EMAIL SCAM RED FLAGS
It Comes from a KW.com Email Address
It Doesn’t Matter
It Links to a Property on KW.com
No It Doesn’t
Examine the URL in Your Address Bar!
The address bar will tell you 100% of the time if you're on a fake website or the real one. You just have to know what to look for.
Any characters below marked in GREEN are examples from valid websites. Characters colored in RED are examples of fraudulent, phishing websites.
It Comes from a KW.com Email Address
It Doesn’t Matter
- A fraudulent email can come from anywhere: AOL, Yahoo!, Gmail, even KW.com.
- Anyone’s email can be compromised, thus allowing a scammer to send email from it. An email from an agent with a KW.com email address isn’t any more valid than an agent using a Yahoo! address.
- Team Leaders and other agents in your city have fallen victim, and had their accounts compromised.
- If you think the email may be legitimate, then call the other agent. They’ll either confirm their email is legit, or you’ll be a helpful alert that their email account has been compromised. CALL FIRST.
It Links to a Property on KW.com
No It Doesn’t
- A link can be disguised to look like it takes you one place, but actually takes you to a completely different website.
- For example, a link can appear as… www.kw.com/1234-lane-ave
- But actually take you to… www.hacker.com/password-stealer
- How can you tell?
- Hold your mouse over the link in the the email. Most internet browsers & mail apps will show the actual URL the link will send you to.
- You can get the same effect on a phone or tablet by holding your finger on the link. A pop-up should appear that shows you the actual URL the link will take you to.
- In either case: If the URL in the pop-up doesn’t match the URL in the email body, DON’T CLICK!
Examine the URL in Your Address Bar!
The address bar will tell you 100% of the time if you're on a fake website or the real one. You just have to know what to look for.
Any characters below marked in GREEN are examples from valid websites. Characters colored in RED are examples of fraudulent, phishing websites.
|
VALID DOMAIN NAME EXAMPLES
https://accounts.google.com https://accounts.google.com/ServiceLogin?service=wise https://www.dropbox.com/login https://www.chase.com https://chaseonline.chase.com https://www.wellsfargo.com https://onlineservices.wellsfargo.com/auth/login/present |
PHISHING DOMAIN NAME EXAMPLES
http://www.go0gle.com http://www.google.ru http://www.go0gle.com/kwlogin http://accounts.google.com.fakesite.com http://securelogin.dr0pbox.com/google/kwlogin http://chaseonline.chase.cn/onlinepayments/verified http://onlineservices.wellsfarg0.dnaracing.com.au/?present?orgin |
THE "S" MATTERS!
KNOW YOUR DOMAIN NAMES
SUBDOMAINS ARE USED TO TRICK YOU
- ALWAYS look for https:// at the beginning of the URL in your address bar.
- The S in https:// stands for secure. Valid websites will ALWAYS use HTTPS every time you enter your password into a page.
- Your browser will often show a green "lock" icon next to the URL when the page uses HTTPS.
- NEVER EVER EVER enter your password into a page where the URL only starts with http://
KNOW YOUR DOMAIN NAMES
- The real domain name for the site you're on is ALWAYS the word before & after the last dot in the domain name.
- NEVER login into a foreign domain unless you know EXACTLY what you're doing.
SUBDOMAINS ARE USED TO TRICK YOU
- Subdomains are used to trick you by making the URL appear valid.
- Subdomains come BEFORE the domain name (tech.homesokc.com), and are separated by dots.
- Valid sites will RARELY have very complex (more than one) subdomain. For example...
accounts.google.com vs. accounts.google.com.fakesite.com
|
BE SUSPICIOUS OF FOREIGN DOMAIN NAMES
|
FOREIGN DOMAIN NAME EXAMPLES
CHINA: https://www.baidu.cn RUSSIA: https://www.email.ru AUSTRALIA: http://dnaracing.com.au MICRONESIA: https://www.about.me UNITED KINGDOM: https://www.theguardian.co.uk HUNGARY: http://accounts.google.com.repulogep.hu |
It Includes the Word "Kindly"
Kindly Delete the Email
Kindly Delete the Email
- A common recurrence in phishing emails targeted to KW agents is the appearance of the word kindly in them.
- As in…
Kindly click the link below to download the documents. - Or…
Kindly reply back to me via email with more information. - Ask yourself: Does anyone really use these phrases? Scammers are often from foreign countries who do not use common American English phrases. When was the last time to you were “kindly” asked to do something?
- Strange phrases or requests are often a good indicator of phishing attempts. You may reply to an email, and by the 2nd or 3rd reply to the person, things may start seeming “phishy”. Unless the person has an extremely convincing reason as to why they are a legitimate client, then end the conversation.
