Cybersecurity for Agents, Buyers and Sellers – Part I
On October 17, Arizona REALTORS® 2018 President Lori Doerfler hosted the Facebook Live event “Cybersecurity for Agents, Buyers and Sellers” with guests John “Titleman” Lotardo, director of operations for Commonwealth Land Title Insurance Company and FBI Special Agent Paul Schaaf. Below are some highlights.
Part I: Cyber Attacks & Insurance
Lori: According to a 2017 auditor’s report, 50 percent of real estate businesses said they were not adequately prepared to prevent a cyber attack. In 2018, 68 percent of CEOs feel a cyberattack is only a matter of time.
What sort of cyberattacks effect the real estate industry?
John: They’re targeting folks who are touching or handling money — whether it’s coming to a title company or from a bank, from a consumer.
A buyer is supposed to deposit money for their home. They get wiring instructions from the title company and it says, here is all the wiring information. Closer to closing, they get the information (that) the wiring instructions have changed. Then the buyer fails to verify and they just go by this email or that communication. Lo and behold! It’s a fictitious email from the bad guys…and so (the buyer wires) it to the wrong place and the title company never sees it and the money is gone.
We always talk about verifying the wires or inquire before you wire. That’s a kind of a tagline we use, “inquire before you wire”. Call, talk to the title company, talk to a verified source that these are the real instructions.
Lori: If they’ve already wired the funds, what happens?
Paul: If it’s actually going to a foreign bank, we can usually stop it within 48 hours, but that’s from the time it was sent out. If it’s going to a domestic bank, we have to contact the bank and it’s really the person who sent the wire who needs to try to reverse that transaction at their bank. Time is not on their side.
We see a lot of these transactions occur during the holidays — when people have got their guard down. We see the criminals start going after wire transfers of businesses, maybe their cyber security people are out on break. Thanksgiving is a big one because most banks around the world are not closed on Thanksgiving.
People go, “Oh, maybe I did do something wrong on Wednesday, I’ll deal with it Monday.” It’s already gone. Like I said, we try to stop it…Kill Chain (Financial Fraud Kill Chain or FFKC) with FINCen (Financial Crimes Enforcement Network)…to get that money back. We’re about 75 percent successful within the first 48 hours, if it’s from a domestic bank to a foreign bank.
The FFKC can only be implemented if the fraudulent wire transfer meets the following criteria:
- the wire transfer is $50,000 or above;
- the wire transfer is international;
- a SWIFT recall notice has been initiated; and
- the wire transfer has occurred within the last 72 hours.
Lori: What about cyber insurance?
Paul: I would encourage cyber insurance, but it’s like anything — check it out, shop around. Breaches of companies can be expensive and it’s better to protect against them. The average record costs you about 141 dollars. So, if you have ten thousand clients, multiply that by 141 and that’s what you’re actually protecting. If all those records go out the door, that could be what you’re liable for ($1.4M).
Arizona REALTOR® members may access the state association’s cyber insurance guide here.
Portions of this transcript may have been edited for clarity.
John Lotardo, Lori Doerfler, Paul Schaaf