Don’t Get Hooked by Phishing Scams Aimed at Council Members
Technology has been a boon to referral networks. In a matter of minutes, you can locate and send a client referral to a fellow Council member across town or across the country. In the real estate industry, the Women’s Council referral network is especially strong, with 56 percent of members reporting they refer business to another member annually. Get more stats on Women’s Council referrals.
To help facilitate referrals, Women’s Council maintains an “open” network; that is, full contact information is displayed for all members on a public site. Anyone can find you and, generally, that’s a good thing…but not always.
The Women’s Council recently became aware of a situation where an individual was contacting Council members, using the Council name (citing a prominent member who “referred” him), and inviting recipients to call about a project that would be a big “benefit to your business.” This is commonly referred to as “phishing,” and is typically a scam to get you to buy something or, worse, take advantage of you.
This isn’t the first such phishing scam targeting Council members and, sadly, it probably won’t be the last. Other, more malicious, scams ask directly for money to be sent, ask for personal information, or encourage you to click on a link or open an attachment for “important information” that results in malware (hostile or intrusive software, viruses, spyware, ransomware, etc.) being installed on your computer.
So what’s a member to do? Your business relies on connecting with Council members you may not know. While you don’t want to miss a lead or lose a referral, you do want to be aware and know how to read the signs of suspicious emails so you can avoid phishing scams while engaging in the Council’s dynamic referral network. Here are some tips to help you spot (and avoid) scams – whether general in nature or those targeting Council members.
Look at the URLs and domain names. Do they make sense? For example, if the email is from Jane Doe and the domain is janedoe.com that seems logical. But if the domain name is janedoe.com.bestdeal.com, this is a red flag. You may also see a foreign country domain extension in the URL, e.g., ru for Russia. Ask yourself if that makes any sense given the situation. Even if a URL looks legit, it may be hiding the real one. To check, hover your mouse over the link (don’t click!) and you’ll see the true URL. If it differs from the displayed link, the message is probably fraudulent or malicious.
Consider the salutation and signature. If the salutation reads “Dear Council Member” but the message makes reference to a specific person who provided your name, that signals a likely scam. Also, look at the email signature. Does it include full contact information, as is the standard practice for business communications?
Read for poor grammar or spelling. Scammers are notoriously bad about spelling and grammar. If a poorly written email claims to come from a large corporation or well-known brand, you can almost be assured this is a scam as these companies are very careful about their image.
Never provide personal information or send money without confirming legitimacy. Check the “Find a Member” directory or Council Referral Center to confirm the individual’s membership. If you are in communication with the sender, ask for clarifying/confirming details. One smart Council member asked for more information about the source of the referral and the individual quickly cut off communication. If you’re asked to send money to assist a specific member, contact the member directly to confirm a true need before taking any action. Be wary of any request to send money to an unidentified vendor. Targeting association members for payments using the president or treasurer’s name is a current popular scam.
If you don’t recall noted actions, beware. The recent Council member phisher makes references to having left voice and text messages. Do you recall getting these? Widespread scams include notification of contest winnings (Did you enter?) and lottery winnings (Did you buy a ticket?). With these and other scams, if the news or opportunity sounds too good to be true…it probably is.
Avoid clicking on suspicious links or attachments. If you have any reason to doubt the legitimacy of an email, never click on a link or attachment. Doing so can result in installing malware, which can range from being a mere irritant to the loss of your computer’s contents.
Now that you can spot a phishing email, here are a few things you can do to protect yourself (and others).
Review your computer settings. While it will vary depending on your platform, you likely have an option to determine how easily “junk” mail (which includes scams) gets through to your inbox.
Install security software. While most email programs do a decent job of filtering out junk emails, an additional layer of protection can minimize the impact if you do inadvertently click on a link you thought was from a legitimate source.
Report phishing scams. Most large companies (Google, Apple, PayPal, Microsoft, large banks, etc.) welcome notification that someone is using their name in a scam. Use your browser to search for “report phishing to (company name)” to find quick instructions. The U.S. government also invites scam reporting: firstname.lastname@example.org. If you receive a phishing email that uses the Women’s Council of REALTORS®’ name, send the email to email@example.com and type “Suspected Phishing” in the subject line.
The vast majority of interactions and referrals stemming from the Internet are from fellow Council members, impressed with your qualifications found in the detailed profile at wcr.org. The tips provided here are to remind you to exercise caution and to help you learn how to quickly assess an email that seems a bit out of the ordinary. Viewing such emails with a thoughtful eye will allow you to continue to enjoy the unparalleled success of the network of the Women’s Council of REALTORS®!
Share This Page: