Published by REALTOR Magazine | April 6, 2023
Scammers often use fake emails and other phishing exploits to launch larger attacks like ransomware. Familiarize yourself with the warning signs.
In real estate, millions of dollars can change hands in a single transaction, making the industry an attractive target for phishing attacks. This is a type of cybercrime where criminals use fake emails, websites or other communication channels to trick individuals into providing sensitive personal and financial information.
Don’t fall for it.
The vast majority of cybersecurity breaches—more than 80%, according to the Verizon’s 2022 Data Breach Investigations Report—involve human error. Users may unsuspectingly click a malicious link in an email, open a tainted attachment, use weak passwords, lose portable devices with confidential data or be tricked into giving up their passwords through what’s known as “social-engineering attacks.” However, there’s plenty you can do to mitigate financial, operational and reputational risks that may be associated with phishing attacks and other cyberthreats to your real estate business.
8 Steps to Avoid Phishing Scams
Phishing attacks are usually just the tip of the spear for cybercriminals. Hackers leverage phishing exploits to obtain or elevate access to systems, install malware or launch ransomware attacks.
To help protect against these types of threats, real estate industry professionals and other individuals involved in a real estate transaction should consider adopting easy-to-implement practices to reduce the risk of falling victim to phishing scams. Some of these practices include:
- Be cautious when receiving unsolicited emails or those that ask for personal or financial information or funds. Avoid clicking on links, opening attachments or providing sensitive information unless you are certain of the sender’s identity and have verified the link address is legitimate. (Verify with known phone numbers or contact information, not ones provided in emails.)
- Use unique and strong passwords. Passphrases, such as “StrongHorseTable,” are unrelated words that can be strung together and are stronger than passwords. Also, consult these 8 steps to make your remote business hacker-proof.
- Use encryption for sensitive communications. Data encryption hides your data so others with access to your computer won’t be able to view it.
- Run antivirus software and keep your applications and systems updated with the latest security patches.
- Enable two-factor authentication to add an extra layer of security to email and other online accounts. Two-factor authentication requires an additional login credential, such as a code sent via text or email.
- Train employees and team members to recognize phishing scams. Some brokers may require agents to ask their clients to call them or the title company on the phone prior to wiring any funds to make sure messages they receive are legitimate. Conduct an internal audit of current procedures. Consider reaching out to a cybersecurity professional for assistance with assessing your risks, training your employees and mitigating vulnerabilities.
- Promptly report any suspicious activity. Every minute counts after a scam occurs. For employees, start by reporting any incidents to your employer’s IT department or help desk. For investors or real estate professionals working independently without in-house IT staff, you may want to reach out to a third-party cybersecurity services provider for professional assistance. In some cases, it may be appropriate to contact the FBI or the Federal Trade Commission, which use reported information to help bring cybercriminals and other fraudsters to justice.
- Be aware of the latest laws and regulations that apply to phishing scams. The Federal Trade Commission Act prohibits “deceptive conduct” in or affecting commerce, which includes phishing scams. In addition, many states have their own data protection laws with which real estate industry professionals must comply.