Tag Archives: email safety


Word to the Wise: Has your email been compromised?

Smartphone

Recently, the real estate industry has seen a surge in email scams, cyber crime and hackers targeting real estate transactions in an attempt to defraud real estate brokers, lenders, title agencies and more. With each transaction containing sensitive, or nonpublic private information (NPPI), hackers are using technology and techniques to hack into emails and redirect the communication and funds elsewhere.

According to Chris Gianni of Premier Data Services, a network partner with The Florida Agency Network, there are some simple steps you can take to ensure you and your clients don’t become victims.

One of the easiest ways to avoid a hacker from taking funds is to simply pay attention. Checking and verifying email sources can take a few minutes, but it could save you and your client from getting into a messy situation.

Gianni says hackers will inject a new reply email address with a domain so similar to the original email, you might not even notice. For example, one of our embodying title agencies encountered a hacker who attempted to duplicate the original email domain, “____@XYZTITLE.com”, by using “____@XYZZTITLE.com”, with the signature line copied from the actual settlement agent’s information.  That hacker then attempted to send alternate wiring instructions to the buyer in order to redirect the funds to a fraudulent bank account. However, thanks to some quick thinking and a few minutes verifying the email source and information, the hacker was unsuccessful.

Also, Gianni advises keeping your work email separate from your personal email.

“If you’re working in a personal email, let’s say, one that you use to sign up for newsletters, online accounts or to download content, a hacker could easily get in and find out you’re a real estate agent. From there, he or she will most likely begin monitoring your emails, plan out a way to get a hold of sensitive information and get whatever they want. “

Securing your passwords in another security option Gianni suggest. Using at least 8 letters, including symbols, alternating between upper-case and lower-case letters, and changing passwords regularly is an effective way to secure you and your client’s privacy.

The most effective way to avoid being a victim of a cyber crime is to use a secure network or do business with companies that do the same. Embodying agencies within the Florida Agency Network stay up-to-date on compliance codes and policies. Through FAN’s network partner, Premier Data Services, each agency is SOC 1 & SOC 2 compliant and verified by third-party organization, 360Advanced. FAN and its agencies gladly take on the responsibility of not only insuring the title of your home but also safeguarding your NPPI. FAN and its agencies gladly take on the responsibility of not only insuring your home but also safeguarding your NPPI.

 

Have questions? Get answers, and get social with us. FAN keeps you up to date and “in-the-know” with valuable resources and information.

How To Keep Your Email Safe And Secure

Your email is your business’s lifeblood these days. Most clients like the convenience of reading their updates on their home, on their title commitment, and everything else through the convenience of email. And, while they may or may not be following safe procedures, it should be one of your primary concerns.

After all, your clients private information is in those emails. Financial records, account numbers, names, and other forms of sensitive data that shouldn’t be released to the public. What if someone guesses your password or otherwise gets access?

There are some very good tips you can follow to keep your email safe. Most of these solutions are simpler than some recipes you’ve been dying to try or some driving maneuvers you perform daily. If you add these layers of security, you can be confident in your email’s safety.

Password Security

The first line of defense against people who’d like your information is to create strong, unique, and unguessable passwords to your accounts. Many people tend to use passwords like “pa$$word1! “ when that’s one of the most easily guessed passwords. Below is a list pulled from CBS News of the 10 most common passwords last year:

 

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. adobe123

 

If you see any of your passwords on here, you should be changing them right now. Those are the most common and they are also the most easily guessed.

Best practice for passwords is to use a random string of letters (upper and lower case), numbers, and symbols of significant length (8 or more characters). It should look more like “1dfGHt#2” than “password.”

If you’re worried about remembering passwords, use a password manager app or sync tool like iCloud Keychain or 1Password. That way, you can generate extremely secure passwords that your phone and/or computer will put in automatically for you while still maintaining the security that you need.

Phishing Attempts

But, a good password isn’t worth anything if you give it away willingly. We’ve all been warned about phishing and spam, and never to click links in emails where you (a) weren’t expecting an email or (b) don’t know the sender. Those maxims are still true but there’s even more to be worried about now.

Phishing is, specifically, the act of imitating a legitimate company’s login screen to get your password. They’re getting good at replicating the official website, too. Here are some common traits of phishing emails, pulled from Microsoft:

  • Threats
    • An email might claim your account will be shut down or important documents will be lost if you don’t take action through their links. This is usually false. If it isn’t, you’ll be notified when you log in to the real service through a link you’re familiar with.
  • Grammar errors
    • Most spam artists are not well known for having good grammar and punctuation. If the email reads choppy or wrong, it’s most likely a fake.
  • Email is “from” a big company
    • Phishers generally don’t want information for smaller, niche websites, so be especially suspicious of emails from the big guys: Google, Facebook, Twitter, and so on.

Follow this rule of thumb if you don’t want to get caught by a phishing scam: if you receive an email from anyone asking you to login, give them your password, or otherwise give up information, do not use their links or give them that information. Instead, if you’re concerned, go to the website they’re claiming to be from yourself by hand-typing the URL into your browser. That way, you can be sure you’re at the right place.

A problem that faces real estate and title professionals in particular are schemes to get you to transfer funds to a dummy account. The emails in question will look almost exactly like real requests for transfers and if you’re not careful, you might end up sending large amounts of money to fake accounts. When in doubt, verify the transaction request with the sender if you know them, or take steps to find out if they’re legit. Use the tips above to recognize and avoid emails intended to steal passwords or cash and delete the offending messages as soon as you can.

Security Questions

Recovery options are also difficult because if you’re vigilant about setting a good password and avoiding/ignoring phishing but make your security questions easy to answer or easily researched, you’ve done a lot of hard work for nothing. When you set up your security questions, make sure they’re:

  • Obscure
  • Not public information
  • Instantly memorable

If you’ve ever revealed your security question’s answer anywhere, ever, don’t use it. Instead, if you’re given the option, make up your own question about something you don’t tell others, or use the question that you’ve never told anyone. Be aware, too, that some image memes that are commonly shared on Facebook are looking for information commonly found in these questions. If you know you use certain details for these questions, don’t publish them on any social media network or tell anyone you don’t trust.

2-Factor Authentication

Some websites (like Google, Facebook, and Twitter) have introduced what’s known as 2-factor authentication. It may sound complex but it’s actually rather simple: they require any password input to have another, smaller password generated by another device. The services I mentioned earlier all use apps on iPhones/Androids to generate the code. If you activate this system, you’ll be asked for a code each time you log in that only you, on your device, can make. That way, even if someone else has your password, the only way anyone’s getting in is if they have your code generator—and they’d need to steal your phone for that.

Stay Safe

The only way that you’re going to lose your data and your email account if you use these tips would be to hand it to them directly. Staying safe has never been easier thanks to the basic tools that we’ve been given from the email providers themselves and the basic tips to maintaining a safe, secure email system earlier in the email: make a good password, give it to no one, don’t log in through links but rather through the sites themselves, and just practice good email management, and you’ll be fine!

 

Actionable Tips

Follow these basic tips to stay safe through your email:

  • Trust no one
    • Any email coming from anyone you don’t know or any company from whom you’re not expecting an email is suspect. Don’t click those links.
    • Any legitimate web service or company can verify those requests. Call them or send an email directly to your contact, not by “reply.”
  • Use good passwords
    • Get rid of simple passwords and those “123456” codes—they will get you into trouble.
    • Passwords should contain:
      • At least 8 characters (the more the better)
      • Symbols, numbers, and both upper and lower case letters
      • A jumble of letters that can’t be found in a dictionary
  • Use additional account protection
    • Services like Google’s Authenticator and other forms of two-factor security make it harder for phishing and brute-force password hacking. Use those services.
    • Don’t make your security answers public information—if it’s used to secure an account, keep it to yourself.
  • Use good judgement
    • If an email feels wrong or is unexpected, confirm and verify it. It’s usually too good to be true.