We’ve received multiple reports showing that every day criminals are “phishing” for REALTOR® logins and passwords. How does that work and how can you prevent negative impact on yourself, your clients, and your business?
It starts with a seemingly legitimate email from REALTOR.ca, using the “Email REALTOR®” or “Email Office” functionality. While CREA has put in place measures to prevent misuse of this functionality, and additional measures are constantly being implemented, no measures are foolproof.
Figure 1: Initial Email from REALTOR.ca
As a keen professional, you reply not realizing it is not a legitimate email. From here, you might receive an acknowledgement of your response where the criminal, who is pretending to be a consumer, asks you to click on a link of a listing he/she is interested in or to log in to view.
Be aware that you may also receive an attachment in an email or a document (and yes, it could be a PDF or a Word document) containing malicious code like a virus, a Trojan, a key logger etc. to infect your computer.
Figure 2: Response Email
So, what can you do to protect yourself and your personal information?
- Be suspicious of any email that requires “immediate action” or creates a sense of urgency. This is a common technique used by criminals to rush people into making a mistake.
- Be suspicious of grammar or spelling mistakes; most businesses proofread their messages carefully before sending them.
- Do not click on links. Instead, copy the URL from the email and paste it into your browser. Even better, simply type the destination name (URL) into your browser.
- Move your mouse over the link. This will show you the true destination (URL) if you actually clicked on it. If the true destination of the link is different than what is shown in the email, this may be an indication of fraud.
- Be suspicious of attachments and only open those you are expecting.
- Just because you got an email from your friend, it does not mean they sent it. Your friend’s computer may have been infected or their account may have been compromised, and malware is sending the email to all of their contacts. If you get a suspicious email from a trusted friend or colleague, call them to confirm they sent it. Always use a telephone number that you already know or can independently verify, not one that was included in the message.
- Use strong passwords and change them regularly. This is painful but effective protection.
- Exercise greater caution when dealing with anonymous emails, emails asking for money, or emails offering deals that seem too good to be true.
This is the fifth in a series of short articles here on CREA Café intended to help make the subject of information security more accessible – and understandable. We hope you’ll help raise information security awareness by sharing the articles within your office and through your own online community, as well. For more information on information security best practices for REALTORS®, Brokers, and Boards and Associations, please visit REALTOR Link®.
The article above is for information purposes and is not legal advice or a substitute for legal counsel.