Cyber Security

Cyber Security

Protect Yourself From Cyber Fraud
Read below to learn how to protect yourself from cyber fraud.

Preventative IT Measures
Using a layered security approach, TMI utilizes many safeguards to address network safety and help prevent malicious activity. While no single solution can prevent all threats, the layered approach aims to reduce risk. These layers include:

• Anti-spam Filtering: Checks all incoming emails and attachments for any malicious content and prevents them from reaching the end-user.
• Email Multi-Factor Authentication: Requires remote user to log in to email using email address, password, and randomly generated code on cell phone.
• Stateful Packet Inspection: Filters incoming and outgoing packets to only allow those explicitly needed for data operations.
• Web Content Filtering: Blocks unsuitable web content at the firewall before it is passed to the endpoint device.
• GeoBlocking: Uses IP address database to identify and block traffic based on geographic location to reduce threat exposure from known high-risk areas (ex. China, Russia, Africa).
• Intrusion Prevention: Uses continuously updated signatures to scan traffic on all major protocols, providing real-time protection against threats such as spyware, SQL injections, crosssite scripting, and buffer overflows.
• Gateway Antivirus: Uses continuously updated signatures to identify and block known spyware, viruses, Trojans, worms, rogueware, etc.
• DNS Filtering: Blocks categories of websites which have been identified as security risks based on their domain name before they reach the internal network.
• Security Awareness Training: User education allows an organization to convert their greatest security risk into their greatest security asset: people. Users who are trained to use discernment and report concerns when they arise provide a dynamic and valuable layer of security for your organization.
• Email Impersonation Protection: Provides AI-based protection against spear phishing, account takeover, and business email compromise.
• Email Forensics and Incident Response (FIR): Investigate emails that have reached end users and quickly perform mass removal of undesired or malicious messages.
• Endpoint Detection and Response (EDR): EDR focuses primarily on advanced threats that are designed to evade front-line defenses and have successfully entered into the environment. A successful threat on any given device can spread to the entire system, so this layer is designed to prevent and mitigate threats at their entry point using an agent installed on each endpoint.
• Managed Detection and Response (MDR): MDR uses heuristics-based artificial intelligence to analyze the behavior of systems compared to their expected normal operations and then identify anomalies. If anomalies are identified, they are then flagged and analyzed by systems. If the system cannot make a determination, it hands off the event to a human-based SOC for further analysis.
• Security Operations Center (SOC): 24x7x365 US-based security team monitoring activity on systems and networks. Upon identifying a potential compromise, the affected system is analyzed for verification. If compromise is verified, immediate action is taken to isolate and mitigate the threat to reduce or prevent damage to the system.

In addition to implementing a functional layered security approach, TMI also outsources IT services to Premier One, a SOC2 Type II compliant IT service provider.

How Your Money Gets Stolen

1. Hacked email – Hackers get access to the email account of someone involved in the transaction – the buyer, seller, real estate agent, mortgage lender, title agent, or other.
2. Email from hacker – The hacker then emails that person to change the wiring or payment instructions without knowledge from the other parties.
3. Consumer pays wrong account – If not questioned, the wrong account gets the down payment or other funds and the criminal gets away.
4. Closing day – By the time closing day arrives and the mistake is realized, often the funds are long gone.

How to Avoid Wire Fraud

Rule 1: Always question emails that contain wiring instructions.
Hackers have learned to exploit the real estate closing process to steal millions of dollars from people buying or selling a home.

Rule 2: Always call before sending any money.
When you do receive instructions on where to send money prior to closing, always call your contact person at the title company to verify. Then call your bank to verify as well.

Rule 3: Always call after sending money.
It’s always a good idea to call right after money is sent. That way, you can verify that it was received by the correct recipient.

Rule 4: Act immediately if anything seems unusual.
Contact your bank, mortgage company, and title company immediately if anything is in question. If something is wrong, you may need to contact your local FBI office.