Rightmove has announced that it will be starting a gradual roll-out of two-factor authentication within Rightmove Plus to help further protect agents against attempts by fraudsters to steal their leads and upload fake properties under their brand name.
Two factor authentication adds an extra layer of security as it asks an agent to enter their password and also enter a one-time passcode that is generated and sent to them separately.
Rightmove’s chief information security officer Tim Harding is urging agents to get their teams to adopt the enhanced security feature in Rightmove Plus as soon as it becomes available to them so that all branches can have greater protection.
He explained: “Since the start of the year we know of six estate agents that had their own email inboxes compromised, giving a fraudster access to their online accounts. We’ll be working with you over the coming months to add two-factor authentication to your Rightmove Plus accounts, to try and help protect you and your teams from incidents that could damage your brand reputation or that could lead to you having to report yourself to the Information Commissioner’s Office. We’re adding it to areas where there is a risk of personal data being accessed or where your property listings could be altered.
“We really need your help to make sure your teams understand the benefit it brings to them and why it’s so important to start using this added layer of security at a time when fraudsters are becoming more sophisticated and your teams are being targeted with increasing numbers of phishing emails. We know this will take a bit of time to get used to but we hope that many of you will already be using two-factor for other accounts such as online banking.”
The areas of Rightmove Plus that will have this additional level of security are:
- Lead Reports
- Opportunity Manager
- Viewings Manager
- User Management
- Add & Edit Properties
Rightmove also recently introduced a new system which automatically checks an agent’s password, and prompts them to change it if it has been involved in a previous breach from somewhere else online.
Rightmove offers the following advice to help protect your business:
‘Avoid reusing passwords across accounts: this is one of the main ways people’s online accounts get compromised. If you have used a password on multiple websites and one of them has a data breach then all of your online accounts could be at risk. The best thing you can do to guard against this is to use a password manager product, and use that to generate unique passwords for each website you use. You should also make sure you never use shared logins for accounts
‘Be wary of clicking on links or attachments: links in emails can direct you to ‘spoof’ sites that are looking to steal your passwords, and opening attachments could lead to malicious software being installed on your computer – so you should always be careful clicking on either, especially if the email is unexpected. If in any doubt it’s always best to go directly to the website in question in your browser rather than clicking the link – or at the very least hover your mouse over the link before clicking (this will show you where the link is actually taking you to).
‘With attachments, always make sure the software on your machine is kept up to date with security patches, and never enable macros in Word or Excel documents you receive that you are not expecting.’