What To Do When You Catch a Phishing Scam
The Arizona REALTORS® routinely receives emails from agents and brokers across the state advising the Association of fraudulent emails they have received. Many of these emails instruct the licensee to click on a link or download a file. For example, the email message may state “Your Closing Disclosure Statement is attached, click below to download.”
As many agents recognize, the email is part of an elaborate phishing scam whereby cybercriminals send out mass emails containing an attachment or hyperlink. The attachment is malware and the hyperlink is to a website masquerading as a legitimate webpage in an attempt to trick the recipient into exposing their computer to malware like ransomware or a keylogger (a “virus” that captures everything the email recipient types into their computer like passwords and credit card numbers).
While agents are savvy enough to avoid most phishing attempts, the question asked of the Association is, “How do I handle these emails and to whom should they be reported?”
First and foremost, agents who receive fraudulent emails of this nature should notify their Designated Broker so that other agents in the office can be warned if appropriate. The Designated Broker may then want to notify the Local REALTOR® Association Executive so that other brokers in the area can be made aware of the issue. In our experience, many of these scams tend to target a specific office or area so sharing the information with others can prove helpful.
The Arizona REALTORS® can also be notified as the Association maintains a Scams & Frauds webpage.
Finally, REALTORS® are encouraged to report dangerous phishing scams to the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3). This website represents a collaborative effort between the FBI and the National White-Collar Crime Center (NWC3). The IC3 assists consumers by serving as a means to receive internet-related criminal complaints and to research, develop, and refer the criminal complaints to applicable federal, state, local, or international law enforcement and/or regulatory agencies. IC3 accepts online internet crime complaints from either the victim or from a knowledgeable third party.
In an effort to assist agents with the appropriate use of technology to safeguard business transactions, the Association recommends the following:
- Passwords
- Use strong passwords by making them unique and complex
- Regularly change passwords
- Do not use the same password for all accounts
- Email Security
- Do not open any suspicious emails, click on any links, or open any attachments; delete these emails
- Clean out your email account on a regular basis
- Use encrypted emails when sending sensitive or confidential information
- Wireless Use Security
- Use encrypted wireless for work matters
- Stay away from free/unsecured Wi-Fi (i.e., coffee shops, hotels, libraries, restaurants)
- Consider using a Virtual Private Network (VPN)
- Use of Electronic Devices
- Lock your screen or log out when you walk away from your device to prevent unauthorized access
- Report stolen or lost devices
- Software
- Antivirus and firewall software should be regularly monitored and updated
- Data should be backed up on several different platforms
- Record Keeping/Disposal
- Purge and/or shred any and all documents that contain personal information such as account numbers, driver’s license number, social security number, credit card, debit card numbers, etc.
- Social Media
- Do not post transactional information on social media such as names and addresses as this information may be used by criminals.