How Agents Can Protect Themselves from Email Scams

Members of the San Francisco Association of REALTORS® (SFAR) were the targets of a phishing attack last week. Agents received an email that, at first glance, appeared to be from the association and prompted recipients to download a malicious file disguised as an invoice.

The message was the latest in a string of phishing attempts aimed at real estate professionals. In fact, just last year, NAR issued a warning against an email scam that attempted to get buyers to wire money to a fraudulent bank account. The Federal Trade Commission and the Better Business Bureau have issued similar warnings recently, as well, and the message is clear: agents need to be alert and on guard.

How to Spot a Fake Email

Even if you're technologically savvy, that doesn't mean you're immune to falling for a phishing attack or email scam. The SFAR email, for example, was a convincing fake, going so far as to "spoof" or make the email appear like it came from the association's servers, thus making it more likely that trusting Realtors would download the malicious file.

So if email scams today are growing increasingly sophisticated, how can agents discern which are real and which are fake? Well, while the SFAR email looked like a convincing fake, there were a couple of "tells" that gave the spammers away. Let's break down what the SFAR phishers did wrong so we can better learn how to spot fake messages in the future.

The image above came from a recent SFAR blog post that warned members against the email scam. As you can see, the email had a lot of subtle flaws, like:

1. Improper use of the term "REALTOR®." We all know that NAR's a little fussy about how the word REALTOR can be used. But that very fussiness is what gives the email above away. After all, few laypeople (including spammers, apparently) know that REALTOR® is not a generic term, but a trademark of NAR and that there are specific rules one should follow when using it.

In both the subject and the signature, 'Realtors' is neither capitalized nor followed by the registration trademark symbol--a detail that an association of REALTORS® would surely get right!

2. Doesn't address the recipient by name. If your association or brokerage regularly sends out mass emails that address you by name, but you receive one that doesn't--be suspicious! A break in pattern is a classic "tell."

3. The links fail the "hover test." The best and easiest way to find out if a link is suspicious is to hover over it (but don't click!) with your mouse to see if the address points to the actual domain of the purported sender or to something suspicious. In the case of the SFAR email, a link to a PDF actually pointed to a .zip file (which are commonly used to transmit viruses) on an unfamiliar site.

Other classic red flags include broken English or poor grammar, and sending unusual files (if your association doesn't send invoices by email, but the email you receive does--like in the image above--be on alert!).

While it's impossible to avoid scam or phishing emails, a little vigilance and common sense is a great way to keep yourself--and your clients--safe.