The Hampton Roads Multiple Listing Service
Online Lead Generation Phishing Scam
Scammers are searching the web every day for new ways to mine personal data from unsuspecting web users. It’s called phishing. A popular scam is to look for websites with lead generation functionality. Check out this scenario…
- Take any website that offers property search.
- A scammer does a simple search, pulls up a property, and clicks on a link for more information; that request is forwarded to the agent via the lead generation program.
- That agent responds via email.
- The scammer replies back to that email (or sends another, separate email, now that they know the agent’s real email address) with a message that says “Attached is a contract for 123 Main Street”.
- Agent gets excited, and clicks on the link – it could be a PDF, a Word document, or even a link to a website – and nothing happens. In the meantime, you realize that several other agents in your office received leads from someone with the same name or same email address, and you begin to realize the lead is “fake”.
- But the damage is done…
As soon as you clicked on that file or link, you most likely downloaded malware to your computer. The scammer can use that malware to access information such as emails, documents, contacts, personal information about you and your clients – whatever is on your computer may now be in the hands of a phisher. And today’s scammers are often in the “game” for the long haul. They might not use the information they gather right away, and it is possible that they will use your information to leap frog to other people (such as your contacts, or others mentioned in your files). Just because they didn’t try to scam money from you directly, doesn’t mean they haven’t gotten valuable information from you.
How to protect yourself from phishers? NEVER click on an unknown link or file. If you receive an unsolicited email with attachments or links, whether it is from someone you know and trust or from a stranger, always call the sender to verify that it is authentic. Remember, a scammer could be hijacking your friend’s or another agent’s email address so it looks legit, but in reality they are sending you malware. Agents usually call you to say an offer is coming before sending the email... and if they didn’t, there is no harm in calling to confirm that it is real. Honestly, if you do this, you will stop most phishers in their tracks.
Unfortunately, there is only so much a website can do to stop a phisher from using their legitimate website to target victims. Phishers are sophisticated and are often successful at working around safeguards put in place… that being said, there are some tools available to slow them down.
- Add captcha to the website. There are several types of captcha out there, but what this does is make the person requesting information take a physical action to submit the request – such as typing in a word as it appears on the screen, choosing a specific image from an array of pictures, etc. This puts a road block in front of the code written “robots” that automatically submit requests. However, this does not stop a phisher that is manually filling out the form.
- Limit the number of requests that can come from a single IP address within a specified time period. For example, a single IP address can send no more than 3 requests from the website within 5 minutes. The phisher relies on quantity for success – the more leads he can send out, the more likely he will get someone to click on his link or attachment. It’s an “odds” game. Ideally, getting “locked out” of sending multiple leads quickly will discourage the scammer and send him on to the next target.
- Consider blocking international traffic to your site. Many scammers come from foreign countries. (Look for the disjointed English in their emails.)
By the simple nature that we, as service professionals, want to make it as easy as possible for legitimate leads to reach out to us, we make it easy for scammers to get through. Any road block you put in place, also impacts the real leads you want to hear from, so consider carefully all options. To date, there is no guaranteed, sure-fire fix to phishing scams on the Internet. Your best protection is YOU – never click on an unknown link or file!