NEFAR reminds members to stay vigilant against phishing scams that target personal and financial information. Cybercriminals often disguise themselves as trusted sources, such as colleagues, clients, or even REALTOR® associations, by sending emails or text messages that appear legitimate.
There are several precautions you can take to protect yourself, such as:
Look closely at the sender’s email
Don’t just glance at the display name. Click or hover over it to see the full address. Scammers can make it look like it’s from someone you know, but the real address may be slightly off (extra letters, numbers, or strange domains).
Don’t rely only on the “From” field
Scammers can mask or “spoof” the display name to look legitimate. If something feels odd, double-check by reaching out through another channel. Pro tip: You can view the full email header to see the actual sending address and server path, , which often doesn’t match the display name in the from field. For Example:
- Outlook (desktop app): Open the message, go to the File tab, click Properties, and look at the text in Internet headers.
- Outlook (web): Open the email, click the three dots (…) next to “Reply all,” then select View > View message details.
- Gmail (web): Open the email, click the three dots (⋮) in the upper right corner, then choose Show original.
Watch out for odd links
Hover your mouse over any link before clicking. If the link preview looks different from the text shown, or it sends you to a strange website, don’t click. When in doubt, go directly to the official website instead of using the link.
Check for urgent or threatening language
Phishing emails often try to scare you (“Your account will be locked!”) or pressure you into acting fast. A real organization will give you time to respond.
Look for poor spelling and grammar
While scammers are getting better, many phishing emails still contain typos, awkward phrasing, or formatting that looks unprofessional.
Be careful with attachments
Unexpected attachments, especially ZIP, EXE, or Office files with macros, can contain malware. If you weren’t expecting it, don’t open it.
Verify requests for sensitive information
Legitimate companies will not ask you for things like passwords, Social Security numbers, or bank details by email. If you’re not sure, call the company directly using a verified phone number.
Check the greeting and tone
Phishing emails often use vague greetings like “Dear Customer” instead of your real name, or they may feel oddly generic or out of context.
Look for small inconsistencies
Logos may be blurry, colors may be off, or the email format might feel “close but not right.” Trust your gut if something looks off.
Train yourself and your team
Share examples, run practice tests, and keep phishing awareness fresh. The more familiar you are with common tricks, the easier they are to spot.
Protecting your data helps keep both you and your business safe. Click here to read the National Association of REALTORS (NAR) tips to further protect yourself from cyber threats. If you encounter a scam claiming to be from NEFAR or NAR, report it to contactnar@nar.realtor.
