Phishing is growing in popularity among scammers wanting to earn a quick buck at the expense of unsuspecting real estate brokers and agents. Some schemes are so sophisticated that even the most discerning of professionals can inadvertently get scammed.
As a busy real estate professional, you need to keep informed about the latest phishing scams, because you’re a key target. Criminals rely on the fact that you’re juggling dozens of emails each day — and also likely managing multiple sales at once.
Your email address and contact details are very easy to obtain, because you likely have them everywhere — on your website, signs, and marketing materials for every single listing you have.
More than 3.4 billion phishing emails are sent out each day. In what has been described as a “spray and pray” approach, phishing relies on the receiver taking some action to expose sensitive or confidential information. Here’s the latest on what to watch out for and tips on how you can protect yourself and your real estate business.
Phishing Scams Every Real Estate Agent Should Watch Out For
1. Instructions to sell a property without the owner’s permission
Phishing scammers often email real estate professionals to list properties the scammer is not authorized to sell. These emails typically include links or attachments, which are designed to hack your system for confidential or sensitive information. Consider every email you receive carefully before opening attachments or clicking on links to avoid being a victim of a phishing scam. Make a phone call to confirm the seller’s identity before clicking.
2. Instructions to reset pin numbers by email or test message
Phishing emails designed to look like bank correspondence are on the rise. In the past, it was relatively easy to spot these phishing emails, because often they had incorrect spelling or unprofessional language. But phishing criminals have become more sophisticated in their approach. Some of these emails have perfect English, use professional language, and even include the bank’s logo or signature block.
The best way to identify a scam email, supposedly from a bank, is to double-check the email address it’s coming from. When you click on the email address listed at the top of the message, you may find that the actual email address is a suspicious one.
Also keep in mind, banks will never ask for sensitive information such as bank account details or pin numbers via email, text message, or phone. They will also never ask you to reset your pin number via an email or text message. If you receive an email or text that seems legitimate, but you’re just not sure, contact your bank directly to check. Find the phone number from a source other than the email.
3. Unexpected contact from a “client” asking to change the lockbox code on their property
Lockboxes are becoming more common because they make it easier for real estate agents to show prospects through the home. So, what happens if you receive a text or email asking to change the lockbox codes on a property?
Unfortunately, hackers can now send very convincing emails from actual email addresses in your contact list. It may appear to be from your client’s email, but don’t risk it. Make the extra effort to phone your client to verify. Similarly, you might receive the instructions in a text message. If it doesn’t seem right, and the phone number isn’t one your client has used before, call your client (using a number he or she provided to you separately) to check with them directly before making any changes.
4. Fraudulent invoices
Fraudulent invoices have been a favorite with scammers for decades now, but their methods are becoming more convincing these days. In a busy real estate office, your team may accidentally approve and forwardinvoices to your accounts team without realizing they aren’t legitimate.
Scammers are increasingly targeting businesses with generic invoices for expenses that most businesses have. For example, office supplies, stationery, domain renewals and web hosting. So it’s important that you have sufficient procedures in place and your team is adequately trained to spot these fraudulent invoices.
Protect Yourself and Your Real Estate Business
Phishing scams can compromise your business in two main ways:
- They can compromise your confidential data and that of your clients, making you vulnerable to a lawsuit
- They can be costly — both financially and for your reputation as a real estate professional
To protect yourself, protect your systems and servers with security software, and be sure it’s updated regularly. Every computer should have the latest version of anti-virus software as well. To protect your accounts,consider using multi-factor authentication. Also ensure you have a backup of all of your important data.
If you do get a phishing email or text, report it, so theinformation can be used to protect others against phishing scams. You can send details of the phishing attack to the Federal Trade Commission at ftc.gov/complaint.
To protect yourself and your team against lawsuits, ensure you have Errors and Omissions insurance especially for real estate offices. CRES Real Estate E&O includes Team Coverage and Legal Services 7 days a week. Our customized policies are specific to real estate risks, and the extensive coverage goes far beyond most other generic E&O policies.
Contact CRES at 800-880-2747 for a confidential discussion today, and let our team tailor an insurance solution to suit your needs.