A REIN staff member recently received an email that on the surface looked like a legitimate notification for Document signing from Authentisign, but was in fact a fake, phishing scam.
Here is how to tell the difference between a fake and real Authentisign message:
- Were you expecting a document for signing? Think about it… how often does another agent send you a contract out of the blue, without having at least spoken to you over the phone first? If you receive an email to sign a contract but have not actually spoken to the other agent, then this should be a red flag that something is not right.
- Sender’s name. In the fake email, the sender’s name in the “From:” field was a generic “Authentisign Message”, but in a real Authentisign email, the agent’s name will appear in the “From:” field. This is how you will know who to call to verify that the email is legitimate – simply look them up in Matrix to find their phone number.
- Hover over the “click here” link, but do not click. When you hover over the link, the URL address that it directs to pops up in a small window. Always check that the URL is legitimate. Below, the first image is a screen shot of the “fake” URL address (the .in from the URL tells us it is located in India, and Instanet Solutions is not located in India), and the second image is a screen shot of a “real” URL address from Authentisign (notice the URL includes authentisign.com/instanet/.)
The #1 cyber-security rule… NEVER CLICK ON A LINK without first verifying its authenticity with the sender. And remember, scammers change up their routines constantly, so while the fake email our staff member received may link to “creativedesignshub.in”, one you receive may go to a different URL address. Always verify!!!