News & Information: Orlando REALTOR® magazine - Special Feature

Scams And Spams And Phishes

Friday, August 25, 2017  
Share |
2016 ORRA Good Neighbor Award winners
Examples of a recent e-mail scam (left, Exhibit A) and mail scam (right, Exhibit B) received by Orlando REALTORS®
Orlando REALTOR® | SeptemberOctober 2017

A spate of malicious attempts at deception keeps REALTORS® on high alert for cybercrime

Orlando REALTORS® have been under a particularly sustained cyber assault. Over the past few months alone, members have been faced with:

*An impressively formatted e-mail appearing to be from the association. The e-mail included an image of President Bruce Elliott and the association logo, but carried a risk of delivering a virus to unsuspecting recipients upon opening. (If you receive this e-mail, do not open it.) See Exhibit A.

*Not one but two separate warnings from Florida Realtors about scammers who twice sent out fake invoices from a nonexistent real estate board, seeking payment for renewal. The invoices appeared deceptively legitimate with a "Make check payable to” address listed at a post office in Deerfield Beach, Fla. See Exhibit B.

"This is not a simple scam," says Bill Martin, Florida Realtors CEO. "High-tech criminals put a great deal of work and planning into this." The criminals created a truly impressive fake website, sent a complex fake letter, and successfully alarmed REALTORS® across the state, adds Margy Grant, general counsel for Florida Realtors. (If you receive this invoice, do not respond.)

*A phishing alert from the National Association of REALTORS® warning members of an e-mail with the subject line “Important Updates to Database!” The e-mail included the phrase “To that end, if you could please look through attached PDF; which contains a list of all members along with their contact information and make sure yours is correctly represented.” (If you receive this e-mail, do not open it.)

*And now this latest notice from NAR of a text message scam alert: If you receive a text message asking for payment of a fine or sales tax on a prize, it is likely a delivery system for malware.

In one version, a scammer levies false ethics accusations against a member and demands payment of a fine. Additionally, NAR has seen versions of a text purportedly from NAR, telling the recipient they have won a prize (a car or a TV) in a contest sponsored by NAR. NAR has reported both variants of the scam to the FBI.

If you receive one of these texts, take the following actions:

1. Do not click on any links in the text or otherwise engage with the sender. If you have clicked on a link in a suspicious text, promptly follow up with an IT specialist to ensure that the device is free from malware.

2. Erase the text from your device. You can take a screen shot of the scam prior to erasing it to use it in a report to the FBI if you choose.

3. If you wish, report the incident to the FBI IC3 website at (you can follow up with the FBI after filing the IC3 report by calling your local FBI field office).

If you suspect that any phone numbers or contact information were obtained due to a breach of your IT system, alert your brokerage’s IT department or engage an IT specialist to scan your systems and devices to make sure that you are free from malware.

To keep abreast of the latest cyber crime warnings from REALTOR® organizations, check in regularly with ORRA, Florida Realtors and NAR websites for the latest news; follow their social media; and read their regular e-communications such as ORRA's Orlando REALTOR® Online e-newsletter.

REALTOR® Viewpoint
Scam Prevention: The Case For Two-step Authentication
By Thomas Scott, Keller Williams Advantage Realty

Digging Deeper
Internet Chicanery: The Basics

You’ve probably heard all of the buzzwords related to schemes that take place on the web — clones, phishing, malware, worms, viruses, and Trojan horses.

The vast majority of malicious software are installed by some action from a user, such as clicking an e-mail attachment or downloading a file from the Internet. Prevention is key.

Attack Of The Clones!

Cloning is perhaps the least dire of the illegal activity that takes place on the Internet. Nonetheless, it certainly can prove distressing. Essentially, the cyber criminal takes a combination of your name, an image of your likeness and perhaps other information personal to you, and creates a new social media profile. One day, you might see your face and name pop up in the “people you might know” bar on Facebook or LinkedIn and feel alarmed, or perhaps a friend sends you a message alerting you to a cloned profile.

Alternately, cybercriminals may set up cloned websites that look almost identical to say, your bank’s website, encouraging you to enter personal information. In fact, some scams entail a robocall with a recording that encourages calling back and typing in bank account numbers, or visiting a mock, cloned website.

Deep Sea Phishing

We’ve all received at least one e-mail from a Nigerian Prince, looking for assistance in a lucrative investment opportunity, or perhaps a “Look at this funny video of you” message from a friend on a social media site. Flattering as such messages may feel, by now we know they are scams. Typically such messages contain malicious “phishing” links that you are encouraged to click on. Once you click on such a link, bad things happen. Malicious software — known as “malware” or “spyware”— is often installed on your computer, recording your every keystroke to garner logins and passwords to all of the sites you frequent. Before you know it, the cybercriminals responsible for the attack suddenly have access to your email, bank accounts, credit cards, and much more. Malware comes in many forms, each form seeking a specific type of malicious action. Viruses, Worms, and Trojan horses are all types of malware.

Worms, And Not The Garden-friendly Kind

Behaving much like bacteria, computer worms are a type of malware that seek to self-replicate, using the infected computer or device as a “host” to spread damage to additional computers and devices. Often they operate under the radar by not altering files on their host computer, but rather using the host computer as a means to access and infect additional computers and devices. Worms operate independently and do not need a human’s guidance to replicate and cause damage. Worms often take advantage of holes or weaknesses in software programs; this is why it is vital to keep software programs, such as Microsoft Windows and Adobe Flash, up-to-date. Worms can cause extensive damage to an entire network of computers.

Trojan Horse Rampage

For those familiar with Homer’s story The Odyssey, the concept of a Trojan horse is nothing new. For those not familiar: the story has it that the Greeks built a giant wooden horse, used to conceal armed warriors, and presented it as a “gift” to the City of Troy; whilst the city slept, the warriors crept from the horse and conquered. Not unlike the historical Trojan horse, the computer malware Trojan horse arrives in the form of an enticing website link or useful “software update” request; upon clicking or accepting such requests, the Trojan horse is installed on the computer and begins a series of malicious actions, similar to that of a computer virus.

Outbreak: You’ve Got A Virus!

Viruses are also in the malware family and can cause great harm, often rendering computers and devices in a permanent state of disrepair. Through an executable file, viruses alter the existing framework and files on the infected computer or device. Viruses start with one infected file that is transferred and “executed” on one or more computers. Virus files are executed when one downloads an executable file that contains a virus, and then allows his/her computer to run the executable file. Viruses require human interaction in order to propagate.

> Source: NAR

ORRA Partners
ORRA would like to thank our Partners for their continuing support.
View the full list of ORRA Partners.