Home > About > eConnect Archive > September 2019 > Phishing Scams

Phishing Scams Aimed at Women's Council Members

Technology has been a boon to referral networks. In a matter of minutes, you can locate and send a client referral to a fellow Council member across town or across the country. In the real estate industry, the Women’s Council referral network is especially strong, with 56 percent of members reporting they refer business to another member annually.

To help facilitate referrals, Women’s Council maintains an “open” network; that is, full contact information is displayed for all members on a public site. Anyone can find you and, generally, that’s a good thing…but not always.

The Women’s Council recently became aware of a situation where an individual was contacting Council members, stating we had a recent policy upgrade, and inviting recipients to 'accept and review' a policy document. This is commonly referred to as “phishing,” and is typically a scam.

This isn’t the first such phishing scam targeting Council members and, sadly, it probably won’t be the last. Other, more malicious, scams ask directly for money to be sent, ask for personal information, or encourage you to click on a link or open an attachment for “important information” that results in malware (hostile or intrusive software, viruses, spyware, ransomware, etc.) being installed on your computer.

So what’s a member to do? Your business relies on connecting with Council members you may not know. While you don’t want to miss a lead or lose a referral, you do want to be aware and know how to read the signs of suspicious emails so you can avoid phishing scams while engaging in the Council’s referral network. Here are some tips to help you spot (and avoid) scams – whether general in nature or those targeting Council members.

  1. Look at the URLs and domain names. Do they make sense? For example, if the email is from Jane Doe and the domain is janedoe.com, that seems logical. But if the domain name is janedoe.com.bestdeal.com, this is a red flag. You may also see a foreign country domain extension in the URL, e.g., ru for Russia. Ask yourself if that makes any sense given the situation. Even if a URL looks legit, it may be hiding the real one. To check, hover your mouse over the link (don’t click!) and you’ll see the true URL. If it differs from the displayed link, the message is probably fraudulent or malicious.

  2. Consider the salutation and signature. If the salutation reads “Dear Council Member” but the message makes reference to a specific person who provided your name, that signals a likely scam. Also, look at the email signature. Does it include full contact information and an unsubscribe disclaimer, as is the standard practice for business communications?  

  3. Read for poor grammar or spelling. Scammers are notoriously bad about spelling and grammar. If a poorly written email claims to come from a large corporation or well-known brand, you can almost be assured this is a scam as these companies are very careful about their image.

  4. Never provide personal information or send money without confirming legitimacy. If you are in communication with the sender, slow down a bit and ask for clarifying/confirming details. If you’re asked to send money to assist a specific member, take that extra step and contact the member directly to confirm a true need before taking any action. Be wary of any request to send money to an unidentified vendor. Women's Council will never request you to wire money to our President or Line Officer Team - the same should apply at your local or state network.

  5. If you don’t recall noted actions, beware. Widespread scams include notification of contest winnings (Did you enter?) and lottery winnings (Did you buy a ticket?). With these and other scams, if the news or opportunity sounds too good to be true…it probably is.

  6. Avoid clicking on suspicious links or attachments. If you have any reason to doubt the legitimacy of an email, never click on a link or attachment. Doing so can result in installing malware, which can range from being a mere irritant to the loss of your computer’s contents.

Now that you can spot a phishing email, here are a few things you can do to protect yourself (and others).

  1. Review your computer settings. While it will vary depending on your platform, you likely have an option to determine how easily “junk” mail (which includes scams) gets through to your inbox. 

  2. Install security software. While most email programs do a decent job of filtering out junk emails, an additional layer of protection can minimize the impact if you do inadvertently click on a link you thought was from a legitimate source.

  3. Report phishing scams. Most large companies (Google, Apple, PayPal, Microsoft, large banks, etc.) welcome notification that someone is using their name in a scam. Use your browser to search for “report phishing to (company name)” to find quick instructions. The U.S. government also invites scam reporting: phishing-report@us-cert.gov. If you receive a phishing email that uses the Women’s Council of REALTORS®’ name, send the email to wcr@wcr.org and type “Suspected Phishing” in the subject line.

The tips provided here are to remind you to exercise caution and to help you learn how to quickly assess an email that seems a bit out of the ordinary. Viewing such emails with a thoughtful eye will allow you to continue to enjoy the unparalleled success of the network of the Women’s Council of REALTORS®!