|
|
Business hacked - suggestions
|
|
|
|
Senior User
Join Date: Jan 2004
Location: Martha's Vineyard
Status:
Offline
|
|
Hello all,
one of my jobs is in Real Estate, and one of our agents was recently scammed and hacked in a big way, and it could have cost us hundreds of thousands of dollars due to someone posing as a legit mortgage rep, and sending transfer instructions to not only her clients, but also to countless agents in TX. It was pretty involved, and I know our IT people are from a small firm who do a little bit of everything, but not one thing great(not denigrating, just they are spread out a bit much). My question is can someone recommend a firm/firms which would look at our systems and policies and help us clamp down on this?
I know someone last year intercepted my email correspondence and sent wire instructions to someone, but he had the smarts to contact me prior to sending. This hacker had our documents, and almost every detail was accurate, except that the bank was a small branch outside of London.
Thanks
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Feb 2008
Location: Standing on the shoulders of giants
Status:
Offline
|
|
Get the police involved asap. If you use an IT Security company first, they may be accused of manipulating evidence. The police may even have a recommended firm to use - they might have to be certified in some form.
On the IT side, make sure copies of logs are kept, sometimes stuff is rotated or even purged after X days. This sort of stuff should be doable with even a mildly competent IT team.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Jan 2004
Location: Martha's Vineyard
Status:
Offline
|
|
Thanks - luckily no money in any of the scams was sent. The ownership is working on this now with our local IT service, but they(ownership) are fairly clueless about computers/internet/security thus I want to point them in the right direction. I also think it's wise to have consultants come in, or at least distribute info on the do's and don'ts of doing business on the web. For instance I was told never in an email to use "wire transfer" as it could be detected by scammers. Not sure if it's true - maybe someone was watching too many NSA/spy thrillers.
Thing is someone was expected to send about $150k on one day, then $440k two days after, and they had the scammers routing info. scary.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
This is more of a "going forward" idea, which may not be practical for your business.
My bank (BMO/Harris), requires you to call them with a PIN to initiate a transfer. Before they send it out they call back, only to a list of approved phone numbers, and then require a different PIN to confirm.
It's annoying, but it's a pretty bulletproof system.
Edit: whoops... realized that wasn't your problem. Never mind.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Jan 2004
Location: Martha's Vineyard
Status:
Offline
|
|
Thanks - after a brief interview they decided to schedule a teleconference with these folks in the AM.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
Simple policy like never sending routing or transfer details by email would go a long way to protecting funds.
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|