How to be Phishing Aware
InspectRealEstate’s clients and users have recently been attacked by scammers, who used a method called “phishing”. Here’s some information to help prevent a phishing attack from being successful.
Phishing is a process where a cyber criminal will attempt to steal your password by inviting you to login to a fake page. The cyber criminal can then use your information to login to the software under your name. The fake login page is likely to be sent to you as a hyperlink in a “phishing” email.
1. How do you recognise a Phishing email?
InspectRealEstate will never ask you to verify your membership with an email. You will never be required to login to our site via a link from an email – site logins will only ever be required from our login page. We strongly encourage you to be sceptical about anything you’re required to do by clicking a link in an email. If you get an email that looks suspicious, please contact our security officer (details below) and your account manager.
2. How do you recognise a fake login page?
Checking the URL is the simplest way to make sure you put your login details into the correct login page. A fake Phishing login page will use a different (and sometimes bizarre) URL. Check the address bar in your browser before logging into your accounts. It must be:
This is the correct URL for the InspectRealEstate login page. Below is an example of how it would look on the web page.
you can see a lock on the left hand side of the URL;
the background of the left section of the URL is green;
the URL itself starts with “https”; and
the URL is “https://app.inspectrealestate.com.au/Account/Login.aspx”.
Checking that the URL of the login page matches https://app.inspectrealestate.com.au/Account/Login.aspx is the simplest way to guarantee that you’re not giving your password away. If you click a link in an email and find yourself at a login page with a strange URL, you are likely the target of a Phishing email.
3. What should you do if you receive, click or are a victim of a phishing email?
If you receive a Phishing email you should send an original copy of that email (by dragging and dropping it into a new email) to the InspectRealEstate Security Officer at firstname.lastname@example.org.
Please flag any suspicious activity as soon as possible. The sooner InspectRealEstate is aware of a phishing attack, the less time the Phisher may have unauthorised access into your account. If you have clicked an external link or entered your password into a fake page, contact the InspectRealEstate Security Officer immediately with the following five pieces of information:
Your agency name
Your agency login name
The date and time you clicked the external link/entered your login details
An original copy of the Phishing email (Not a forwarded version)
4.Warning signs that your details may have been Phished
If you receive an unexpected SMS verification code, it could indicate that a Phisher has your details and is trying to gain access to the system.
Also, if the password to your account suddenly becomes ineffective, it could indicate that a Phisher has logged into your account and has changed the password.
Please do not hesitate to contact the Security Officer or your Account Manager if you have any queries surrounding the security of your InspectRealEstate account.
John Impey – Security Officer
(+61) 499 600 260