Passwords and Two-Factor Authentication

We hate to hear from agents who have just been hacked, but it’s happening more than ever. Did you know you have a target on your back? Yes, according to the FBI, scammers are specifically targeting e-mail accounts of attorneys, real estate agents, bookkeepers and accountants. Why? Because you have such good intel in your inbox.  They can access client names, transaction data and details all that lead to money, money money.  While the rule of thumb says changing your bank account password frequently is not always helpful (if someone gets access to your actual account, say sayonara sweetheart to your funds today, not next month).  But REALTORS face a different threat… sometimes your email accounts are more valuable when monitored… they call it ‘listening in’. The scams of today are smart. And effective. They seek big payoffs.  There are too many reports of real estate agents begin hacked, even locally.  It’s embarrassing when a naughty link goes out under your name to your entire contact list.  It’s horrible when they use that contact list to phish for information from your clients to commit wire fraud.

Here’s some EASY Steps you can take TODAY to secure yourself:

  • It’s VERY important that you choose a unique password for all accounts—one as long as possible. I know, I know. It’s a pain, and there are SO many accounts. If you find that to be too much work, invest in a password manager. Invaluable, encrypted log-ins. Worth every penny. (Here’s a link to a list of the top rated password managers)
  • Strengthen all your other security options (making your password recovery questions unguessable, and backing everything up)
  • Turning on two-factor authentication for online services whenever possible (especially things like gmail i.e.) This will require that you type a code that is texted to you before access is granted. Search on “two-factor authentication” with the name of the service you’d like to use and you will find simple instructions on how to do this.
  • Control the urge.  Business messages should only be sent on secure systems (not wifi) with antivirus and firewalls in in place. Public computers, unsecured networks, networks you don’t control – that’s not the place to do business. Tempting when you’re on the road, but be cautious. Don’t forget, you have to comply by WISP data security laws from the state of Massachusetts. And that the first fine that was issued was to a Realtor who lost their unsecured laptop.
  • Update your software and apps, especially anti-virus and anti-malware software and make sure you keep up with Chrome, Firefox, Internet Explorer, Safari updates (they have security features built in! Most of these programs have automatic update features, but sometimes we hit ‘later” because gosh darn it, we’re busy right now. And then we forget.
  • Look for the “https://” That S stands for Secure. Use that for Facebook, for email, for flex, searching. Anywhere possible. Leave less of a trail when signed in securely.

What to do if you do get hacked:

  • Change all your account passwords, not just the account that was hacked.
  • Notify the administrators (especially if it was a bank account) and notify the FBI if it involves wire fraud or theft of funds.
  • Notify your your contacts if your Email was hit, your facebook friends if that was hit, etc…Apologize for the inconvenience but know it happens to the best of us and swift action is the best remedy.
  • If unsure, hire a professional to check your computer for malware, viruses, trojan horses, etc.