Pub. 6 2017-2018 Issue 3

Issue 1. 2018 21 The aftermath of the crime is generally a mess. The seller blames the buyer, the buyer blames the bank, the bank blames both, and insurance companies rely on complicated policy exclusions to avoid paying losses. Unfortunately, this scam is not going away soon. The FBI reported that between January 2015 and December 2016, there was a 2,370% increase in identified exposed losses. And this scam can affect individuals’ lives, including the hacking of realty transactions and court settlements. Title companies and lawyers have been victimized so frequently that many will not accept emailed wire instructions without verifying them by phone. Sowhat do you do? No technique or technology is secure, but creating a layeredwall around your business can help prevent and deter scammers. Make sure your computer protections are state of the art and constantly updated. Scammer techniques are constantly updated, and their abilities are augmented by rapidly changing technologies. You can only keep up by requiring your computer vendor to maintain state of the art protections and by following directions for implementation and use. Employee awareness training is a crucial aspect of any cyber security umbrella. Employees must know of crimes like BEC and the related infiltra- tion techniques. They must understand that a company that is a victim of a cybercrime can be crippled or destroyed, leading to the loss of jobs. Regularly monitor employee use of protections. Have your computer vendor develop protocols to protect against hackers. These are not diffi- cult. One can find suggestions throughout the internet such as do not share passwords, do not write down passwords, do not click on links in emails from unknown senders, etc. One can implement those suggestions. But how often do you go, or have someone go, desk to desk to see if employees are paying attention. The first time you do, youwill be horrified to see how many passwords are written on stickies or on blotters, how often passwords are shared, and how susceptible you are to employees clicking on phishing links. This must be handled like any other management challenge – set standards, train, monitor, and discipline for violations. Be especially careful of wire transfer scams. If you are selling, establish immediately themethod by which you will be paid. In each email you send or document you create, use amessagewarning against fraud, such as: “Because of the possibility of fraud, only accept payment directions such as wire transfer instructions if you personally verify the information by a telephone call to our publicly advertised phone number.” If you are the buyer, never accept payment directions, such as wire transfer information, without calling a known person at the seller using the publicly advertised phone number. Employee awareness training is a crucial aspect of any cyber security umbrella.