Last week, ALTA sent out an industry-wide alert cautioning title companies to be wary of an email that spoofed one of their email addresses to make it look like it was coming from ALTA’s former CEO. The widespread phishing emails targeting thousands of industry participants included Qualia users. This includes emails that “spoof” a legitimate email address, making it appear as though it was sent by a real business.
Users who receive these types of emails are then typically asked to share their login credentials with the malicious organization running the phishing attack. An example phishing email that purported to come from Qualia and targeted our users looks like this:
As you can see, the sender appears to be from Qualia. Email spoofing is so harmful and convincing because an attacker can create a fake email address that closely matches an existing email address without even needing to hack into a network or system to spoof the email domain. In other words, no matter how secure organizations like ALTA or Qualia are, emailing spoofing can be done.
On the whole, phishing attacks like these have only gotten more sophisticated and harder to spot. In addition to spoofing legitimate email addresses or creating similar looking email domains, phishing emails may also come from reputable third party email services. The fake websites they direct to are often designed to look just like that of the organization they’re spoofing and may even be hosted by a reputable third-party storage provider like Google.
Recommended next steps
Two-Factor Authentication (2FA)
Just as ALTA did last week, we have notified all Qualia customers and all Marketplace vendors who were likely to have received the phishing attack. With that said, as a first step, we urge everyone to enable Two-Factor Authentication (2FA). Qualia users can get step-by-step instructions on how to enable 2FA in the Qualia Knowledge Base.
If you are concerned that you may have fallen victim to a phishing attack that compromised your Qualia login credentials, please immediately change your password (as well as change your password on any sites where you may have used the same credentials). For detailed instructions on how to reset your password or to contact Qualia Support, please view this article in the Qualia Knowledge Base.
In addition to becoming more sophisticated, these phishing attacks targeting the real estate industry are becoming more prevalent, and will no doubt continue to target the industry. Take, for instance, the recent news reports of real estate mogul and Shark Tank star, Barbara Corcoran, losing $400,000 to a real estate phishing scam (she has, fortunately, since recovered the funds).
What we can do as an industry is to be vigilant and take proactive steps not to fall prey to scammers. That’s why we belong to the Coalition to Stop Real Estate Wire Fraud, where our goal is to educate our customers and the broader public about the threat of real estate wire fraud. We encourage all those in real estate to learn about the different types of Internet fraud out there, as well as the various security best practices to protect against phishing attacks and other types of Internet fraud.
For more on phishing scams and their impact in the real estate industry, watch Qualia’s interview with NBC from last year.
To learn more about the different types of Internet fraud, please visit this article.
To learn more about security best practices to protect yourself against phishing attacks, please visit this article.