Last week, an email was sent to KCRAR and Heartland MLS staff using KCRAR’s domain name that turned out to be a fraudulent email. A frequent tactic among scammers is to disguise fraudulent emails in order to bait a reply or link click from recipients that could give them access to personal information like passwords, credit card or bank information or social security numbers. This type of email scam is known as phishing. Here are a few tips to recognize a phishing email and avoid this type of scam.
Check the email address. Be sure the email address of the sender matches the name on the email. If the email says it’s coming from John Smith, but the email address itself has no indication of that name, or it’s not the email address you know to be John Smith’s, that’s a red flag. Even be conscious of slight misspellings, like email@example.com or firstname.lastname@example.org. And if you know John Smith would ordinarily be emailing from email@example.com, but you receive one from firstname.lastname@example.org, that could be something to question as well.
Don’t open unexpected attachments. Sometimes attachments like PDFs or images can be filled with malicious code and could compromise a system if opened. Be particularly critical of emails that include an unexpected attachment, especially if it’s coming from an unknown sender. In the real estate industry, this can often be seen in the form of fraudulent emails spoofing title companies, so if you don’t have a current transaction with the title company seen on an email, don’t open the attachment.
Look out for bad grammar and suspicious messaging. Phishing emails often contain confusing or poorly written text. And if the message issues a warning or creates a sense of urgency, that can be an indicator of a phishing email as well.
Any members or subscribers who receive an email from @kcrar.com or @heartlandMLS.com that they are unsure of or suspect it could be fraudulent may email SafeMLS@HearltandMLS.com to double check.