Does your home need updating to sell, but you don't want to do the renovation?  We have cash buyers who will buy your home!

October 25, 2016

Where does that TinyURL link go to and how to spot a potential attack

All,

Today I received the listing agent's dream email!  An over full price CASH offer on a new listing with no inspection contingencies!  Most agents would say "Time to break out the champagne!" then why am I saying "Something doesn't smell right here"?

Let's take a look at the email, shall we?  I've blacked out some identifying information.

Where does that TinyURL link go to and how to spot a potential attack 1

First off, I receive a contact yesterday from "HomeSeekers", one of the syndication partners our MLS sends our listings to without our knowledge, consent or ability to control.  It was simply the default "I have questions" box filled in.  I replied with an email asking to setup a time to talk and I got this email back today.  So that has me a little suspicious, afterall why is a BROKER using this website instead of the MLS?

In reviewing the email, the English is pretty good (with a few minor grammatical errors), however half of the email (where agents typically try to sell me on their clients) is all about how great and trustworthy Google Docs and Dropbox are.  Ok, I'm a former IT guy of 15 years... with 10 of those working for Fortune 100 (and Fortune 50) companies doing their Information Security.  I don't need to be sold on Dropbox/Google Docs, however the convention (since emails and PDFs were common) is to attach the offer as a PDF, but who am I to question the forward progress of technology?  Of course, it is right to question why a Broker with a company is using an ADPPaySheet.net domain (which goes to the ADP payroll company).

 

So now I check the links by hovering over them.  I expect to find links to "Docs.Google.com" and "Dropbox.com" however I find TinyURL.com links instead!!  Now what are the two main reasons to use a link shortener?  I know!  The primary reason is to make links that fit easily into social media posts and riders for signs or advertising.  Ok, that's legit... but what about the second reason?  The second reason for using these is to OBFUSCATE (hide) the end URL from the person clicking the link!  The last five years finishing out my IT career, I taught information security basics to all new hires for several local hospitals.  One of the topics was expanding these URLs before clicking on them.  Using "GetLinkInfo.com" I expanded the two links and found the below information:

First, how to use the site:

Go to the GetLinkInfo.com website and put the shortened URL in question into the box below the logo and click the "Get Link Info" button.

Where does that TinyURL link go to and how to spot a potential attack 2

The results I got from the Google Docs link:
Where does that TinyURL link go to and how to spot a potential attack 3
YIKES!  Not only does the URL point to some really bizzare website that definitely ISN'T Google Docs, it has four "Unsafe" warnings, including the TinyURL links themselves!  That is four more than I like to see at all!

Ok now, I go back to the home page and try the Dropbox link:
Where does that TinyURL link go to and how to spot a potential attack 4
WOW!!  This one is EVEN WORSE!  This time the TinyURL links themselves were safe, but what they pointed to was no and even threw up a suspected phishing page warning!

Talk about your RED FLAGS!!!
So what's a Realtor to do now?  I need to keep my client's best interests at heart here.  Well, what I've always taught is to contact the sender through another means to verify the legitimacy of the email.  So I went onto our state's licensing site and verified that the Broker in the email was in fact licensed and was in charge of the agency listed, had a good number of agents under him and that the address of the office matched the address listed in the email.  Please keep in mind that the office is in Orange County CA and I'm in Ventura County, CA.  There are two to three counties between us and it's a good three hour drive in light traffic to get to his county (not neccessarily his office).  I then went and independently Googled the office and called them directly, leaving a message for the Broker to validate the email (or to inform him of someone using his name illegally, if the email is not legit).

 

I hope that this blog helps you if you ever find yourself in a similar situation.

 

My best,

Ryan

Listings

Active Listings
711 Bluebonnet Ct. in Thousand Oaks

4+2 Remodeled Single Story Pool Home
Click for More Details
Coming Soon
1449 La Jolla Dr., Thousand Oaks
Conejo Oaks Sign for 1449 La Jolla Dr.
4+2 Single Story in the prestigious "Conejo Oaks" neighborhood
Follow the progress and get on the waiting list!
Recent Sales
3490 Pine View Dr., Simi Valley
SOLD! Simi Valley 4+3 Remodeled Single Story Home with Gated RV! 3490 Pine View Dr. in Simi Valley
4+3 Remodeled Single Story Home with 15,000+sf lot and gated & paved RV parking!
Click Here for more details
30666 Passageway Pl., Agoura Hills

"Lake Lindero" One of a Kind View Home! 4+3 Two Story home with INCREDIBLE Lake Views!
Click Here for more photos of this amazing view!

Recent Posts

Huggins Homes

A Boutique Agency With Over 30 Years Experience Providing Personalized Consulting And Comprehensive Real Estate Services To Buyers And Sellers.
© Copyright 2015 forward - All Rights Reserved
For media inquiries about the Ventura County real estate market, real estate investing or house flipping, please contact Ryan Huggins at 805.905.4000
805.905.3000Ron@HugginsHomes.com
805.905.4000Ryan@HugginsHomes.com
envelopephone  linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram