OCDA CYBER THREATS & CCPA: OC Realtors RAHUL GUPTA SENIOR DEPUTY DISTRICT ATTORNEY MAJOR FRAUD - CYBERCRIME/BWC OFFICE OF THE ORANGE COUNTY ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
OCDA CYBER THREATS & CCPA:
OC Realtors
RAHUL GUPTA
SENIOR DEPUTY DISTRICT ATTORNEY
MAJOR FRAUD – CYBERCRIME/BWC
OFFICE OF THE ORANGE COUNTY
DISTRICT ATTORNEY
CYBER THREAT – PRESENT
IC3 – 2019 CYBER CRIME REPORT: CALIFORNIA
Cyber Victims: FBI Stats
OC Stats: FBI 2020 • Monthly Averages • Total Victims 250-300 • Total Attempted loss: $1.5-$2 million • *Actual Loss ~ 40%
ASK YOURSELF THIS QUESTION? •WHAT BUSINESS ARE YOU REALLY IN? •REAL ESTATE?
CCC 1798.29/.82 – WHAT IS PII?
Types of information that triggers the notice requirement:
1) An individual's name plus one or more of the following:
*Social Security number, driver's license or California Identification Card
number, financial account numbers, medical information, health insurance, or
information collected through an automated license plate recognition system; or
2) User ID and password or other specified credentials permitting access to
online accounts.CCC 1798.29/.82 – Data Breach Notification • Data Breach Notice - Requires a business or a govt. agency that owns or licenses unencrypted computerized data, including PII to notify any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. • Any agency, person, or business that is required to issue a breach notice to more than 500 California residents must also electronically submit a single sample copy to the Attorney General.
CCPA • A business in the State of California, and satisfies one or more of the following thresholds: • (A) Has annual gross revenues in excess of twenty-five million dollars ($25,000,000); or • (B) Alone or in combination, annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices; or • (C) Derives 50 percent or more of its annual revenues from selling consumers’ personal information.
CCPA – Selling - Section 1798.140 • (9)(t) (1) “Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.
ORANGE COUNTY CYBER TRENDS • PHISHING • BEC / WIRE FRAUD • RANSOMWARE • FAKE LISTINGS
PHISING
PHISING
PHISING
PHISING
TWO FACTOR AUTHETICATION – 2FA
PHISHING PROTECTION TIPS • Do you recognize the sender of the email? • Is the email general, “Dear Sir or Madam? • Does it contain any spelling or grammar errors? • Does it have a download link or attachment? (Hover) • Reply to the email and ask for a phone number … “I can’t view the attachment on my phone right now, but I’m really interested, can I call you?” • Use 2FA – “Two Factor Authentication” – Gmail, outlook, etc.
BEC /WIRE FRAUD • Fake CEO email to accountant. • Agent/Broker – gets phished, criminal views emails and waits for closing (which means you were compromised for a while!) • Criminal sends fake wiring instructions from either 1) real email address or 2) fake email address change one letter: • bill@myrealestate.com = bill@myrea1estate.com • Jill_bestrealestate@gmail.com = jill_bestrrealestate@gmail.com • Criminal will set mailbox rules to send victim emails into junk folder of Agent/Broker • Criminal sends fake wiring instructions to victim.
BEC/WIRE FRAUD - SUCCESS STORY
BEC/WIRE FRAUD – SUCCESS STORY
BEC/WIRE FRAUD
BEC / WIRE FRAUD TIPS
• DO NOT SEND WIRING INSTRUCTIONS VIA EMAIL, FAX OR TEXT!
• Always provide wiring instructions in person or over the phone.
• Have a set routine with clients, go over the routine, follow the routine.
• IE: Only send wires on Monday or Tuesday.
• Call before and after sending wire to confirm wiring instructions,
banking and routing numbers are accurate.
• Use encrypted email features. (provide password over the phone!)
• Use Virtual Private Network (VPN).
• Use 2FA (2- factor authentication).
• If you’ve been a victim – act fast – only 24-48 hour window to freeze
funds.
• Contact bank, financial institution, local LE and FBI immediately.RANSOMWARE
RANSOMWARE TIPS • Back up, back up, back up! • Back up important data to the cloud or external storage.
https://www.apartmentlist.com/rent onomics/how-common-is-rental- fraud-scams/
• Suspect posts ad – we run address on Trulia and confirm listing is fake with registered agent. • Complete rental app with UC info … suspect wants to rent us the house! • Suspect provides wiring instructions … tracked to 19 yr old female in Alabama • That account receiving deposits of $2-5k per month from all over the US • *Asked suspect if house comes with refrigerator…
Protect Against Fake Ads • Inform your clients – never send payment by money gram/gift card/crypto • Don’t enter into agreements without seeing the inside of the property • Don’t enter into agreements without seeing the agent/seller in person • Watch out for the credit reporting scam – get free reports • If it’s too good to be true, it probably is. • Agents/Brokers – check your listings on craigslist periodically and report fake listings to craigslist
https://www.ey.com/Publication/vwLUAssets/ey-managing-real- estate-cybersecurity/$FILE/ey-managing-real-estate- cybersecurity.pdf
Cyber resources • NAR: https://www.nar.realtor/data-privacy- security • FBI – www.ic3.gov • OCDA – REFraud@da.ocgov.com • OCSD Cyber – (714) 647-7000 http://www.ocsd.org/about/staysafeoc/cyb er_safety
https://www.nar.realtor/law-and-ethics/cybersecurity-checklist-best-practices- for-real-estate-professionals
Cyber resources
OCDA CYBER THEATS & CCPA:
OC Realtors
RAHUL GUPTA
SENIOR DEPUTY DISTRICT ATTORNEY
MAJOR FRAUD – CYBERCRIME/BWC
OFFICE OF THE ORANGE COUNTY
DISTRICT ATTORNEYYou can also read
