Cybersecurity for Commercial Real Estate: Key Strategies

Other best practices for protecting your portfolio against business email compromise include:

Verify callbacks: If you didn’t perform the callback yourself, confirm it was done correctly before sending payment.
Enable email controls: Tools that mark emails from outside your company make it harder for scammers to impersonate employees.
Check email addresses and domain names: Look for signs of spoofing before clicking links. You may see slight alterations to the spelling of an email address or website URL, or changes to the top-level domain such as swapping “.com” for “.co.”
Be cautious with personal info: Scammers can use information you post on social media or other public websites to craft more convincing phishing attempts, and audio and video clips can be used to create deepfakes.

Bank account takeover is a form of identity theft and a growing cyber threat. A fraudster’s goal: Gain access to a protected account and the funds or data it contains.

A cybercriminal may attempt to trick you into sharing sensitive data through deceptive texts, emails or calls that appear to be from someone you trust.

“Bad actors may call, pretending to be from your bank, and attempt to socially engineer you into divulging sensitive information through a fabricated urgent scenario,” said Nico DiGioia, vice president of Global Banking Client Fraud Experience at J.P. Morgan. “They might claim to want to help you solve a problem, such as reviewing a potentially fraudulent payment or an account with missing funds.”

The target may hand over account details without realizing they aren’t speaking with their bank.

Fraudsters often use spoofed emails or look-alike domains that closely resemble a real email or login page from the bank they’re impersonating. Another account takeover tactic is search engine optimization (SEO) poisoning, where scammers manipulate search engines so a fake website designed to steal account credentials appears at the top…

Source