It seems as if every few months a new scam pops up in the news. Whether it targets Netflix watchers, Google users, or an individual, scams leave internet users vulnerable. Scams, of all forms, try to take advantage of people's assumptions to gain private information or money, or both.
In the past year, scams related to real estate purchases increased to nearly $1 billion. The trend in these cyberthefts is that scammers hack into title company or real estate agent email accounts, look for approaching big deals, pose as a reliable contact—complete with real-looking logos and accurate information—and ask for the purchase's money to be sent via wire transfer, with a link to the account. Once sent, the money goes into the account of the cyberthief, not the account of the legitimate company. Here are some ways your title company can make your web presence less susceptible to scam artists and help your audience be less susceptible as well.
Your company should already have brand guidelines in place (and if you don't, here are some reasons to develop some as soon as possible), and included in that document should be how your company formats emails. Is your logo in the top left of the email or on the bottom right? What should be included in every employee's email signature? When do you send out mass emails via a service (like HubSpot) versus individual emails from employees?
Being consistent in communication company-wide helps make it easier to spot small inconsistencies that might signal a hacker.
Create Internal and External Protocols
In the same vein as being consistent, create protocols that will help keep your company and clients secure.
- Never ask for money via email—and let clients know that you don't
- Don't email the amount of the transaction, whether internally or externally, as hackers can use this to help make their emails seem more legitimate
- Send immediate confirmation emails of money received with company logos
- Put critical information on paper and handle face-to-face or via snail mail—when in doubt, write it out
Protect Your Email and Website
We've talked about website security on this blog before, and it should still be a priority for your company. If you have a WordPress site, download our Security Routines and Resources guide.
- Change passwords to employee email accounts and website access on a regular basis
Strong passwords should be at least ten characters, have a combination of numbers and digits, and include mixed-case lettering and symbols. Change weekly, monthly, or quarterly—the longer the time between changes, the more susceptible you become to hacks.
- Heighten security
When logged in to an email account, know if the account is open in multiple locations at once and set up alerts when a log in has happened in a different browser than usual. Set up your website to know when the last login was and from what IP address.
- Add HTTPS to your site
Adding an extra layer of security that encrypts transactions and authorizations is always a good idea. HTTPS is becoming the standard for all websites, so make sure your site is updated for security, SEO, and credibility purposes.
Education is key in preventing clients from becoming victims of cyberthieves. With the internal protocols from above in place to keep employees vigilant against attacks, help your clients also become aware of the dangers of scams and hackers. Create a worksheet or other way to present ways clients can spot fake communication.
- Demonstrate what an email from your company will look like.
Print out a hard copy sample to give them to verify communication. Do not send over email, as it could be easily seen by hackers and reproduced.
- Detail how to check for valid emails and websites.
What is the email naming convention your company abides by? Do you only send via individual employees or will you also send emails via a service? What URL is the valid company website? Tell them that if any information varies from what you've told them that they should call into the office to verify.
- Discuss how your company will ask for funds.
Do not defer from this protocol without advanced warning. It's better to miss a deadline than to have an unsuspecting family lose it all to a cyberthief.
If you or a client believe you have been a victim of scammers or hackers, contact the bank and law enforcement immediately. If in Chicago, contact the FBI Chicago Field office, which handles cases with business owners who are victims of Business E-mail Compromise (BEC) scams.
Please note that this does not constitute as legal advice, nor is Sparkfactor responsible for any consequences that occur after taking any of the recommended steps from above.