin access to local PCs for staff that need it to do their job.”

Is that true?

Developers, DevOps and other engineers all perform administrative tasks as part of their job responsibilities, so they also have “full control” of their environment. Furthermore, because of the work developers do, there are extra challenges involved in hardening and restraining their workstations regardless of whether they are using Windows or macOS.

Developers install and uninstall software, drivers and system updates. They change operating system internals and use debugging programs on a regular basis. Without full control, developers often can’t do their jobs.

However, developers have access to source code, API keys and other shared secrets – usually more access than the standard user. Compromising a developer is a quick way for attackers to gain immediate elevated access to the most essential, mission-critical information an organization has. Consequently, developers have the kind of access that attackers want, which makes them the type of user who needs the highest levels of protection – whether they like it or not.

Want to take over a company or cause reputational damage quickly? Compromise a developer endpoint.

There are even specific types of attacks designed to target developers.  For instance, “watering hole” attacks where cyber attackers will compromise common, popular developer web sites known to be good places to share code and get help troubleshooting programming issues. For example, four of the largest software developer companies in the world were compromised during a single cyber attack campaign that placed a zero-day Java exploit on an iOS developer web site.

Rights and Responsibilities

One way to deal with developers’ requests for full admin rights would be to provide them with virtual machines dedicated to programming, which could be perfectly patched and thoroughly hardened. This is doable with the right amount of monitoring and alerting, antimalware and IPS.

However, a workaround like this has a huge management overhead. It requires more budget, additional machines and another user to manage those machines.  It’s not a comfortable situation for the IT team or the developer – and let’s not forget the cost of such a solution.

Additionally, while using their development tools, developers consume a lot of computer resources (e.g. generating millions of temporary files during code compilation). This leaves the security team with the job of ensuring that no significant performance impact occurs while implementing endpoint security products – not an easy task.

Conventional attempts to counter this typically require system administrators or security staff to perform manual inspections and craft security policies in response. As application complexity and development velocity increase, it becomes impractical to determine least privilege ahead of time manually. Furthermore, a central policy gatekeeper won’t scale efficiently and is likely to negatively impact delivery velocity.

Cutting the Gordian Knot

There has to be a better way to balance the needs of the developer with security concerns. Organizations need to be able to remove administrative privileges from developers without preventing them from doing their jobs, reducing velocity or overburdening security teams.

CyberArk Endpoint Privilege Manager can overcome these obstacles, allowing organizations to remove privileged credential rights on Windows workstations, servers and MacOS. It provides privileged access management (PAM), allowing enterprises to easily remove local Admin users – including developers. For instance, CyberArk Endpoint Privilege Manager can elevate specific applications used by the developer on a day-to-day basis or provide just-in-time user elevation for a specified time while recording and logging all user activity.

In addition, since developers may save credentials to their development environments, Endpoint Privilege Manager protects those repositories from credential theft while allowing trusted applications to use the credential stores.

Another key feature for the developers use-case is the out-of-the-box predefined policies for different developer tools like visual studio, Eclipse, Git and others.

Final Thought – The Developer Resistance

Each new security-driven restriction impacts the developer productivity throughout the entire software development process. Consequently, developers may fight the rules and restrictions necessary to maintain a strong security posture. What makes Endpoint Privilege Manager any different?

Endpoint Privilege Manager minimizes interference in the developer workflow. Developers – and other users – don’t need to go through the extra step of involving an administrator when they need access to certain applications. For a predefined, approved set of applications, users can seamlessly gain access through an automated process.

Furthermore, Endpoint Privilege Manager allows users to elevate privileges to access these approved applications while continuing to access other, unapproved applications as non-privileged users. This means that developers can continue to access the majority of the applications they use on a  daily basis without having to slow down – without losing out on the benefits of application security.

Developers are like builders constructing a house on an empty lot. They need to be armed with the best tools to do their best work. If you give them old equipment, they will spend more time working around it than actually building. Endpoint Privilege Manager lets developers do what they do best – without interrupting their workflow with compliance and security requirements – so that they can write code faster.

Developers don’t need to be the last hold out for administrator rights within an organization. Learn how this is possible today.

The post Secure Developer Workstations Without Slowing Them Down appeared first on CyberArk.

*** This is a Security Bloggers Network syndicated blog from CyberArk authored by Vadim Sedletsky. Read the original post at:

Source link

The post #cybersecurity | #hackerspace |<p> Secure Developer Workstations Without Slowing Them Down <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Pen #testers #break down #bank security #flaws

While banks have built effective barriers for external attacks, researchers warn they have not done nearly as much work to fight threats on their internal networks.

Earlier this month, a third-party software vulnerability resulted in a Mexican bank heist that scored at least $15.4 million.

In early 2017 there was a surge of attacks targeting card processing in Eastern Europe which scammed nearly $100 million and later that year, intruders attacked the Far Eastern International Bank in Taiwan by making transfers to accounts in Cambodia, Sri Lanka, and the U.S which totaled at $60 million.

Positive Technologies researchers examined how cybercriminals are able to pull off such massive financial heists from behind their keyboards and acted like cybercriminals to gain insight on common vulnerabilities shared among banks.

The firm said it found vulnerabilities in all of the banks they have performed penetration tests on and that half of the banks had insufficient protection against recovery of credentials from OS memory, a quarter used dictionary passwords, and nearly a fifth, 17 percent, had sensitive data stored in cleartext.

Positive Technologies would not specify the number of banks in its study but did emphasize the need for banks to enact strong password policies as 50 percent of those tested used dictionary passwords.

Researchers added that a quarter of these banks used the password “P@ssw0rd” as well as such common combinations as “Qwerty123,” empty passwords, and default passwords such as “sa” or “postgres”.

The most common vulnerabilities were outdated software which were found in 67 percent, sensitive data stored in clear text, 58 percent, dictionary passwords, 58 percent, use of insecure data transfer protocols, 58 percent, remote access and control interfaces available to any user, 50 percent.

Less common vulnerabilities included anti-dns pinning, sql injection, arbitrary file upload, XML external entity, and cross-site scripting 25 percent.

Other common vulnerabilities that allow infections usually consist of use of outdated software versions and failure to install OS security updates, configuration errors, and absence of two-factor authentication for access to critical systems

As a result of these vulnerabilities, attackers would be able to obtain unauthorized access to financial applications at 58 percent of banks and penetration testers were able to compromise ATM management workstations used at 25 percent of the banks studied.

Researchers were also able to move money to criminal-controlled accounts via interbank transfers at 17 percent of the banks tested.

It’s important to realize that banks suffer from the same problems as other companies and typical attack vectors stem from a weak password policy and insufficient protection against password recovery from OS memory.

Similar to physical bank robberies, cybercriminals survey and prepare in advance to attack their targets sometimes leveraging insider personnel.

“Since use of external resources can be detected by security systems, in order not to get caught during this initial stage, criminals resort to passive methods of obtaining information: for example, identifying domain names and addresses belonging to the bank,” researchers said in the report. “At the survey stage, unscrupulous bank employees are actively engaged as well.

Researchers found numerous on web forums from insiders looking to disclose their employers’ information for a fee.

“The bottom line is, banks are not ready to defend attacks from the internal intruder today,” Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies told SC Media. “Despite the high level of protection of the network perimeter, attacks using social engineering techniques and so-called watering hole attacks allow attackers to enter the internal network of the bank”

Galloway went on to say that Cybercriminals can covertly be present in the infrastructure for a long time while learning the actions of employees and administrators all while hiding their attack from security systems under the guise of the legal actions of employees whose computers they hacked int


The post Pen #testers #break down #bank security #flaws appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers have #taken down #dozens of #911 #centers. Why is it so #hard to stop #them?

When news broke last week of a hacking attack on Baltimore’s 911 system, Chad Howard felt a rush of nightmarish memories.

Howard, the information technology manager for Henry County, Tennessee, faced a similar intrusion in June 2016, in one of the country’s first so-called ransomware attacks on a 911 call center. The hackers shut down the center’s computerized dispatch system and demanded more than $2,000 in bitcoin to turn it back on. Refusing payment, Howard’s staff tracked emergency calls with pencil and paper for three days as the system was rebuilt.

“It basically brought us to our knees,” Howard recalled.

Nearly two years later, the March 25 ransomware attack on Baltimore served as another reminder that America’s emergency-response networks remain dangerously vulnerable to criminals bent on crippling the country’s critical infrastructure ─ either for money, or something more nefarious.

There have been 184 cyberattacks on public safety agencies and local governments in the past 24 months, according to a compilation of publicly reported incidents by the cybersecurity firm SecuLore Solutions. That includes Atlanta, which fell victim to a ransomware attack a couple days before the one on Baltimore, scrambling the operations of many agencies, but not the 911 system.

911 centers have been directly or indirectly attacked in 42 of the 184 cases on SecuLore’s list, the company says. Two dozen involved ransomware attacks, in which hackers use a virus to remotely seize control of a computer system and hold it hostage for payment.

Most of the other attacks involve “denial of service,” in which centers are immobilized by a flood of automated bogus calls. One of the first occurred in October 2016, when Meetkumar Desai, then 18, of Arizona, distributed a computer bug on Twitter that overwhelmed 911 centers in 12 states. The motivations for such attacks are often less about the money than doing damage — sometimes as a form of protest, as when the “hacktivist” group Anonymous took down Baltimore’s city website after the death of Freddie Gray while in police custody, experts say. Desai reportedly told authorities he meant his attack more as a prank.

“911 is the perfect [target] because it can’t afford to be down,” said Tim Lorello, SecuLore’s president and CEO.

This is how 911 works: When someone dials for help ─ typically from a mobile phone ─ the call gets routed from a cell tower to a 911 center, where a “telecommunicator” answers the phone and gathers basic information. The telecommunicator enters that information into a computer-aided dispatch system, where a dispatcher picks it up and coordinates a response from firefighters, police officers or ambulances.

This 911 system relies on redundancy, meaning that call centers that are taken out of service by a hacking attack can work around the disruption by shutting down the computer-aided dispatch system and sharing information person-to-person, or by sending calls to a nearby center. But depending on the type of attack and a 911 center’s resources, those disruptions can make it more difficult for people to reach someone in case of an emergency. A July 2017 investigation by Scripps News on the vulnerabilities of 911 systems noted the case of a 6-month-old Dallas boy who died after his babysitter’s 911 calls were delayed during an apparent denial-of-service attack.

J.J. Guy, chief technology officer at the cybersecurity firm Jask, said that the spread of ransomware attacks on public safety agencies and other key government operations shows the potential for cyberterrorists to target the country’s critical infrastructure.

Last month, the Department of Homeland Security outlined in a report how Russian hackers have gained access to American power plants. The hackers did not cause service interruptions, but the fact that they could gain access at all is troubling to security experts.

“To date, if you don’t have credit cards or lots of personal information, attackers had little motivation and thus you were mostly safe,” Guy said in an email. “This will change those dynamics. Manufacturing, logistics, etc — any field with an operations mindset that loses money when ‘the line is down’ will be targeted.”

The attack on Baltimore was discovered March 25, after a morning breach of its computer-aided dispatch system, officials said. The city’s cybersecurity unit took the system down, forcing support staff to pass 911 calls to dispatchers using paper rather than electronically. Call-center operations returned to normal early the next day, officials said. Investigators later determined that the intrusion was an attempted ransomware attack, but “no ransom was demanded or paid,” a city spokesman James Bentley said. He declined to explain further, saying that “could compromise the investigation.”

Most ransomware cases end similarly, with governments refusing to pay hackers, choosing instead to switch to a more primitive version of 911 services while they rebuild their systems. Governments have caved at times, however, although officials decline to say much about those incidents, out of concern that it will encourage more attacks.

Another problem with the current 911 system is that it doesn’t accommodate the ways people communicate in the modern world ─ through texts, photos, videos, etc. That is why the 911 industry is pushing telecommunication companies and state and local governments to adopt what it calls Next Generation 911, which allows callers to send data through approved telecommunications carriers and internet service providers (while still taking calls from landlines).

Adoption of Next Generation 911 has been slow and costly, said Brian Fontes, CEO of the National Emergency Number Association, or NENA. A tiny fraction of America is on Next Generation 911; the short list includes Maine and Vermont, with Indiana, Washington state’s King County and part of Texas getting close, Fontes said.

The Next Generation 911 systems will have advanced security baked into their foundations, including the ability to instantly identify suspicious activity, immediately shut down in response to intrusions, and simultaneously move incoming calls to other centers in a way that is undetectable to someone dialing for help, officials say.

But the increased connectivity also opens the modern systems to new potential modes of attack, experts say. No matter how sophisticated a defense, all it takes is one overlooked vulnerability to let hackers in, experts say.

That makes it essential to develop sophisticated defense systems run by in-house cybersecurity teams, they say.

In Baltimore’s case, the ransomware attack was discovered and repelled by Baltimore City Information Technology, which maintains defenses across the local government. It determined that the hackers had found access after a technician troubleshooting the computer-aided dispatch system made a change to a firewall and mistakenly left an opening, the city’s chief information officer, Frank Johnson, said in a statement. The FBI is now helping the city investigate.

Howard, in Tennessee, knows how his attacker obtained access to the 911 center — by finding a weak password left by a deceased former system administrator. The FBI told him it looked as if the attack came from Russia. But he still isn’t sure.

Howard cleaned and rebuilt his system, but struggles to maintain patches for his outdated CAD system. “It’s been a nightmare,” he said.

No one has been caught or prosecuted in the Tennessee or Baltimore attack.


The post Hackers have #taken down #dozens of #911 #centers. Why is it so #hard to stop #them? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

New York is #quietly working to #prevent a major #cyber attack that could bring down the #financial #system

Source: National Cyber Security News

Five months before the 9/11 attacks, US Secretary of Defense Donald Rumsfeld sent a memo to one of his advisers with an ominous message.

“Cyberwar,” read the subject line.

“Please take a look at this article,” Rumsfeld wrote, “and tell me what you think I ought to do about it. Thanks.”

Attached was a 38-page paper, published seven months prior, analyzing the consequences of society’s increasing dependence on the internet.

It was April 30, 2001. Optimistic investors and frenzied tech entrepreneurs were still on a high from the dot-com boom. The World Wide Web was spreading fast.

Once America’s enemies got around to fully embracing the internet, the report predicted, it would be weaponized and turned against the homeland.

The internet would be to modern warfare what the airplane was to strategic bombers during World War I.

The paper’s three authors — two PhD graduates and the founder of a cyber defense research center — imagined the damage a hostile foreign power could inflict on the US. They warned of enemies infecting computers with malicious code, and launching mass denial of service attacks that could bring down networks critical to the functioning of the American economy.

Read More….


View full post on National Cyber Security Ventures

2,000 #computers were #shut down due to #SamSam virus #attack to #Colorado Department of #Transportation

Source: National Cyber Security News

On Wednesday morning the workday in Colorado Department of Transportation (CDOT) was disturbed. The institution went back to good old days when computers were not existing due to SamSam ransomware virus attack.

On February 22, the file-encrypting virus hit CDOT’s computers, encrypted files and demanded to pay the ransom in Bitcoins. More than 2,000 computers were shut down to stop and investigate the attack.

According to the CDOT spokeswoman, the version of SamSam ransomware hit only Windows OS computers even though they were secured by McAfee antivirus. However, CDOT and security software providers are working on virus elimination.

Fortunately, Colorado Department of Transportation has all data backed up. Therefore, they are not going to pay the ransom and crooks attempts to blackmail the institution did not succeed.

Meanwhile, employees are forbidden from accessing the Internet until the problem is solved. Ransomware did not affect any critical services, such as cameras, alerts on traffics or variable message boards.

Authors of SamSam ransomware already received money from victims in 2018
SamSam ransomware is known for a while. Numerous versions of malware hit hospitals and other institutions last year. Colorado Department of Transportation is not the first organization that was in the target eye of the ransomware creators this year too.

Read More….


View full post on National Cyber Security Ventures

Gaps in #software slowing down #security #professionals

Source: National Cyber Security – Produced By Gregory Evans

Gaps in software systems are slowing down security teams who are estimated to spend 10 hours a week dealing with the inefficiencies.

More a third of IT decision-makers estimated that their security staff spent at least three hours daily on tasks that otherwise could have been handled by better software, revealed a study commissioned by LogRhythm. Conducted by Widmeyer, the study polled 751 respondents from Asia-Pacific, the US, and UK.

The majority believed a security administrator, on average, spent up to 10 hours a week dealing with the lack of software capabilities.

And yet, in Asia-Pacific, 56 percent of IT decision-makers said they depended on software to help them prioritise cybersecurity threats.

This reliance would be increasingly important since 88 percent across the global sample regarded insider threats as a growing concern in their ability to safeguard the organisation.

“The proliferation and innovation of business-enabling technology, combined with the speed of today’s advanced hackers to adopt and adapt to the latest technology, is making it increasingly difficult–if not impossible–for security teams to evolve their rapid threat detection and response capabilities as quickly as their adversaries,” said James Carder, LogRhythm Labs’ chief information security officer and vice president.

The security vendor touts the merits of artificial intelligence (AI) in dealing with this evolving landscape. It noted, however, that less than half of the survey respondents currently used AI to fight cyberthreats.

According to Gartner, AI would help businesses regain 6.2 billion hours in employee productivity by 2021, generating US$2.9 trillion in business value.

The research firm’s research vice president Mike Rollings said: “AI can take on repetitive and mundane tasks, freeing up humans for other activities, but the symbiosis of humans with AI will be more nuanced and will require reinvestment and reinvention instead of simply automating existing practices.

“Rather than have a machine replicating the steps that a human performs to reach a particular judgment, the entire decision process can be refactored to use the relative strengths and weaknesses of both machine and human to maximise value generation and redistribute decision making to increase agility,” Rollings said.

The post Gaps in #software slowing down #security #professionals appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

ATO #outages have slowed down #cyber security policy #upgrades

Source: National Cyber Security – Produced By Gregory Evans

ATO #outages have slowed down #cyber security policy #upgrades

There are concerns the Australian Taxation Office (ATO) has more work to do on cyber security standards, with Commissioner of Taxation Chis Jordan telling Senate estimates last night sustained outages at the tax office may have slowed down plans for security policies.

On Wednesday a joint committee report into cybersecurity compliance in government departments highlighted the committee “is most concerned that the audit found that the ATO and [Department of Immigration and Border Protection] are still not compliant with the mandatory ‘Top Four’ mitigation strategies”.

The mitigation strategies, which are the top four of eight “essential” tools recommended by the Australian Signals Directorate for warding off cyber security threats, include restricting administrative privileges, using latest operating systems, patching systems and application whitelisting.

The ATO told the committee it would take until November to become compliant with the practices, but in a Senate estimates hearing on Wednesday evening Commissioner of Taxation Chris Jordan told the room there was a reason for the delay in the plan for cyber security: the sustained system outages that hit the office from December last year.

Jordan told Labor Senator Jenny McCallister the December outage “slowed down” progress on cyber security compliance.

The tax office has undertaken a comprehensive review of systems stability after system knockouts started playing havoc with clients after an initial major outage on December 11, 2016.

PricewaterhouseCoopers was engaged to conduct an external audit of ATO systems, which identified 14 key areas for improvement to ensure systems stability at the tax office for the long term. However, the focus of this was on how the ATO’s various portal systems interacted, rather than on cyber security priorities.

The accounting sector has previously told SmartCompany cyber security planning is not the only thing to be slowed down by the December outage. Finance professionals were expecting overhauls to a range of tax office portal systems in the near future, but the Institute of Public Accountants says these have been put on hold.

“Priority one, two and three is just maintaining a stable system. All of the system upgrades and moving to better platforms are all on hold,” the IPA’s general manager of technical policy Tony Greco told SmartCompany in June.

“The existing systems aren’t perfect, and we’re having to wait longer for new ones.”

According to the joint committee report, if Commonwealth entities were to all comply with the four most important strategies for cybersecurity, 85% of targeted cyber attacks could be prevented.

Overall, the committee noted that evidence provided about cyber security policies at government departments “from both submitters and witnesses [suggest] that compliance with the Top Four mitigation strategies is a minimum standard and does not necessarily equate to cyber resilience”.

In 2013, the government mandated the top four strategies for fighting cyber attacks and put a timeline in place to have all departments on board by June of 2014.

SmartCompany contacted the ATO for comment but did not receive a response prior to publication.

The post ATO #outages have slowed down #cyber security policy #upgrades appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Scammers are #conning homebuyers out of their down #payment

Source: National Cyber Security – Produced By Gregory Evans

Scammers are #conning homebuyers out of their down #payment
  • Scammers are going after homebuyers’ down payments in a growing version of “email access compromise.”
  • Because it’s the consumer authorizing the wire transfer, the usual protections don’t apply.
  • Experts say don’t trust emailed closing instructions. Call a number you know to be correct to confirm.


It’s a number Shannyn Allan knows by heart. That’s how much money she painstakingly saved for a 20 percent down payment and closing costs on her dream home — one with a claw-foot tub and enough room to run her fundraising group for dog rescues.

It was “the only house in San Antonio in our price range,” she said.

And it’s how much money the first-time homebuyer nearly lost this spring to an increasingly common scam.

“It was a nightmare every single day,” Allan said of the three-week ordeal. “I almost lost the house.”

Variations of so-called email access scams have become a $5.3 billion problem affecting businesses and consumers in all sectors, the FBI warned in a May public service announcement.

The bureau’s notice called out real estate transactions as a trending forum for the scam, targeting “all participants … including buyers, sellers, agents, and lawyers.” In particular, complaints to the FBI from victimized title companies jumped 480 percent in 2016.

“They’re tough numbers to digest because we do think they’re underreported,” said James Barnacle, chief of the FBI’s money laundering unit.

In some of the largest real estate cases, he said, losses have been “in the low millions.” But even smaller losses are significant.

“They’re people’s life savings,” Barnacle said.

Tactics for the scam vary, but thieves’ aim is the same: Compromise the computer or email account of a person or business involved in real estate to monitor upcoming transactions. That gives them an opportunity to impersonate that party and try to intercept funds.

“Scammers and hackers want to target you when you’re either scared out of your mind or extremely happy,” said Ryan O’Leary, vice president of the Threat Research Center at WhiteHat Security. “Real estate is the perfect one-two combo, and there’s a lot of money at stake.”

Elements of real estate transactions are becoming increasingly digital, giving would-be thieves plenty of opportunities, he said. Nor does it hurt that a home purchase is one of the few instances where a request to wire money won’t set off alarm bells for the consumer.

In Allan’s case, the thieves interceded just hours before the closing.

“They waited and they watched, like a damn gator in the water,” she said.

She was on her way to the bank when she got an email that appeared to be from her title company, with a change of wire transfer instructions. Suspicious, Allan reached out to her real estate agent — who, she says, simply apologized for the hassle.

Allan wired the money at 9:34 a.m. Central time.

By a lucky coincidence, the real title company reached out to Allan shortly after, to give her the final closing instructions and confirm the money would be wired.

“They were like, ‘You wired the money? Who did you wire it to?’” she said.

How to avoid real estate wire fraud

An educated homebuyer is the first line of defense, said Jessica Edgerton, associate counsel for the National Association of Realtors. No matter what security precautions other parties, such as your title company or real estate agent, have in place, ultimately you’re the one wiring the money.

“This is happening all the time,” she said. “Attempts are happening on a daily basis.

“Don’t dismiss this as an interesting news story and distance yourself thinking this is something that won’t happen to you,” Edgerton said.

Here’s how to avoid falling victim to this kind of scam:

1) Verify everything

When you’re buying a house, you expect to hear from your real estate agent, attorney and other parties in the transaction. So you’re naturally less suspicious of emails that appear to be from those people — which thieves take advantage of, said the FBI’s Barnacle.

Don’t assume any emailed instructions or account details are legit.

“You have to call, and you have to confirm,” Barnacle said. “Having some kind of redundancy and some kind of check in place is the number one way of avoiding being hit by these frauds.”

But don’t call the phone number in the email, he said. That may redirect you to the would-be thieves. Instead, call a number you know to be correct for say, that title agency or mortgage broker, based on a web search or previous interactions.

2) Be suspicious of changes

Last-minute changes to closing procedures are a red flag — especially requests that you change the payment method or send money to a different bank or account, said Doug Johnson, senior vice president and senior advisor of risk management policy for the American Bankers Association. Real estate closings are a “standard process,” he said, and it would be unusual for those details to change.

Again, verify any changes by calling the other parties involved.

“Trust your instincts on this kind of stuff,” Johnson said. “We tend to know when something smells a little fishy.”

3) Secure your emails

Given the risk of compromise, don’t send sensitive data such as bank account details or your Social Security number over email, Edgerton said. Use a secure file-transfer service to send documents required for that home purchase, or a secure client-access portal that the business (be it your title company, mortgage broker, etc.) has set up.

Be suspicious of communications that don’t follow whatever protocol has been set up — for example, a request that you email details that you’ve previously securely submitted via a portal.

4) Use good cybersecurity hygiene

This scam begins with thieves gaining access to the computer or email account of someone involved in the real estate transaction, said O’Leary — make sure that someone isn’t you.

Keep your antivirus software and operating system up to date, use unique, complex passwords and enable protections such as two-factor authentication where available. Don’t click on any suspicious links in emails, he said.

5) Pick a secure payment method

Ask about your options for paying the down payment and closing costs, said Allan, who blogs about personal finance at and now, after her experience, at You may be able to bring a paper certified check or cashier’s check to the closing or an agent’s office ahead of time, avoiding the possibility the funds end up in a fraudster’s hands.


If you fall prey to one of these scams, you’ll need to act immediately. The odds of recovering that stolen money aren’t in your favor.

Money sent via a wire transfer is quickly moved electronically from your bank to the recipient bank, and then into the payee’s account. You typically have only a tiny window for the banks to halt a transfer, or freeze the account before fast-moving thieves withdraw the funds. Once the money is out of that account, it’s gone.

Even if you spot and report the fraud within 24 hours, you might not get your money back, said Barnacle.

“I don’t want to set false expectations for consumers,” he said. “The chance of recovery here is slim.”

Because the consumer is the one to authorize the wire transfer, protections covering unauthorized financial transactions don’t apply. The banks will work with you, but you may bear some or all of the liability for lost funds, depending on the details and extent of the crime, said Johnson.

Allan’s almost immediate notice of the fraud was instrumental in recovering of her money because the bank was able to freeze the thief’s account. In the end, she lost just $430 — including $70 in wire transfer fees. She’s quick to point out she was extremely lucky.

“I feel like a magical unicorn, because this doesn’t happen,” she said.

Here’s how to take action if you fall prey to a scam:

Alert the banks. “Immediately call your bank or financial institution,” Johnson said. “They may still be able to call back the wire.” Alert the bank on the receiving end of the wire transfer, too. They can often work with your bank to halt the transfer or freeze the recipient’s account.

Call in law enforcement. File a local police report detailing what happened. Call your local FBI office and file a complaint with the FBI’s Internet Crime Complaint Center, too. “At the FBI level, we have briefed all of our 56 field offices and all of our resident agencies, and they are equipped to rapidly respond,” Barnacle said.

The post Scammers are #conning homebuyers out of their down #payment appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures