It all seemed so routine. For officials of both the Henderson (TX) and Boulder Valley(CO) public school districts, the email that they received from an existing construction vendor asking them to update their automated payments to new bank information was nothing seemingly out of the ordinary.

Only when vendors began to inquire about the status of payments that the districts had sent did the districts come to realize that the routine change had made themselves the victims of a scam known as a BEC, or a Business Email Compromise.

In each case, the losses ran into the hundreds of thousands of dollars before being discovered. Henderson ISD lost approximately $610,000 to the hackers and Boulder Valley Public Schools lost approximately $870,000. The fiscal hit was accompanied by reviews of and changes to their operating procedures to ensure that such a loss wouldn’t happen again in the future.

While the districts tied their losses to public transparency, with information about the vendors and the scope of work that each was involved with available on their websites, government officials said that such schemes are typically quite sophisticated and ongoing long before any request for money, in order to establish a level of trust with their victims.

Secret Service Agent Bill Mack, speaking to the Tyler Morning Telegraph, noted that “[w]e’ve seen an uptick in the number of cases…Contact is often made long before the request for money. Criminals will use a compromised network to gather information about the target. Then, appearing to be a legitimate representative of the vendor, they will often request a simple change in account numbers.”

With FBI estimates as to the annual cost of cybercrime reaching over $2 billion dollars annually, and those losses only partially recovered through either the efforts of law enforcement or insurance, it’s important to recognize the fact that as scammers and hackers expand beyond the tired trope of the 419/Nigerian Prince, they’re now targeting new avenues, such as governmental entities and private associations (perhaps even your local real estate board/association).

While professional associations have been the targets of hackers since at least 2010, according to Ed Schipul, they’re coming under increasing levels of attack.

As a professional member of an organization, we depend on their advice, counsel, and information about upcoming trends and events. We rely on the communication that we receive from them to be timely, accurate, and most importantly, not be harmful to us, professionally or personally.

Assuming that the associations themselves are taking steps to protect their cybersecurity, how do we, as members protect ourselves from hackers?

The Federal Deposit Insurance Corporation (FDIC) has tips on staying safe from hackers in an ever-connected world:

• Be suspicious if someone contacts you unexpectedly online and asks for your personal information.
• Only open emails that look like they are from people or organizations you know, and even then, be cautious if they look questionable.
• Be especially wary of emails or websites that have typos or other obvious mistakes.
• Verify the validity of a suspicious-looking email or a pop-up box before providing personal information.
• Don’t immediately open email attachments or click on links in unsolicited or suspicious-looking emails.
• Install good anti-virus software that periodically runs to search for and remove malware.
• Be diligent about using spam (junk mail) filters provided by your email provider.
• Don’t visit untrusted websites and don’t believe everything you read.
• Criminals might create fake websites and pop-ups with enticing messages intended to draw you in and download malware.

In the case of officials at the districts, one measure that was implemented in each is worth remembering in a click-and-send era; they promised to have their respective staffs pick up the phone and call the vendor when any type of banking information was requested, to verify the request before providing information.

When dealing with our associations, if we receive an email or other outreach that seems out of character for them, it’s a good reminder to call and ask them if they’d intended to send it out before we take electronic action.

Home security cameras are becoming standard equipment in many homes and offices these days, but some of the more popular ones still come with a hefty price tag. That’s where the Wyze Cam comes to the rescue. This simply designed device hit the market for $19.99 in 2017, and now the company offers an upgraded option for $29.99. (You can still buy the lower-cost version.)

Does this relatively cheap security camera hold up to pricier security options like Nest, Ring, and Amazon’s Cloud Cam? Tech experts seem to think so. Cnet appreciated features such as timelapse, the ability to turn off alerts, and its built-in carbon monoxide and smoke alarms. TechCrunch gave a thumbs up to its easy installation, software, and video quality.

So, if you’re a real estate agent, should you consider installing these affordable security tools in properties you’re trying to sell, especially empty homes that could be easy targets for vandals and burglars? The simple answer is yes: Wyze Cams are a low-cost way to protect these properties when no one is around. The longer answer is yes, but make sure you’re following the law in your state.

In Texas, for example, the so-called “one-party rule” requires at least one party to consent to recording conversations. In the case of a home listing, the person most likely consenting would be the seller. However in many states, including Texas, if the seller is not participating in the conversation being recorded, they cannot record the audio, only video. And they cannot install cameras in areas where the potential buyers would expect privacy, like the bathroom.

To protect yourself, buyers, and sellers, NAR advises that listing agents ask sellers if they’re using any kind of cameras or other surveillance equipment. If so, they should tell the buyer’s agent or include a notice in the listing so everyone is aware before entering the home. If you want to take it a step further, you can require sellers to inform you of any surveillance equipment in the home as part of their contracts.

A good rule of thumb if you’re a buyer’s agent: Assume you and your clients are being recorded anytime you tour a home. Some buyer’s agents are even directing clients to keep any opinions — good or bad — to themselves until safely out of any cameras’ reach so sellers don’t get the upper hand in negotiations (just make sure it’s done legally).

As if we needed another reason to squirm, it’s been revealed that Google has just applied for patents on devices that would place sensors and cameras in every room of your home. Why? To watch and analyze your every move, of course! EWW.

Some of you out there with the tape over your laptop cameras might be going, “Duh, dummy. I told you so,” but for the others of you who have welcomed smart home devices into your humble abodes, well, we’re telling you now. You probably won’t listen because even your toddler’s addicted to making demands of the Alexa and Siri, but better late than never?

So here’s the skinny:

Using the excuse of “all the better to send you targeted ads, my dear” Google has filed a patent that would allow the company to mount sensors and cameras in our homes which would be attached to smart devices we already use.

The patent states that Google can “use smart-devices to monitor activities within a smart-device environment, report on these activities, and/or provide smart-device control based upon these activities.”

For example, if you’re wandering around your house wearing a Game of Thrones t-shirt, the sensors could capture this image and report it back to Google who would then start sending you targeted ads for the upcoming final season.

No, Google isn’t reading your mind, they’re reading your shirt because they can see you and now they know you’re amped to see who wins and more susceptible to ads.

If this doesn’t creep you out, it should because it’s just the tip of the iceberg. Google can also hear you – your conversations of an intimate nature, your crying jags, your fits of laughter. All of it. And what do they do with it? They sell your information to the highest bidder.

What’s more, the information they gather is for Google to use however they see fit and if you’re wondering “how the hell is this legal?” wonder no further, it is. There are no laws keeping them from peeping.

And just how are they planning on doing this, you ask? Well, the patent was awarded to the development team associated with Nest thermostats. So, maybe you want to rethink that smart thermostat and cool and heat your house the old-fashioned way.

Look, we’ve already given up our privacy. Facebook and Instagram track our every move, Alexa is listening to us, and way too many people in tech have tape over their laptop cameras for us to be surprised by this overture. As sure as winter, it was coming.

However, we may balk and say, “Well, this is a bridge too far!” and it is, but it’s too late. We did this to ourselves when we unwittingly invited them into our homes. Did you really think these corporations had your best interests in mind? 

Remember, if the product is free, you are the product.