Feb 8, 2013

Tip 6-2013: Cyber Fraud Targeting Local Escrow Accounts

Here's how it happens:

A cyber "fraudster" exploits a crack in your out-dated firewall and downloads key-logging spyware onto your office manager's PC. The "fraudster" waits until the manager logs into your on-line bank account, stealing the password, then changing her email address to his.

Your bank follows protocol and notifies your office manager that a change has been made to your on-line banking credentials. She ignores the email, thinking it's spam, especially if the email comes from a 3rd party vendor she doesn't recognize.

The fraudster now has full access to your on-line bank account and initiates a wire transfer, sending all of your escrow funds to the Bank of China. Time passes, and you finally discover the funds missing from your drained escrow account.

You contact your local bank, and they immediately balk at assuming any responsibility. After all, they followed your instructions (it's in the fine print of your banking agreement), giving the bank zero liability.

Then it hits you: You are responsible for notifying your regulatory agency and for replacing the funds in your escrow account. You wonder, "Where do I get that much money?"

How do you protect yourself?

Talk with your local banker and IT support person immediately about installing extra layers of security. As a minimum, these layers should include the following: a strong, updated firewall that protects all your PCs from Hackers; strong passwords that are changed frequently; identification of any 3rd party vendors that are used by your bank; limits placed on ACH transactions and wire amounts; use of security tokens issued by your bank, and dual approval for wires (even if you don't plan to ever wire funds from your account).

I know these steps sound daunting, but trying to find the tens of thousands of dollars to put back into your escrow account, and trying to explain the tragedy to your regulatory agency remains far more distressing. Please take action today to protect yourself and your company. The threat is real, and they are targeting our area.

Contact me at 434-951-0858 or Tucker@TGBLaw.com if you have questions.  

William D. Tucker
Tucker Griffin Barnes Charlottesville, VA (434-973-7474)

No comments:

Post a Comment