How to Protect Yourself from Ransomware

There was a widespread outbreak of ransomware attacks, based on a vulnerability in Windows that was released a couple months ago from NSA leaks. Ransomware typically infects a PC through a malicious website (less common) or via clicking an infected link in an email or an attachment (more common.) The infection usually encrypts the user’s files, and demands a ransom in electronic currency to recover them.

Here’s how you can protect yourself:

If you have a Windows machine, such as a personal laptop or home computer, please take a moment today to do a full round of Windows Updates and update any antivirus software you might be using. This should be a regular part of your routine. Try to turn on automatic updates and don’t delay them too often when they prompt you to install or restart – they’re important for exactly this reason.

Be careful opening email attachments, particularly if they appear to be from DropBox, DocuSign, or appear to be from a Realtor®, but contain vague instructions about a contract or financial transaction—the kind of email that looks like it might be something a Realtor sent you by accident or was intended for someone else. See example below.


In this example, the “payload” of infected code is in a link the PDF attachment. The text of the email itself has no malicious links and contains real information for an actual Realtor®. We called that member and she’s dealing with hundreds of these being delivered to her contacts and people she doesn’t know—myself included—but is at least aware of the issue and taking steps to handle it.

Unmask links in your emails to inspect them before clicking them or downloading attachments. If you hover over a link, you can see where it goes without clicking it. If the URL in the preview goes to an unfamiliar website or location (Particularly if the email you’re looking at purports to be from Dropbox or DocuSign but the domain in the URL is something totally different) Example below:

Remember that most of the effective, complex vulnerabilities that can attack even systems with good security like ours tend to rely on code being executed in other programs, like Adobe Acrobat. Many of the serious infection risks occur when a new vulnerability is discovered in how computers handle external files, like PDFs. You can mitigate a lot of risk simply by not downloading attachments from emails that appear suspicious. The whole purpose of these emails being vague and somewhat confusing is to get you to click on the attachment to see if it clarifies things.

Don’t fall for it. Just delete it and move on. If it’s legitimate or important, the sender will contact you again. If you’re not expecting it, it’s probably not something you want. This is a good thing to remember with emails you send, as well – don’t send members or other staff an email that’s just an attachment and no text, or something similar. Take a moment to write at least a one-sentence description of what the purpose of your email is, even if you just talked to the person about it. At the very least, it will help if they (or you) need to search for it later.

Here are a couple links that might be helpful:

Update your Windows systems now. Right now. – Washington Post Story

Microsoft Windows Update Instructions – via Microsoft

Microsoft Ransomware Information – via Microsoft

One additional note on ramsomware: You should always back up important files, but if you are attacked by ransomware and you have no other option, it’s worth noting that paying the ransom to decrypt the files and retrieve them usually does work. These schemes wouldn’t exist if there wasn’t a real mechanism for you to recover the files, and the hackers don’t have any motivation to leave your files encrypted—they just want to get paid.

If you have no other option to retrieve your files and are considering paying a ransomware demand, please feel free to call us to discuss the matter and we can advise you. Paying the ransom does not usually expose you to any additional infection risk. Any system compromised this way should have Windows fully re-installed from scratch anyway, so in some cases paying up might be the lesser evil. We’re here to help, and if you have any questions on the subject, please don’t hesitate to ask.

Are you missing important emails?

man with laptop and email concept

One of the most important communication goals for MAR volunteer leaders and professional staff is ensuring that our communications reach you. We use a number of different platforms to send our members all the information needed to participate in MAR’s advocacy and information services. Meanwhile, we realize that spam and junk mail filtering are important. In fact, 80% of all global email volume is spam. Unfortunately, filters also can block critical information you need for business. So here are some simple steps to balance your need for critical business information versus spam filtering, and to help MAR keep critical business information flowing your way.

Whitelisting  

MAR emails typically come from either an MAR staff professional or one of our general mailboxes. MAR emails always originate from the marealtor.com domain.  So a first step is to “whitelist” our marealtor.com domain with your email provider.   Add us to your contacts list wherever possible.  There are several guides to whitelisting individual email addresses and domains for most major email providers and devices.

  1. Microsoft Outlook/Office
  2. Gmail
  3. Other providers

We’d ask that you add MAR staff professionals and the following addresses to your Contacts: info@marealtor.com, mar@marealtor.com, plus the addresses of Staff you regularly correspond with.

Email Providers 

Another important issue that we’re trying to address are the personal email providers which a relatively small percentage of our members use to do business. Personal email providers like AOL, Verizon, RoadRunner, Adelphia or newer free accounts tied to companies like Comcast and AT&T are certainly handy for personal messages. Their spam and junk-filtering systems are very aggressive, and it’s difficult to deliver email to those addresses if you’re using a large-volume commercial service like the ones MAR, the National Association, and even many of our local Associations use for important messages like legislative Calls for Action or e-newsletter industry updates. Most of our delivery failures come from a small number of members who use personal email providers for their business. Among members using their own domain or a company email address, failure rates are much lower.

There are lots of great options out there. The simplest is probably Gmail, which is free and extremely reliable. It takes only seconds to sign up for a free account, and you can easily set up forwarding from your old email addresses to the new inbox so you’ll never miss a thing.

Even better is to set up a branded email address – something customized and easy to remember. NAR offers an email package for its .realtor domains, at an additional cost of $60 per year.  You’ll need to claim set up your .realtor domain first, if you haven’t already.

GoDaddy, a popular web hosting company is currently offering a great price on its email and Office packages – you can get a professional domain, custom email, AND the full Office 365 suite with Word, Excel, Powerpoint, and more to use on up to 5 devices for $9.99 a month.

There are lots of other options out there, but the important thing is to consider the value email communications hold to your business. If you, like us, miss an important email because your spam filter got a little overenthusiastic, what could the consequences be? For us, it was a day lost reconfiguring the website. For you, it could be an important committee meeting, pictures of a loved one, or even a great offer on one of your listings. Isn’t it worth using the best possible tools at your disposal to manage your business communications, especially when they’re so affordable?

Do you love the ‘Like’ Button? If so, Proceed with Caution

Close-up of business group keeping thumbs up

Have you ever heard of “Like farming?” No? Neither did I until very recently (not that it’s new.) I thought it might be a good idea to spread the word on what this practice is and why you should be aware of it the next time you’re scrolling through your Facebook news feed.

What is “Like farming?”
Here’s a good definition from ThatsNonsense.com:

“Facebook like-farming, in its simplest sense, is the process of attempting to get likes, shares and followers using exploitation, manipulation and/or deception.”

What this really means is that any time you like, comment or share something that you don’t quite know where it comes from, you’re at risk for being farmed.

Once these posts get a lot of “likes,” the scammers behind the posts are then able to start posting spam that shows up in your news feed or links to more malicious sites that might try and steal your personal and/or financial information.

What Can You Do?
The simple answer is really read what your scrolling past and understand where it comes from before hitting “Like.” Don’t fall for the emotional photos or posts that tug at your heart strings and ask you for something such as “help me reach one million likes” or “comment on this photo and see what happens.” The list goes on.

And finally, just because you like something doesn’t mean you have to “Like” it.

For more information, here are some good articles the explain the scam in greater detail.
Everything you need to know about Facebook Like-Farming by Craig Charles, thatsnonsense.com
Don’t click ‘like’ on Facebook again until you read this by Kim Komando, Komando.com
Why You Should Be Careful About What You ‘Like’ On Facebook by Amit Chowdhry, Forbes.com

Intro to RPR: From Desktop to Smartphone [Webinar]

http://blog.narrpr.com/wp-content/uploads/2013/03/rpr-screens.png?66afce

Webinar: Thursday, Mar 12, 2015 11:00 AM – 12:00 PM EDT

REALTORS® across the country are enhancing their business by using Realtors Property Resource® . In this introductory class, you’ll learn how top agents use RPR as their all-in-one data and information source to build their business and impress clients. You’ll also learn how to use RPR Mobile on your Android or iPhone to instantly view properties, create, customize, save, and send reports with your added photos, audio, and text notes. This is one hour of free training you don’t want to miss!

After registering, you will receive a confirmation email containing information about joining the webinar.

Register here.