We live and work in a world increasingly defined and informed by our online presence. In the wake of acts of physical violence carried out against Realtors®, the National Association of Realtors® (NAR) has made Realtor® Safety a priority issue. However, it’s important to remember that online harassment and threats can have effects just as devastating on your life and livelihood as physical violence. It’s more vital than ever to be aware of the risks and do what you can to limit exposure to this new workplace danger.
It’s that time of year again; requests for placement on the 2018 MAR Committees are now available. Committee service is one of the primary ways our members help shape and guide the association’s agenda. We thought we’d provide a look into how that process works, along with a reminder of how you can volunteer.
The committees page has descriptions of all the MAR committees that are available for volunteer requests in 2018. Have a look at them, and when you’re ready, you may click on the text at the top to go to the Volunteer Request Form page.
It’s important that you log in to access this page. You’ll notice your current MAR email address in the last field – this is how your responses get populated to your record. If there’s no address in that field, please fill it in. If the address in the field is incorrect, contact your local board to correct it.
In the form, you’ll put rankings next to the committees you would like to volunteer for. Your rankings are based on your priority; the number “1” means that committee is your top priority, “2” is your second-highest priority, and so on. You may volunteer for as many committees as you like.
When you’re satisfied with your choices, click the “submit” button at the bottom of the page.
Once you’ve submitted your choices, they’ll be entered in our system with your name. If you change your mind, you are welcome to resubmit the rankings as many times as you like, but remember that only your most recent submission will be used to assign committees. You should receive a confirmation email within 24 hours of submitting your rankings.
When it’s time for leadership to evaluate volunteers and form 2018 committees, we’ll use your rankings to inform our choices and assign members to the most appropriate committees. Being specific with your rankings and ranking as many committees as you’re interested in will help greatly in assembling committees for 2018. You might not always get your first choice, but MAR will always try to put our volunteers in positions that will both interest and engage them, and benefit the membership as a whole.
There was a widespread outbreak of ransomware attacks, based on a vulnerability in Windows that was released a couple months ago from NSA leaks. Ransomware typically infects a PC through a malicious website (less common) or via clicking an infected link in an email or an attachment (more common.) The infection usually encrypts the user’s files, and demands a ransom in electronic currency to recover them.
Here’s how you can protect yourself:
If you have a Windows machine, such as a personal laptop or home computer, please take a moment today to do a full round of Windows Updates and update any antivirus software you might be using. This should be a regular part of your routine. Try to turn on automatic updates and don’t delay them too often when they prompt you to install or restart – they’re important for exactly this reason.
Be careful opening email attachments, particularly if they appear to be from DropBox, DocuSign, or appear to be from a Realtor®, but contain vague instructions about a contract or financial transaction—the kind of email that looks like it might be something a Realtor sent you by accident or was intended for someone else. See example below.
In this example, the “payload” of infected code is in a link the PDF attachment. The text of the email itself has no malicious links and contains real information for an actual Realtor®. We called that member and she’s dealing with hundreds of these being delivered to her contacts and people she doesn’t know—myself included—but is at least aware of the issue and taking steps to handle it.
Unmask links in your emails to inspect them before clicking them or downloading attachments. If you hover over a link, you can see where it goes without clicking it. If the URL in the preview goes to an unfamiliar website or location (Particularly if the email you’re looking at purports to be from Dropbox or DocuSign but the domain in the URL is something totally different) Example below:
Remember that most of the effective, complex vulnerabilities that can attack even systems with good security like ours tend to rely on code being executed in other programs, like Adobe Acrobat. Many of the serious infection risks occur when a new vulnerability is discovered in how computers handle external files, like PDFs. You can mitigate a lot of risk simply by not downloading attachments from emails that appear suspicious. The whole purpose of these emails being vague and somewhat confusing is to get you to click on the attachment to see if it clarifies things.
Don’t fall for it. Just delete it and move on. If it’s legitimate or important, the sender will contact you again. If you’re not expecting it, it’s probably not something you want. This is a good thing to remember with emails you send, as well – don’t send members or other staff an email that’s just an attachment and no text, or something similar. Take a moment to write at least a one-sentence description of what the purpose of your email is, even if you just talked to the person about it. At the very least, it will help if they (or you) need to search for it later.
Here are a couple links that might be helpful:
Update your Windows systems now. Right now. – Washington Post Story
Microsoft Windows Update Instructions – via Microsoft
Microsoft Ransomware Information – via Microsoft
One additional note on ramsomware: You should always back up important files, but if you are attacked by ransomware and you have no other option, it’s worth noting that paying the ransom to decrypt the files and retrieve them usually does work. These schemes wouldn’t exist if there wasn’t a real mechanism for you to recover the files, and the hackers don’t have any motivation to leave your files encrypted—they just want to get paid.
If you have no other option to retrieve your files and are considering paying a ransomware demand, please feel free to call us to discuss the matter and we can advise you. Paying the ransom does not usually expose you to any additional infection risk. Any system compromised this way should have Windows fully re-installed from scratch anyway, so in some cases paying up might be the lesser evil. We’re here to help, and if you have any questions on the subject, please don’t hesitate to ask.
Realtors® inhabit an increasingly sophisticated technological world. New tools designed to make transactions easier and more convenient also expose you to new kinds of risks.
This new reality leaves agents vulnerable to being hacked more than ever. Scammers are specifically targeting e-mail accounts of attorneys, real estate agents, bookkeepers and accountants. Why? Because you have such valuable information sitting right in your inbox. “Bad guys” can access client names, transaction data and details that they hope to use to their advantage.
A profitable tactic for scammers is to compromise your email and wait until you’re almost to the closing table. Then, they might interject a malicious email into your regular correspondence with another agent, often a “last minute change,” to wire transfer information or something similar.
We all know how stressful getting to closing can be, and there’s a real pressure to act and react quickly to get your clients into (or out of) their home. But with a few steps you can mitigate or avoid exposure to these types of risks.
- Trust, but verify. Always follow up with a phone call to confirm emails about any changes to any part of a transaction that involve payment details on either side. No exceptions.
- Choose a unique password for all accounts—one as long as possible. I know, I know. It’s a pain, and there are so many accounts. If you find that to be too much work, invest in a password manager with encrypted log-ins. (Here’s a link to a list of the top rated password managers.)
- Strengthen all your other security options. Make your password recovery questions “unguessable” and back everything up.
- Turn on two-factor authentication for online services whenever possible. This will require that you type a code that is texted to you before access is granted. Search on “two-factor authentication” with the name of the service you’d like to use and you will find simple instructions on how to do this.
- Secure communications. Business messages should only be sent on secure systems (not public Wi-Fi) with antivirus and firewalls in in place. Public computers, unsecured networks, networks you don’t control are not the place to do business. It’s tempting when you’re on the road, but be cautious. Don’t forget, you have to comply by WISP data security laws from the state of Massachusetts.
- Use forms management software like ZipForms for every step of the transaction. There’s a reason these companies spend millions on secure systems for managing transactions—they’re looking to save you from being a victim from the billions in fraud cases that happen every year.
- Keep your work and personal email addresses separate. We tend to be less cautious about casual web browsing than we are when we’re doing business.
- Update your software and apps, especially anti-virus and anti-malware software and make sure you keep up with Windows, Mac, iPhone, Android, Chrome, Firefox, Internet Explorer, Safari updates. Remember, these browsers have security features built in and it’s important to update to keep up with the latest protections.
- Look for the https://. That “s” stands for “secure.” Use it for Facebook, email, MLS, web browsing and anywhere possible. You leave less of a trail when signed in securely. (Here’s a great browser extension that can help.)
What to do if you do get hacked:
- Change all your account passwords, not just the account that was hacked.
- Notify any party or bank/company you’re currently working on a transaction with if it appears they might be at risk, and notify the FBI if it involves wire fraud or theft of funds.
- Let your local board and MAR know, so we can be aware if patterns develop.
- Notify your contacts if it looks like lots of scam emails were sent from your address. Apologize for the inconvenience, but know it happens to the best of us and swift action is the best remedy.
- If unsure, hire a professional to check your computer for malware, viruses, trojan horses, etc.
To learn more, check out this tip sheet from the FBI. In addition, feel free to contact MAR at any time with questions.
Special thanks to Sandy Carrol at the Berkshire County Board of REALTORS, Inc. for her writing and collaboration on this blog post.