Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > Business hacked - suggestions

Business hacked - suggestions
Thread Tools
RobOnTheCape
Senior User
Join Date: Jan 2004
Location: Martha's Vineyard
Status: Offline
Reply With Quote
Sep 7, 2016, 10:56 AM
 
Hello all,

one of my jobs is in Real Estate, and one of our agents was recently scammed and hacked in a big way, and it could have cost us hundreds of thousands of dollars due to someone posing as a legit mortgage rep, and sending transfer instructions to not only her clients, but also to countless agents in TX. It was pretty involved, and I know our IT people are from a small firm who do a little bit of everything, but not one thing great(not denigrating, just they are spread out a bit much). My question is can someone recommend a firm/firms which would look at our systems and policies and help us clamp down on this?

I know someone last year intercepted my email correspondence and sent wire instructions to someone, but he had the smarts to contact me prior to sending. This hacker had our documents, and almost every detail was accurate, except that the bank was a small branch outside of London.

Thanks
     
andi*pandi
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status: Offline
Reply With Quote
Sep 7, 2016, 11:31 AM
 
that sucks.

My company uses Sage Security to supplement our inhouse team.

Sage Data Security | Cybersecurity Consulting Services
     
mattyb
Addicted to MacNN
Join Date: Feb 2008
Location: Standing on the shoulders of giants
Status: Offline
Reply With Quote
Sep 7, 2016, 12:36 PM
 
Get the police involved asap. If you use an IT Security company first, they may be accused of manipulating evidence. The police may even have a recommended firm to use - they might have to be certified in some form.

On the IT side, make sure copies of logs are kept, sometimes stuff is rotated or even purged after X days. This sort of stuff should be doable with even a mildly competent IT team.
     
RobOnTheCape  (op)
Senior User
Join Date: Jan 2004
Location: Martha's Vineyard
Status: Offline
Reply With Quote
Sep 7, 2016, 12:42 PM
 
Thanks - luckily no money in any of the scams was sent. The ownership is working on this now with our local IT service, but they(ownership) are fairly clueless about computers/internet/security thus I want to point them in the right direction. I also think it's wise to have consultants come in, or at least distribute info on the do's and don'ts of doing business on the web. For instance I was told never in an email to use "wire transfer" as it could be detected by scammers. Not sure if it's true - maybe someone was watching too many NSA/spy thrillers.

Thing is someone was expected to send about $150k on one day, then $440k two days after, and they had the scammers routing info. scary.
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Offline
Reply With Quote
Sep 7, 2016, 02:25 PM
 
This is more of a "going forward" idea, which may not be practical for your business.

My bank (BMO/Harris), requires you to call them with a PIN to initiate a transfer. Before they send it out they call back, only to a list of approved phone numbers, and then require a different PIN to confirm.

It's annoying, but it's a pretty bulletproof system.



Edit: whoops... realized that wasn't your problem. Never mind.
     
RobOnTheCape  (op)
Senior User
Join Date: Jan 2004
Location: Martha's Vineyard
Status: Offline
Reply With Quote
Sep 7, 2016, 02:47 PM
 
Thanks - after a brief interview they decided to schedule a teleconference with these folks in the AM.
     
Waragainstsleep
Posting Junkie
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Sep 7, 2016, 06:54 PM
 
Simple policy like never sending routing or transfer details by email would go a long way to protecting funds.
I have plenty of more important things to do, if only I could bring myself to do them....
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 09:45 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,