Phishing scams: What property managers need to know

Laurie Mega
Laurie Mega | 5 min. read

Published on October 29, 2018

You’ve probably heard of phishing scams and horror stories of stolen identities. But do you know how to protect yourself, your staff, and most importantly—your owners and residents? We’ve outlined the most reported phishing scams you may encounter and how to avoid them.

How Do Phishing Scams Work?

A phishing scam tries to get sensitive information or infiltrate a system through social engineering. What this means is that they lean on human emotional responses to gain the advantage. Attackers use fear, the promise of a prize and even guilt to separate you from your most valuable asset: your personally identifiable information (PII).

Historically, phishers used email to attack exclusively, but as Gmail and other email providers get better at filtering out phishing messages, scammers are turning to social media, texts and even phone calls.

The end goal is always the same: Use the PII to get to your money — or your company’s money.

Let’s take a look at exactly how it works by method.

Email Phishing Scams

An email phishing scam uses enticing information and a sense of urgency (or even threats) to get you to give up personal information, click on a link or download a file. They say you’ve won a prize and all they need is your home address, or that your bank account will close if you don’t give them your account number to straighten it out.

Social Media Phishing Scams

There are a few ways attackers use social media to scam users. In a Facebook phishing scam, you may get a request from your friend’s cloned account asking for money, or you may be tricked into clicking on a link and entering your username and password. On Twitter or Instagram, a shortened url could send you to a bogus site specifically designed to capture your information.

Other Phishing Scams

Other phishing scams include phone calls masquerading as your bank or credit card company and asking for personal information. A texting phishing scam could warn you that your account has been breached and to follow a link to check it out.

Types of Phishing Scam Techniques

The average, easily-identifiable phishing scam targets a large group of people with no focus on who they are, but there are also more specific types of attacks out there that might surprise you.

Spear Phishing: A spear phishing attack targets a specific group or individual. An attacker gathers information about their targets from social media accounts and other online sources, which they use to make their scam even more credible.

Clone Phishing: An attacker finds an email from a trusted agency that their target wouldn’t suspect, then copies the logo, email address and language.

Whaling: Whaling targets the “big fish”—management and C-suite executives who would have access to much more lucrative information and bigger company systems.

Is It a Phishing Scam?

If you suspect a hacker in your midst, here are some things to look for:

  • Bad Grammar: Look for obvious spelling and grammar mistakes. Often these scams originate outside the US, and it will be quite obvious that they are not native, professional English speakers. And, maybe fortunately for us, they mostly seem to be pretty terrible writers!
  • HTTP URL: Trust only encrypted websites with HTTPS in the url. Before you even click on a link, hover over it. No S in that url? Don’t click on it—the data being transferred from your server to a site may not be secure.
  • Out-of-the-Ordinary Requests: If you get an email from your bank or from a friend that just doesn’t look right, it probably isn’t. Organizations like banks, phone companies, and cable companies never ask for account numbers or personal information over the phone or via email.
  • Messages From Random Companies: If you never signed up for Venmo and you get an email requesting information to verify your “account,” just delete it.
  • Messages from “Friends” You Don’t Talk To: If you get a request for money or information from a Facebook friend you rarely talk to, it’s probably a scam. If it’s from a trusted friend, talk to them by some other means. Chances are they wouldn’t ask you for money through social media.

Finally, if you suspect a phishing scam, go with your gut. Double-check with the person or agency who sent you the message and never click on anything in the email.

Take the time to educate yourself and your employees about the dangers of phishing scams. After all, they jeopardize not only your property management company, but also your owners and residents.

Keep residents up to date on how to protect themselves. If one of your employees or residents discovers a phishing scam, get the word out quickly, so people know what to look for. Staying vigilant is the best protection for you, your company and your residents.

Read more on Team
Laurie Mega

Laurie Mega has planned, written, and edited content on a variety of subjects. Her work has been published by, The Economist, Philips Lifeline, and FamilyEducation, among others. She lives in the Greater Boston Area with her husband and two boys.

Be a more productive
property manager