How to Protect Yourself from Ransomware

There was a widespread outbreak of ransomware attacks, based on a vulnerability in Windows that was released a couple months ago from NSA leaks. Ransomware typically infects a PC through a malicious website (less common) or via clicking an infected link in an email or an attachment (more common.) The infection usually encrypts the user’s files, and demands a ransom in electronic currency to recover them.

Here’s how you can protect yourself:

If you have a Windows machine, such as a personal laptop or home computer, please take a moment today to do a full round of Windows Updates and update any antivirus software you might be using. This should be a regular part of your routine. Try to turn on automatic updates and don’t delay them too often when they prompt you to install or restart – they’re important for exactly this reason.

Be careful opening email attachments, particularly if they appear to be from DropBox, DocuSign, or appear to be from a Realtor®, but contain vague instructions about a contract or financial transaction—the kind of email that looks like it might be something a Realtor sent you by accident or was intended for someone else. See example below.


In this example, the “payload” of infected code is in a link the PDF attachment. The text of the email itself has no malicious links and contains real information for an actual Realtor®. We called that member and she’s dealing with hundreds of these being delivered to her contacts and people she doesn’t know—myself included—but is at least aware of the issue and taking steps to handle it.

Unmask links in your emails to inspect them before clicking them or downloading attachments. If you hover over a link, you can see where it goes without clicking it. If the URL in the preview goes to an unfamiliar website or location (Particularly if the email you’re looking at purports to be from Dropbox or DocuSign but the domain in the URL is something totally different) Example below:

Remember that most of the effective, complex vulnerabilities that can attack even systems with good security like ours tend to rely on code being executed in other programs, like Adobe Acrobat. Many of the serious infection risks occur when a new vulnerability is discovered in how computers handle external files, like PDFs. You can mitigate a lot of risk simply by not downloading attachments from emails that appear suspicious. The whole purpose of these emails being vague and somewhat confusing is to get you to click on the attachment to see if it clarifies things.

Don’t fall for it. Just delete it and move on. If it’s legitimate or important, the sender will contact you again. If you’re not expecting it, it’s probably not something you want. This is a good thing to remember with emails you send, as well – don’t send members or other staff an email that’s just an attachment and no text, or something similar. Take a moment to write at least a one-sentence description of what the purpose of your email is, even if you just talked to the person about it. At the very least, it will help if they (or you) need to search for it later.

Here are a couple links that might be helpful:

Update your Windows systems now. Right now. – Washington Post Story

Microsoft Windows Update Instructions – via Microsoft

Microsoft Ransomware Information – via Microsoft

One additional note on ramsomware: You should always back up important files, but if you are attacked by ransomware and you have no other option, it’s worth noting that paying the ransom to decrypt the files and retrieve them usually does work. These schemes wouldn’t exist if there wasn’t a real mechanism for you to recover the files, and the hackers don’t have any motivation to leave your files encrypted—they just want to get paid.

If you have no other option to retrieve your files and are considering paying a ransomware demand, please feel free to call us to discuss the matter and we can advise you. Paying the ransom does not usually expose you to any additional infection risk. Any system compromised this way should have Windows fully re-installed from scratch anyway, so in some cases paying up might be the lesser evil. We’re here to help, and if you have any questions on the subject, please don’t hesitate to ask.

Are you missing important emails?

man with laptop and email concept

One of the most important communication goals for MAR volunteer leaders and professional staff is ensuring that our communications reach you. We use a number of different platforms to send our members all the information needed to participate in MAR’s advocacy and information services. Meanwhile, we realize that spam and junk mail filtering are important. In fact, 80% of all global email volume is spam. Unfortunately, filters also can block critical information you need for business. So here are some simple steps to balance your need for critical business information versus spam filtering, and to help MAR keep critical business information flowing your way.

Whitelisting  

MAR emails typically come from either an MAR staff professional or one of our general mailboxes. MAR emails always originate from the marealtor.com domain.  So a first step is to “whitelist” our marealtor.com domain with your email provider.   Add us to your contacts list wherever possible.  There are several guides to whitelisting individual email addresses and domains for most major email providers and devices.

  1. Microsoft Outlook/Office
  2. Gmail
  3. Other providers

We’d ask that you add MAR staff professionals and the following addresses to your Contacts: info@marealtor.com, mar@marealtor.com, plus the addresses of Staff you regularly correspond with.

Email Providers 

Another important issue that we’re trying to address are the personal email providers which a relatively small percentage of our members use to do business. Personal email providers like AOL, Verizon, RoadRunner, Adelphia or newer free accounts tied to companies like Comcast and AT&T are certainly handy for personal messages. Their spam and junk-filtering systems are very aggressive, and it’s difficult to deliver email to those addresses if you’re using a large-volume commercial service like the ones MAR, the National Association, and even many of our local Associations use for important messages like legislative Calls for Action or e-newsletter industry updates. Most of our delivery failures come from a small number of members who use personal email providers for their business. Among members using their own domain or a company email address, failure rates are much lower.

There are lots of great options out there. The simplest is probably Gmail, which is free and extremely reliable. It takes only seconds to sign up for a free account, and you can easily set up forwarding from your old email addresses to the new inbox so you’ll never miss a thing.

Even better is to set up a branded email address – something customized and easy to remember. NAR offers an email package for its .realtor domains, at an additional cost of $60 per year.  You’ll need to claim set up your .realtor domain first, if you haven’t already.

GoDaddy, a popular web hosting company is currently offering a great price on its email and Office packages – you can get a professional domain, custom email, AND the full Office 365 suite with Word, Excel, Powerpoint, and more to use on up to 5 devices for $9.99 a month.

There are lots of other options out there, but the important thing is to consider the value email communications hold to your business. If you, like us, miss an important email because your spam filter got a little overenthusiastic, what could the consequences be? For us, it was a day lost reconfiguring the website. For you, it could be an important committee meeting, pictures of a loved one, or even a great offer on one of your listings. Isn’t it worth using the best possible tools at your disposal to manage your business communications, especially when they’re so affordable?

Do you love the ‘Like’ Button? If so, Proceed with Caution

Close-up of business group keeping thumbs up

Have you ever heard of “Like farming?” No? Neither did I until very recently (not that it’s new.) I thought it might be a good idea to spread the word on what this practice is and why you should be aware of it the next time you’re scrolling through your Facebook news feed.

What is “Like farming?”
Here’s a good definition from ThatsNonsense.com:

“Facebook like-farming, in its simplest sense, is the process of attempting to get likes, shares and followers using exploitation, manipulation and/or deception.”

What this really means is that any time you like, comment or share something that you don’t quite know where it comes from, you’re at risk for being farmed.

Once these posts get a lot of “likes,” the scammers behind the posts are then able to start posting spam that shows up in your news feed or links to more malicious sites that might try and steal your personal and/or financial information.

What Can You Do?
The simple answer is really read what your scrolling past and understand where it comes from before hitting “Like.” Don’t fall for the emotional photos or posts that tug at your heart strings and ask you for something such as “help me reach one million likes” or “comment on this photo and see what happens.” The list goes on.

And finally, just because you like something doesn’t mean you have to “Like” it.

For more information, here are some good articles the explain the scam in greater detail.
Everything you need to know about Facebook Like-Farming by Craig Charles, thatsnonsense.com
Don’t click ‘like’ on Facebook again until you read this by Kim Komando, Komando.com
Why You Should Be Careful About What You ‘Like’ On Facebook by Amit Chowdhry, Forbes.com

Protect Yourself From Cyber Crime

Realtors® inhabit an increasingly sophisticated technological world. New tools designed to make transactions easier and more convenient also expose you to new kinds of risks.

This new reality leaves agents vulnerable to being hacked more than ever. Scammers are specifically targeting e-mail accounts of attorneys, real estate agents, bookkeepers and accountants. Why? Because you have such  valuable information sitting right in your inbox.  “Bad guys” can access client names, transaction data and details that they hope to use to their advantage.

A profitable tactic for scammers is to compromise your email and wait until you’re almost to the closing table. Then, they might interject a malicious email into your regular correspondence with another agent, often a “last minute change,” to wire transfer information or something similar.

We all know how stressful getting to closing can be, and there’s a real pressure to act and react quickly to get your clients into (or out of) their home. But with a few steps you can mitigate or avoid exposure to these types of risks.

  • Trust, but verify. Always follow up with a phone call to confirm emails about any changes to any part of a transaction that involve payment details on either side. No exceptions.
  • Choose a unique password for all accounts—one as long as possible. I know, I know. It’s a pain, and there are so many accounts. If you find that to be too much work, invest in a password manager with encrypted log-ins. (Here’s a link to a list of the top rated password managers.)
  • Strengthen all your other security options. Make your password recovery questions “unguessable” and back everything up.
  • Turn on two-factor authentication for online services whenever possible. This will require that you type a code that is texted to you before access is granted. Search on “two-factor authentication” with the name of the service you’d like to use and you will find simple instructions on how to do this.
  • Secure communications. Business messages should only be sent on secure systems (not public Wi-Fi) with antivirus and firewalls in in place. Public computers, unsecured networks, networks you don’t control are not the place to do business. It’s tempting when you’re on the road, but be cautious. Don’t forget, you have to comply by WISP data security laws from the state of Massachusetts.
  • Use forms management software like ZipForms for every step of the transaction. There’s a reason these companies spend millions on secure systems for managing transactions—they’re looking to save you from being a victim from the billions in fraud cases that happen every year.
  • Keep your work and personal email addresses separate. We tend to be less cautious about casual web browsing than we are when we’re doing business.
  • Update your software and apps, especially anti-virus and anti-malware software and make sure you keep up with Windows, Mac, iPhone, Android, Chrome, Firefox, Internet Explorer, Safari updates. Remember, these browsers have security features built in and it’s important to update to keep up with the latest protections.
  • Look for the https://. That “s” stands for “secure.” Use it for Facebook, email, MLS, web browsing and anywhere possible. You leave less of a trail when signed in securely. (Here’s a great browser extension that can help.)

What to do if you do get hacked:

  • Change all your account passwords, not just the account that was hacked.
  • Notify any party or bank/company you’re currently working on a transaction with if it appears they might be at risk, and notify the FBI if it involves wire fraud or theft of funds.
  • Let your local board and MAR know, so we can be aware if patterns develop.
  • Notify your contacts if it looks like lots of scam emails were sent from your address. Apologize for the inconvenience, but know it happens to the best of us and swift action is the best remedy.
  • If unsure, hire a professional to check your computer for malware, viruses, trojan horses, etc.

To learn more, check out this tip sheet from the FBI. In addition, feel free to contact MAR at any time with questions.

Special thanks to Sandy Carrol at the Berkshire County Board of REALTORS, Inc. for her writing and collaboration on this blog post.

REALTOR® Day on Beacon Hill Briefing: Land Use & Zoning Issues | The Wednesday Word

12802814_10154557034337506_7894024781621756710_nCALL FOR ACTION REMINDER – You should have received a Call for Action from MAR President Annie Blatz urging your State Senators to oppose S.2311. If you have yet to respond to this CFA, please do so immediately!

The 21st Annual REALTOR Day on Beacon Hill is just TWO weeks away! To help you prepare to attend REALTOR® Day on Beacon Hill at the Massachusetts State House on Tuesday, June 21, we continue with Wednesday Word blog posts that discuss the 2015-2016 Legislative Issues. This post gets into the details of the zoning bill that MAR opposes.

ISSUE: Massachusetts is currently dealing with a severe housing crisis due in large part to a low rate of housing production which has not kept pace with population growth and needs. Highlighted below are three examples of how S.2311 would negatively impact housing production in Massachusetts
S.2311 An Act promoting housing and sustainable development
Sponsor:
Senator Wolf (D-Harwich)
Legislative Actions to Date:
Currently before the Senate. Debate scheduled for June 9, 2016.

Development Impact Fees
Issue
: This section would add a new Section 9E to the Zoning Act, which would establish statutory authority for municipalities to impose development impact fees for water, wastewater, stormwater management, solid waste, roads, and parks and recreation.

Why Realtors® Oppose Development Impact Fees: Development impact fees involve complex legal, planning, and economic principles that are not adequately addressed this legislation. Development impact fees increase the cost of new development, especially for residential projects, which will reduce the number of projects that are economically feasible. To the extent that the increased development costs are passed on to consumers in the form of higher prices, impact fees also make housing less affordable. In states that have authorized impact fees by statute, impact fees are the exclusive means for local governments to address capital facilities and services needs to serve growth in communities. By contrast, the proposed legislation would not prevent a municipality from imposing both development impact fees and other burdensome and costly mitigation requirements as a condition of development approval.

Inclusionary Zoning

Issue: Inclusionary zoning would authorize municipalities to impose mandatory inclusionary zoning requirements upon development projects, provided that “municipal affordable housing concessions” (e.g., density, floor area ratio, or building height bonuses) are provided for affected projects.

Why Realtors® Oppose Inclusionary Zoning: By expressly authorizing municipalities to impose mandatory inclusionary requirements, the legislation would unfairly burden developers with the substantial costs of fulfilling society’s obligation to ensure the availability of affordable housing. It would significantly impact the cost of development in these municipalities, and would necessarily increase the cost of market rate housing to the detriment of first-time homebuyers and others looking to move into or remain in the community, who do not qualify for subsidized housing. The burden to provide affordable housing options should either be shared more broadly, or provided on a voluntary basis in response to meaningful incentives consistent with a plan for the creation of such housing.

Minor Subdivisions

Issue: This would establish a “minor subdivision” process that would replace the approval not required (“ANR”) process in cities and towns that choose to adopt a minor subdivision ordinance or bylaw.

Why Realtors® Oppose a Minor Subdivision Process: This opt-in approach would result in a patchwork of subdivision controls across the Commonwealth in which some communities have an ANR process and others have a minor subdivision process. Eliminating the use of ANRs would be significant because land divisions that formerly would have qualified for ANR would now be subject to review in a minor subdivision process, or full subdivision review. This type of review would involve additional time, less certainty, and more burdensome conditions than the current ANR process. While the concept of a minor subdivision on an existing street may be a good one in the abstract, it should not come at the expense of the sole means of expeditious land division under ANR endorsement.

Please be sure to visit the MAR Government Affairs page and Day on the Hill Facebook event for additional information.

2016 MAR President Annie Blatz invites you to REALTOR® Day on Beacon Hill, where REALTORS® will have a chance to network and learn about the key legislative issues that will affect the real estate industry and private property in 2016. Attend the REALTOR® Day on the Hill and make an impact on the legislative process.

REALTOR® Day on Beacon Hill is scheduled for:
Tuesday, June 21st, 2016
10:00 to 11:00AM
Massachusetts State House, Great Hall

(Please note: This blog post was prepared by MAR Legal Staff: Michael McDonagh, General Counsel; Ashley Stolba, Associate Counsel; Justin Davidson, Legislative & Regulatory Counsel; and Christine Howe, Public Policy and Finance Coordinator)

REALTOR® Day on Beacon Hill Briefing: Tax Issues | The Wednesday Word

12802814_10154557034337506_7894024781621756710_nThe 21st Annual REALTOR Day on Beacon Hill is just four weeks away. To help you prepare to attend REALTOR® Day on Beacon Hill at the Massachusetts State House on Tuesday, June 21, the Wednesday Word blog posts will discuss the 2015-2016 Legislative Issues.

This is the first post in the series and reviews our positions on the following tax issues: local imposition of room occupancy taxes; opposition to real estate transfer taxes; and support of Mortgage Forgiveness Debt Relief and Debt Cancellation.

Oppose Local Imposition of Room Occupancy Tax

H.2618/H.2621/ H.2700 (Brewster)/H.3299 (Provincetown) 

Status: Reported favorably by the Joint Committee on Revenue as H2645. Now before House Ways & Means

Why MAR Opposes H.2645: REALTORS® oppose bills imposing a room occupancy tax on short term vacation rentals. These proposals promote the creation of a new tax on all homeowners who choose to rent their homes for a short term, typically under 90 days.  In addition to established businesses like hotels, motels and bed and breakfast establishments, these proposals would allow a city or town  to levy a room occupancy tax on any apartment, single or multiple family housing, cottage, condominium or timeshare unit. Private homeowners would then be responsible for the collection, handling, and remittance of these taxes to the Department of Revenue.

Oppose Real Estate Transfer Taxes

H.3300 An Act authorizing the town of Provincetown to impose a 0.5% real estate transfer fee

Status: Referred to the Joint Committee on Revenue and accompanied study order.

Why MAR Opposes H.3300: REALTORS® strongly oppose real estate transfer taxes, which would authorize the creation of a new transfer tax on the sale of property in a municipality. The imposition of this type of new sales tax on homes could have serious implications for the Massachusetts economy and set the wrong precedent for the Commonwealth’s tax policies. If allowed, Massachusetts communities facing budgetary deficiencies may seek transfer tax authority to solve local revenue problems. However, creating an “entrance or exit fee” to homeownership is the wrong way to solve this problem. Transfer taxes would increase the bottom-line price of many homes by thousands of dollars. These bills single out home buyers and sellers and subjecting them to this new tax only further exemplifies the inequitable nature of this taxing scheme.

Support Mortgage Forgiveness Debt Relief And Debt Cancellation

H.3770 An Act relative to discharge of indebtedness of principal residence from gross income

Sponsor: Senator Mark Montigny

Status: Reported favorably by the Joint Committee on Revenue to House Ways & Means (Previously S.1521)

Why MAR Supports H.3770: The general tax rule that applies to debt forgiven is that the amount forgiven, sometimes referred to as phantom income, is treated as taxable income to the borrower. This bill would allow homeowners to complete loan modifications, short sales and foreclosures for which they have debt forgiven without making them liable to pay state taxes on the that debt. This bill would mirror the federal law, the Mortgage Debt Relief Act of 2007, to allow taxpayers to apply for this exclusion on their state tax return as well.

Please be sure to visit the MAR Government Affairs page and Day on the Hill Facebook event for additional information.

2016 MAR President Annie Blatz invites you to REALTOR® Day on Beacon Hill, where REALTORS® will have a chance to network and learn about the key legislative issues that will affect the real estate industry and private property in 2016. Attend the REALTOR® Day on the Hill and make an impact on the legislative process.

REALTOR® Day on Beacon Hill is scheduled for:
Tuesday, June 21st, 2016
10:00 to 11:00AM
Massachusetts State House, Great Hall

We look forward to seeing you there!

(Please note: This blog post was prepared by MAR Legal Staff: Michael McDonagh, General Counsel; Ashley Stolba, Associate Counsel; Justin Davidson, Legislative & Regulatory Counsel; and Christine Howe, Public Policy and Finance Coordinator)