When it comes to protecting your assets and financial information, you must consider the potential exposure created by two-way communication. The security protocol used and followed by your asset managers, assistants, attorneys and others you’ve authorized to help manage your assets is just as important as the security of the technical systems they use.
The term social engineering refers to the use of human manipulation to convince someone to give up confidential information. For example, a cybercriminal could impersonate you via email or telephone and request that your assistant perform a money transfer. If the cybercriminal is successful, that trusted personal assistant may be tricked into depositing funds into the thief’s account.
The more information available to a cybercriminal as a result of corporate data breaches or other information leaks, the more sophisticated social engineering scams can become. The data exposed by the 2017 Equifax breach, which affected over 142 million Americans, is just one example of information that could easily help a cybercriminal conduct such a scam. Following are a few tips to help you prevent information shared with third parties from falling into the wrong hands.
Make sure you have established protocols for dealing with money transfers and other sensitive communications:
Buying or selling real estate, whether it is your primary residence or an investment property, presents a unique set of fraud and cybersecurity risks. These are high-value transactions, and in most cases, a substantial amount of information about the transaction is publicly available. Cybercriminals can monitor online listing sites to learn when a transaction is likely to occur and identify the listing agent. That can lead them to the identity of other key parties who will be involved in the transaction, such as legal and escrow teams. They can then impersonate these individuals (usually through phishing campaigns) in an attempt to trick you into sending them money.
In addition, when you buy a home, you will likely engage with the seller’s legal and/or escrow firms. However, you may not be familiar with these firms or the individuals who work for them. Common cybersecurity precautions, such as conducting a “call back” to confirm the details of a wire transfer, could be difficult to verify since all relationships are new.