'Have you been pwned?'

Data breaches and cybersecurity attacks are a daily occurrence. The threat landscape is very wide, deep, and growing. This is big business for all kinds of criminal groups, who have the resources to go up against the best cyber security protections. This is true for all business sectors and for all individuals. Real estate practitioners are especially targeted because property transactions involve significant amounts of money. There are many variations of hacking and scam attempts.

One of the recent scams is fraud associated with vacant land and unencumbered property (no loans against the land). The scammer poses as the legitimate property owner and tries to connect with a real estate broker to sell the property quickly and below market value: there is some sort of “family emergency” or “medical situation.” They focus on properties where the actual owner’s mailing address is not in the area. The scam-seller cannot meet face-to-face, they’re “traveling,” using email as the base of communication. They are very good at creating fake drivers licenses or other photo ID, which is not that hard with the software available these days. They don’t return the required documentation in a timely manner, and insist on using their own notary and closing agents. There have been multiple cases attempting this fraud throughout north Idaho.  

“Pwned” (pronounced “poned”) means controlled, compromised, or defeated in the online gaming world. It has now passed into the vernacular as a corrupted password entry into your data, your personal information, your money! Many people are utilizing passwords that are ridiculously easy to crack. Do not use password prompts that could be readily apparent, like the name of your spouse, your pets, your children. Do not use keyboard entries like “qwerty” or “zxcvbn.” Never use the default password that came with the product. Come up with high entropy passwords: at least 12 characters using a variety of letters, numbers and symbols. Use multi-factor authentication. Use a password manager, and change passwords frequently. There are various websites where you can find out if your password has been used, or how strong it is. The more devices you have, the more exposed you are. This is the threat surface: the Ring doorbell, the Alexa, the smart refrigerator, any device connected into the Internet Of Things can be the Trojan horse allowing entry into your personal details.

There are so many ways the bad guys will try to trick you: phishing, which is email-based trickery: you have a FedEx delivery waiting, you just won something, click here on this link, etc. Often, these emails are very realistic, but with careful scrutiny and a healthy dose of paranoia, you can delete them (unopened please!). Or smishing, which is text-based, or vishing, which is cellphone oriented. They use bots and banks of computers, and AI programs to try to penetrate defenses. The goal is a Distributed Denial Of Service — DDOS — a cyber attack that floods the target with malicious traffic, end game being a virus creating ransomware. Companies are paying millions of dollars to retrieve their hostage data.  

When you get a notice to update your phone’s software, most likely it is not adding new features, it is to remedy a software breach. It is almost impossible for software developers to build a bug-free product. All systems, hardware, appliances (the IOT, Internet of Things) are constantly being probed. When a hacker identifies a weakness in an operating system, the result is a Zero Day Exploit, i.e. the developer has no immediate patch to fix the weakness. It’s cyber warfare, and we are all involved. If you are doing a real estate deal these days, please verify with the title company and your agent the security protocols they have in place. Be ultra-careful about with whom you share any personal information in that process. Sorry, but this is the new reality in this connected world.

• • •

Raphael Barta is an Associate Broker with an active practice in residential, vacant land, and commercial/investment properties (raphaelb@sandpoint.com).