Over the past 24 hours, SFAR members have been the target of a series of invalid emails called "phishing scams". These emails are carefully made to look like legitimate messages from the organization being attacked. Often the message will use corporate logos, identifying information (such as spoofed 'sender' email addresses) and recognizable names in order to lure in victims.
Please note that these messages are NOT coming from SFAR servers, or our offices or vendors. The emails appear to origniate from email servers in South America (Columbia) and contain a link to either a PDF, or Zip file that can infect Windows Computers with a virus or ransomware.
How can I spot that it's a phishing attack?
When you hover over the link in the email, it will not look like a www.sfrealtors.com URL, and the email contains many errors that should alert you to the fact that is not from us:
Has "the server" been hacked?
We are examing ways of reviewing the security of the feeds, but unfortunately because a list has been extracted already, shutting off the feeds would simply hinder regular commerce.
What can I do to remove the virus?
At this time, it appears that only Windows computers are vulnerable. If you do not have current Anti-Virus software installed, your best bet is to use a web-scanner (try http://housecall.trendmicro.com) to remove the virus and then install a good AV client (AVG, TrentMicro, etc...) after the virus has been removed. There is little SFAR can do directly, as the attack is not coming from us.
What can I to protect myself in the future?
Make sure, as a general practice, that anytime you receive an invoice (from any company) that does not look identical to prior invoices or comes at a time when you are not expecting to be invoiced, that you hover over any links to see where they are pointed. If the links do not match the name of the company sending you the email, use caution. If there is ever a question, don't hesitate to phone us, or email us, first.
We are very sorry that this attack may have affected you, and are in the process of a full security audit of our systems just in case we were the source of the leaked email addresses (at this time, we have zero reason to believe any of our systems internally were compromised). We will keep all of the members up to date as we investigate and follow up with authorities at https://www.us-cert.gov/report-phishing.
Director of MLS & IT for SFAR