Realtors® inhabit an increasingly sophisticated technological world. New tools designed to make transactions easier and more convenient also expose you to new kinds of risks.
This new reality leaves agents vulnerable to being hacked more than ever. Scammers are specifically targeting e-mail accounts of attorneys, real estate agents, bookkeepers and accountants. Why? Because you have such valuable information sitting right in your inbox. “Bad guys” can access client names, transaction data and details that they hope to use to their advantage.
A profitable tactic for scammers is to compromise your email and wait until you’re almost to the closing table. Then, they might interject a malicious email into your regular correspondence with another agent, often a “last minute change,” to wire transfer information or something similar.
We all know how stressful getting to closing can be, and there’s a real pressure to act and react quickly to get your clients into (or out of) their home. But with a few steps you can mitigate or avoid exposure to these types of risks.
- Trust, but verify. Always follow up with a phone call to confirm emails about any changes to any part of a transaction that involve payment details on either side. No exceptions.
- Choose a unique password for all accounts—one as long as possible. I know, I know. It’s a pain, and there are so many accounts. If you find that to be too much work, invest in a password manager with encrypted log-ins. (Here’s a link to a list of the top rated password managers.)
- Strengthen all your other security options. Make your password recovery questions “unguessable” and back everything up.
- Turn on two-factor authentication for online services whenever possible. This will require that you type a code that is texted to you before access is granted. Search on “two-factor authentication” with the name of the service you’d like to use and you will find simple instructions on how to do this.
- Secure communications. Business messages should only be sent on secure systems (not public Wi-Fi) with antivirus and firewalls in in place. Public computers, unsecured networks, networks you don’t control are not the place to do business. It’s tempting when you’re on the road, but be cautious. Don’t forget, you have to comply by WISP data security laws from the state of Massachusetts.
- Use forms management software like ZipForms for every step of the transaction. There’s a reason these companies spend millions on secure systems for managing transactions—they’re looking to save you from being a victim from the billions in fraud cases that happen every year.
- Keep your work and personal email addresses separate. We tend to be less cautious about casual web browsing than we are when we’re doing business.
- Update your software and apps, especially anti-virus and anti-malware software and make sure you keep up with Windows, Mac, iPhone, Android, Chrome, Firefox, Internet Explorer, Safari updates. Remember, these browsers have security features built in and it’s important to update to keep up with the latest protections.
- Look for the https://. That “s” stands for “secure.” Use it for Facebook, email, MLS, web browsing and anywhere possible. You leave less of a trail when signed in securely. (Here’s a great browser extension that can help.)
What to do if you do get hacked:
- Change all your account passwords, not just the account that was hacked.
- Notify any party or bank/company you’re currently working on a transaction with if it appears they might be at risk, and notify the FBI if it involves wire fraud or theft of funds.
- Let your local board and MAR know, so we can be aware if patterns develop.
- Notify your contacts if it looks like lots of scam emails were sent from your address. Apologize for the inconvenience, but know it happens to the best of us and swift action is the best remedy.
- If unsure, hire a professional to check your computer for malware, viruses, trojan horses, etc.
To learn more, check out this tip sheet from the FBI. In addition, feel free to contact MAR at any time with questions.
Special thanks to Sandy Carrol at the Berkshire County Board of REALTORS, Inc. for her writing and collaboration on this blog post.