On any given day, I’m bombarded with countless emails flooding my inbox. And as a busy agent on the go, I’m able to filter through my emails with a quickness like you wouldn’t believe.
However, a recent “cybersecurity” email and text created an annoyance for my brokerage that we haven’t experience before. Not only did the email look legit, it asked myself and fellow agents to click and take an action. There was also a random text message sent out to my agent saying it was from Troy from a second phone number — not mine. This was no “cybersecurity” update. It was a scam!
These kinds of deceptive texts and emails are typically known as phishing. Their prime goal is to convince you to give up your personal information so that the scammers can use it to gain access to your other accounts, like your bank accounts and credit card information. Scammers use email or text messages to trick you into giving them your personal information.
“Scammers launch thousands of phishing attacks like these every day — and they’re often successful,” according to the federal consumer protection agency the Federal Trade Commission. It notes that the FBI’s Internet Crime Complaint Center reported that people lost $30 million to phishing schemes in 2017.
The attacker typically tries to create a sense of urgency and before you know it, the victim is willingly logging into a platform or giving information and becoming vulnerable to future attacks.
These emails and texts can wreak havoc on a misinformed or distracted agent. And as broker owners, we need to do a better job at being more aware of these types of scams and learn how to avoid them. The best place to start is providing agents with trusted resources that can summarize what to look for and what to avoid.
Here are a few tips I’ve gleaned from cybersecurity experts that will help keep you safe:
1. Don’t trust, verify
If you get an email from somebody that looks like it’s coming from an internal source — such as an agent asking you to wire a transaction or to login to update software — pick up the phone, give that source a call to verify, or alert your managing broker or IT director before acting.
I understand a lot of agents run their own servers or their own networks. There are numerous cybersecurity companies out there that can provide security checks or look into breaches, such as FireEye and CrowdStrike. Consider looking into these and other solutions for an added layer of protection.
2. Slow down and listen to your instincts
If something feels amiss or questionable, slow down, and ask yourself — would this contact really ask me to do this and why is it so urgent? If you are even asking this question, refer back to tip one. Also, be sure to follow any process or protocol your brokerage has in place.
3. Use multifactor authentication where possible
Using only passwords for critical accounts is dangerous!
If an attacker is able to gain access to your password then they can control your account. This is where multifactor authentication comes in. Multi-factor authentication is where you use two or more different methods of authentication to log into your account.
Usually this is something you know, for example a password or pin, combined with something you have, like a smart card or your phone. Even if one factor is compromised, the attacker won’t gain access and you may be alerted that something happened with your account.
4. Use a password manager
It’s difficult to remember passwords. Most of us will use the same password across multiple sites and accounts.
However, if one of those accounts or sites is compromised, attackers will re-use passwords and account names to try to gain access to your e-mail, computer, and even your bank accounts.
Password managers allow you to only have to remember one, strong password and provide randomized passwords across all of your accounts.
If a password gets compromised by a breach, it’s much easier to change one as opposed to all to protect your sensitive information.
Platforms like 1Password that make it easy to keep your passwords all in one place and protected.
5. Protect your online identity
A lot of the information that we post online can be used for identity theft, impersonation or other scams.
Consider what to post and who the audience is —the best advice from cyber experts is to separate your private, sensitive information from your public persona. Using separate accounts for business versus personal interactions and considering who could be looking at your public information can keep you safe from a scam.
Lastly, I want to bring awareness to the fact that when dealing with a buyer’s earnest money deposit, you should not be conducting it through an email for wire instructions to close funds. Just as a safety precaution, have your buyer do this in person with the broker or title company.
This helps to ensure your personal financial information remains safe and in the right hands. In fact, never send any sensitive information through non-encrypted email, or email or texts at all.
Bottom line? Don’t get fooled by hackers looking to take a bite out of our bottom line.
Have you been a victim of a phishing attack? What steps have you taken to keep your brokerage and agents safe? Let’s discuss in the comments below.
Troy Palmquist is the founder and broker of The Address in Southern California. Follow him on Facebook, or connect with him on LinkedIn.