Cybersecurity for Agents, Buyers and Sellers – Part II
On October 17, Arizona REALTORS® 2018 President Lori Doerfler hosted the Facebook Live event “Cybersecurity for Agents, Buyers and Sellers” with guests John “Titleman” Lotardo, director of operations for Commonwealth Land Title Insurance Company and FBI Special Agent Paul Schaaf. Below are some highlights.
Part II: Detection & Prevention
Lori: How can you tell whether a sender’s email account was “spoofed”?
Paul: That can be very difficult. The bad guys will pick a domain that is similar. So, if you have anything in your name like “Mortgage Insurance” and there’s an “M” in the domain, (bad guys) might put an “R” and an “N” [RNortgage Company]. You are not going to see that because your eyes want to see the M.
You can actually use a domain that somebody has to send an email with a “reply to” that’s basically the bad guy, but it’s hidden by the headers. What is the email asking, is it out of the norm?
John: Emails can easily be spoofed. So when you see an email that has new wire instructions on it, don’t call that phone number — because that number is probably spoofed too.
Lori: Hover your mouse over the sent email address…
Paul: It might show you what their true address is (or) copy it, put it into your email and see if that’s the address it’s supposed to be going to. Sometimes copy-and-paste can break that chain.
A lot of people use free email accounts. It’s not even monitored by someone in a brokerage, it’s just a Gmail account. How good is your security, are you using (2-step verification) on it? Are you changing your password?
Lori: How often should one change their password?
Paul: Change your password like you change your toothbrush. The dentist says every month. Some companies set the policy every 90 days, but you should change it. I’ve seen viruses get on computers and they corrected the problem, but nobody ever changed the passwords. I’ve seen malicious code steal a password and that computer still has that same password on it.
Lori: What about biometric verification?
Paul: Biometric verification is basically a [body measurement], but realize that it’s putting it on your computer in a hash value and its codes. If the codes are on the computer (and) your computer is compromised, I can get that biometric and I can simulate it. Realize that when you’re doing a biometric, it’s storing some record of that fingerprint on the computer — that’s the value of the hacker would want to try to use.
If you are adding more things…like a retina scan, dual or multi-factor authentication using another password…I think that’s a lot safer than just the basic lock on a house. You want a deadbolt, an alarm, all the things that you would add that makes it a lot harder. And the bad guys would have to move on to somebody else.
Lori: Are cloud applications safer than local servers?
Paul: All a cloud environment is, is basically somebody else’s data center. Sometimes they provide more security than on a local server. It’s all a matter of the standards that are out there for the cloud provider. Some companies, they move to the cloud and are actually getting more protection than on their own server and at a cheaper price.
Lori: What else should we know to help safeguard our consumers and REALTORS®?
Paul: Good computer or IT “hygiene”. REALTORS® wash their cars and they need to treat their computer the same way. Take it to a professional periodically…once a year…make sure it’s updated, has virus scanning on it.
Lori: Arizona REALTORS® has a member benefit that allows them to contact a Tech Helpline for anything that they need to do like that. Thank you John, Paul. I really appreciate your time.
Portions of this transcript may have been edited for clarity.
Two-Step vs. Two-Factor Authentication – StackExchange.com