Rightmove pledges to keep data access restriction under review

Rightmove has promised to keep its restrictions on access to Rightmove Plus under review - and says it’s aiming to help agents, not hinder them.

Yesterday EAT reported the anger of some agents who found they could not access the back end of the portal last weekend, because of restrictions introduced to combat phishing attacks.

Specifically the restrictions mean agents can access RM+ ‘Add & Edit properties’ only between 6am and 10pm Monday to Saturday, and ‘Lead reports’ between 6am and 10pm weekdays only.

Rightmove says giving advance notice of the restrictions would have diminished their effectiveness.

Now Rightmove’s chief information security officer, Tim Harding, has given EAT readers a full explanation of the restrictions, and advice to maintain their own security.

He says: “All businesses today, including estate agency, are suffering from sustained phishing and other attacks designed to steal log-in information. And fraudsters are getting even more sophisticated.

“Looking at just the first two months of this year, we know of six estate agents who have had their own email inboxes compromised, giving the fraudster access to their online accounts. At least one of them had to report themselves to the ICO.

“Attackers have successfully gained control of agent’s email inboxes, listings and leads, and so we’ve taken the unusual step of restricting use of Rightmove Plus outside of usual working hours to protect agents and their customers from the very real threat of fraud.

“We’re sorry we didn’t let agents know about this in advance, this was a mistake. We’re talking to those agents that do use their account outside of the usual working hours and if you also do then please let us know. We’ll be keeping this change under constant review to make sure it’s helping rather than hindering.

“We have more security measures in development at the moment. We’ll be asking agents for feedback about these and what would work best for them in the coming weeks.”

Rightmove’s advice to protect your business:

- Avoid reusing passwords across accounts: this is one of the main ways people’s online accounts get compromised. If you have used a password on multiple websites and one of them has a data breach then all of your online accounts could be at risk. The best thing you can do to guard against this is to use a password manager product, and use that to generate unique passwords for each website you use;

- Be wary of clicking on links or attachments: links in emails can direct you to ‘spoof’ sites that are looking to steal your passwords, and opening attachments could lead to malicious software being installed on your computer – so you should always be careful clicking on either, especially if the email is unexpected. If in any doubt it’s always best to go directly to the website in question in your browser rather than clicking the link – or at the very least hover your mouse over the link before clicking (this will show you where the link is actually taking you to). With attachments, always make sure the software on your machine is kept up to date with security patches, and never enable macros in Word or Excel documents you receive that you are not expecting;

- Use two-factor authentication on accounts where it is available, for example on your company’s email and social media accounts.