What to know about cybersecurity for real estate businesses
As Covid brings much of our work interactions online, it becomes all the more important to keep our businesses protected from online threats. Here’s why cybersecurity is important for real estate agents and some tips to identify potential attacks.
What are phishing attacks?
Chances are you already have a dozen malicious emails in your inbox. Luckily, most email service providers do a good job at filtering out suspected hacking attempts into your spam folder. Scammers will send emails to pose as a vendor looking for business or perhaps a client seeking a new agent. As part of their email, they may ask you to transfer funds or they may try and get sensitive information from you, like addresses and account numbers. This is called phishing as they are ‘fishing’ for important information from you.
Identifying phishing emails
Some red flags for phishing include poor grammar and spelling, sender names that don’t match their email addresses and embedding URLs using link shortening services or external websites. Finally, the ‘it’s too good to be true’ rule applies here too. If someone wants to send you a six-figure cheque to a deposit out of nowhere or is offering to pay your commission in advance, that email may deserve a closer look and deeper inspection.
This newer form of malicious emailing involves hackers researching the names of executives or CEOs in your company and posing as them in an email. Whale phishing attempts can be successful because staff are trained to follow the instructions of their supervisors. Perhaps your broker of record may ask for an account number, or send you a bonus through a supposed e-transfer link. Often these emails have one or two letters of an email address or name changed (Micheal instead of Michael) so that you won’t notice the difference. Or in some cases they’re able to mimic the sender’s entire address. Any activity or request that sounds out of place is worth verifying with the supposed sender through a phone call.
Training and education
While identifying suspicious emails may seem obvious to you, it can be less so for others. If you work with a team or in a brokerage, it may be worth conducting some cybersecurity training so that staff know how to look out for malicious emails. You can also educate yourself further by learning more about cybersecurity from a trusted source, like the Canadian Centre for Cybersecurity and pass your learnings onto your staff and colleagues.