The most common form of email "hacking" is actually referred to as a "phishing scam." "Phishing" is where an outside party attempts to gain access to your email account be tricking you into revealing your username and password to them. Once they have the log in credentials to your account, they can sign in to your email and send out other phishing attempts for other email accounts ,or try and trick your email contacts into wiring money to them. Since real estate agents are constantly making large financial transactions, they are often victim to phishing attempts.
The way a phishing attempt works:
A phishing attempt can come from anywhere. It can be sent from an email you don't recognize or from a contact you trust who has been phished themselves.
Most often you will see an email that is requesting you view a specific link or attachment. Most links will be unfamiliar to you or not going to clear place. Be on the lookout for key words or phrases that are not commonly used in everyday vernacular. Because phishing attempts can commonly come from outside the United States you may notice weird syntax and diction. For instance if you see the word "Kindly" it will generally indicate a phishing email. A common phishing attempt sounds something like, "Kindly open the link below and sign in."
Phishing attempts will ask you to sign in to your account. This is a MAJOR RED flag. This is how phishing emails steal your information. When you are requested to sign in to your account you are really giving your log in credentials to the phishers. Remember if you are already logged into your account then you do not need to sign back into your account for any reason. After you "sign in" on a phishing attempt you will be taken to a page that doesn't exist or doesn't make sense.
Once the phisher has your email log in info they will sign into your account the same way you normally do and use your email account to send out more phishing attempts to everyone in your contacts or look for financial transactions to exploit. The most common for real estate agents are wire transfers. There have been huge sums of money sent to criminal's accounts because an email was phished.
I suspect I may have been phished. What should I do?
Change your email account password immediately. Changing the password to your account ensures that anyone else attempting to access your account will not be able to do so. Also anyone who might be in your account will be kicked out. When you change the password for an email that was phished, make sure to change the password to something completely different than what it was. Adding a number to the end of your previous password is dangerous because phishers might be able to guess that and still access your account. It is best to choose something totally new. For instructions on how to change your @kw.com Gmail account, please click here.
Oftentimes if Google sees suspicious activity in an account they will "temporarily disable the account." What this mean is that Google analyzes the IP addresses and location from where you normally log into your account from. If they see a log in from a completely different location and IP they may disable the account. When an account is disabled no one will be able to sign in. This means phishers will no longer have access to your @kw.com account but then neither will you. When you attempt to log into your account, you will see a message saying "Your account has been temporary disabled due to suspicious activity." When you see this screen, please contact KW Tech Support here. They will be able to help reactivate your account. Once your account has been reactivated you will be required to change your password when you log in.
Once you have changed the password to your Gmail, you will want to look in other areas of your account to make sure the phishers did not mess up your settings.
Oftentimes phishers will try to "hide their tracks" by setting up filters that may delete emails warning you that your account is compromised. Go to the filters section of your email account and delete any filters that you did not create yourself. You may see filters containing specific key words like "Doccument, Hacked, or Phished" that might be used to delete incoming emails trying to warn you that you were phished. To set up or delete filters in your Gmail account click here.
Once you remove any filters that were added to your account check the Forwarding and POP/IMAP settings. Confirm that the settings in this area were set up by you and going to other accounts that you own. Sometimes Phishers will set forwarding in your account to send your emails to other accounts they own. If your forwarding/POP or IMAP settings were changed, change them back to direct to your accounts or delete the phishers settings. To set up your forwarding in your Gmail account please click here.
Check your contacts. Sometimes, malicious phishers will delete your contact list. Do not fret, you can easily recover your contacts in Gmail by following the instructions here.
Check your details. You may want to confirm that your account was phished. A good place to look for this is to look at who accessed your account and from where. To do this scroll to the bottom of your inbox and click the 'Details' link. This will open up a window that will display the latest log ons to your account. You should be able to see a lot of log ins from your area and then maybe a few really outside your area log ins. If you see log ins from locations you haven't been to then your account was phished and someone else was accessing it. Also, in the details page you can click the 'Sign out all other web sessions' button to make sure that any other users are signed out of your account.
To avoid or prevent phishing attempts in the future you can also add two step verification sign in to your @kw.com account. To learn more about 2 step verification please click here.
If you believe you have been phished or need help reactivating your account, please contact KW Tech Support here. You can also log in to https://agent.kw.com and use the Support button at the bottom of the page.