Type 3: Spelling (adding -ed or -ing)

Type 3: Spelling Homophones 4.6

Type 3: Spelling with /j/ and /s/ (6.6)

Type 3: Spelling Test 2-25

Type 3: Spelling 5.11 (Changing final y to i)

Type 3: Spelling with long e

How is personal data collected? There are several ways that an unauthorised person can try and collect your data. These include: •phishing •smishing •vishing •pharming. Phishing Phishing is when a person sends a legitimate looking email to a user. The email contains a link to a website that also looks legitimate. The user is encouraged to click the link and to input personal data into a form on the website. The email could also simply ask the user to reply to the email with their personal data. The user is tricked into giving their personal data to a source that they believe is legitimate. However, both the email and the linked website are from a fake unauthorised source. The personal data that is input is then collected by an unauthorised person. This person can then use this data for criminal acts, for example, to commit fraud or steal the person's identity. Intimidation has become a common feature of phishing emails, threatening the user that they must click the link and rectify a situation immediately, or there will be a further issue. The aim of a phishing attack is to steal the user's personal data. Figure 5.1: Phishing. A real-life example of phishing PayPal have been the subject of several different phishing emails. Users receive an email that looks as though it has been sent from PayPal, as it has the PayPal branding. The email normally warns of an issue such as unexpected activity on their account, or that some kind of verification of their account is required. The user is then asked to click a link to log into their account and resolve the issue. The link takes them to a webpage that looks like the PayPal login page. If the user inputs their login details into this page, they will not be taken to their account. It is often at this stage that the user may realise that the email and webpage are fake. However, they have already given the unauthorised person their PayPal login details. Figure 5.2: An example of a phishing email claiming to be from PayPal. How to recognise phishing There are several guidelines to be aware of regarding emails to avoid being subjected to phishing. These include: •Don't even open an email that is not from a sender that you recognise or a trusted source. •Legitimate companies will never ask you for your personal data using email. Be immediately suspicious of any email that requests your personal data. •Legitimate companies will normally address you by your name. Be suspicious of any email that addresses you as ‘Dear Member' or ‘Dear Customer'. •Legitimate companies will send an email that uses their domain name. If you hover your mouse over the sender's name, it will show the email address that the email is sent from. If this does not look legitimate, for example, does not contain the correct domain name, then it is probably fake. For example, if the sender's email is user@paypal1.com rather than user@paypal.com, this is from an incorrect domain name. •Legitimate companies are protective of their professional reputation and thoroughly check any communications. They will make sure that all information given is grammatically and correctly spelt. Be suspicious of any email that contains bad grammar or spelling mistakes. •A link in an email from a legitimate company will also normally contain the domain name of the company. You can sometimes hover over the link, or right click and inspect the link, to see the address of the URL that is attached. If the URL does not contain the domain name, or also contains typical errors such as spelling mistakes, then be suspicious of this. PRACTICAL ACTIVITY 5.02 Ask a friend or a member of your family if they have ever received an email that they believed was a phishing email. Ask them how they identified it was phishing. Ask them if they know all of the given guidelines for identifying phishing emails. Smishing Smishing (or SMS phishing) is a variant of phishing that uses SMS text messages to lure the user into providing their personal details. The user is sent an SMS text message that either contains a link to a website, in the same way that phishing does, or it will ask the user to call a telephone number to resolve an urgent issue. The same advice can be followed for smishing as given for phishing. The user must question at all times any links that are sent from an unknown or suspicious user. It is advisable that if a user believes the message may be legitimate, to type in the domain name for the legitimate company website into their web browser, rather than following the link in the message. Users should block any numbers that they believe are suspicious to prevent any further risk of smishing from that number. Figure 5.3: Smishing. Vishing Vishing (or voice phishing) has the same aim as phishing, to obtain a user's personal details. The user receives a telephone call that could either be an automated system or could be a real person. An automated voice could speak to the user and advise them that an issue has occurred, such as there has been suspicious activity regarding their bank account. The user may then be asked to call another number, or just to simply press a digit and be directed to another automated system. This system will ask them to provide their bank account details to resolve the issue. The bank account details have then been obtained by the unauthorised user and can be used to commit a crime against the user. The automated system could be replaced by a real person who will try to do the same thing. They will try to convince the user that there has been an issue with an account they have and to provide the log-in details or PIN for the account to verify who they are so the issue can be resolved. The precaution to take for vishing is that no company will ever call you and ask you to provide any log-in details or PIN details over the telephone. They may ask you to provide other personal information, and if you are in doubt that the person on the other end of the phone is legitimate, it is always advisable to put the phone down and call the company back on a legitimate number that you may already know or can obtain. Figure 5.4: Vishing. Pharming Pharming is when an unauthorised user installs malicious code on a person's hard drive or server. The malicious code is designed to redirect a user to a fake website when they type in the address of a legitimate one. The fake website is designed to look like the legitimate one, to trick the user and make sure they are not aware that their request has been redirected. The user will then enter their personal details into the fake website, believing it is the legitimate one, and the unauthorised person will now have their personal data. A common technique used in pharming is called domain name server (DNS) cache poisoning. This technique exploits vulnerabilities in the DNS and diverts the internet traffic intended for a legitimate server toward a fake one instead. The unauthorised user needs to find a way to install the malicious code on the computer. They often hide the malicious code in an email attachment or link. When the user opens the email attachment or clicks the link, the malicious code is downloaded also. Figure 5.5: Pharming. The aim of a pharming attack is also to steal a user's personal data. A real-life example of pharming In 2007 50 different companies all over the world were subject to a pharming attack, these included PayPal, eBay, Barclays bank and American Express. Over a three-day period, hackers managed to infect over 1000 PCs a day with a malicious pharming code. When users who had been infected visited the websites of the different companies, they were redirected to a legitimate-looking version of the site that was designed to steal their personal data. The original email, containing the malicious code, was set up to look like a shocking news story. Users were encouraged to click a link in the email to find out more information. The code was downloaded when the user clicked the link. This was quite a sophisticated attack that required legitimate looking websites to be set up for a large number of companies. It is not known how much money the hackers were able to retrieve as a result. How to prevent pharming All of the guidelines to avoid being subjected to phishing are also relevant for recognising pharming. There are also several other precautions that can be taken to check for pharming attacks. These include: •Have a firewall installed and operational. A firewall monitors incoming and outgoing traffic from your computer. It checks this traffic against set criteria and will flag and stop any traffic that does not meet the criteria. A firewall could detect and block suspicious traffic, such as a malicious code trying to enter your system. •Have an anti-virus program installed that is designed to detect malicious pharming code. You need to scan your computer on a regular basis to check for any malicious code. It is advisable to set up an automatic scan on a daily basis at a time when your computer will normally be switched on. •Be aware when using public Wi-Fi connections. A hacker could look to directly access your computer and install the malicious code if you are connected to a public Wi-Fi connection. It is often advisable to use a VPN when using public Wi-Fi. This will help shield your internet activity and personal details from a hacker, making it more difficult for them to access your computer. Smishing can also be used as a form of pharming. A user is sent a link, that when they click is designed to download malware onto their mobile device. Therefore, it is advisable to have security software installed on your mobile and also scan it regularly to detect any presence of malware.

Stages in the Sale of a Property Stage 1 – Getting to Instruction • Initial contact with the vendor: need to check the following: type of property, contact details of vendor, address of property/Eircode and purpose of the contact - sale or valuation? If a sale, does the vendor need a quick sale? Qualify the lead i.e. is the vendor buying another property? If an investment property, is the tenant in situ? Check if there is a folio number available and confirm the ownership of the property. Schedule the viewing. • Pre-viewing: Set up a file & record all info from initial contact on CRM system. Check the Property Price Register to help get a general idea of property valuation (subject to viewing, helps to display knowledge of area/market and set expectations for the vendor). Nature of property may affect pricing e.g. starter home vs. larger property with vendor seeking to downsize. Consideration for comparables may include similar/same location, size and condition of property, availability and type of parking, layout of property, plot size, orientation of garden, extensions undertaken etc. Nature of market conditions, state of wider economy, cost of capital and availability of credit may also be factors. • Appraisal/viewing: Bring an advertising pack/sales & marketing brochures. Walk through property with client, note nice features/selling points for the brochure, let the client talk about upgrades/specific features of the property. It is very important to listen to the vendor and build rapport. Confirm property details e.g. condition and layout, plot size, orientation of garden. Check for certificates of compliance for any extensions, planning permissions for conversions, right of way if applicable etc. Check if a BER available/provide details for approved assessors. Demonstrate your/the practice’s professional expertise, justify why you should get the instruction, discuss recent local sales and give your potential valuation. Discuss the sales fee, marketing fee and any additional charges e.g. professional photography, drone footage, virtual tours (walkthrough video, Matterport etc.) Ask how the vendor heard about you/your practice and why are they considering you for the sale. Where appropriate offer advice to help vendor increase potential sales price. (If possible, leave with signed Property Services Agreement/Letter of Engagement.) Thank you, send/email market appraisal, any queries/questions do get in touch and let the vendor know that we’ll be in touch in coming days. • Post appraisal – letter sent that pm/next morning with market appraisal; diary note to follow up. Check that market appraisal letter received and check for questions. If did not get sale, find out why not/debrief. If get the sale, email confirmation of instruction. Once PSRA sent and LOE returned signed = stage 2. Other details required – ID, proof of address, proof of ownership/title, solicitor details, BER certificate (refer to assessor if not available). All these should be uploaded to CRM. Stage 2 – Getting to ‘Sale Agreed’ Set up appointment to measure & photograph, note any special features e.g., upgraded kitchen, south-facing garden. Provide ideas for improving sales potential (declutter, painting, tidy garden etc. Check if has vendor potential buyers in mind already e.g., relations, friends, other parties interested. Seek vendor approval for photos/text of brochure. Check for access (tenants in situ/working from home etc) and confirm viewing times. If given a key for viewings – tag it! Check alarm codes & whether a sign is allowed on the property. Bring to market – upload to all websites e.g., daft/my home, in house websites and create window display. Match the property against your internal database of potential purchasers /CRM system. Set up appointments for viewings on CRM or arrange for open viewings. Confirm viewings with vendor & purchaser. Turn on lights, open windows, secure valuables, leave out brochures & business cards, bring viewings sheets to keep record of attendees. Introduce yourself and get attendee details. Let people view the property and address any questions. Point out key features. Record questions to be answered and any feedback from viewers. Ask are they selling property? Let viewers know of offers already received. Lock up/alarm property/close windows. Provide vendor with feedback on viewings - number of viewers / questions raised/overall reaction to property. Offers should be confirmed in writing & upload to on CRM/ offers will be input by bidders onto online bidding platforms ‘Proof of funds’ required for offers in some practices. Successful bidder will be chosen by vendor, who might want quick sale/no chain or prefer the highest bidder. Booking deposit will be sought from successful bidder. The amount varies by practice but must cover fees. Sales Advice Notice/letter should be sent to both solicitors (and may be cc’d to vendor/buyer or notify both that SAN have gone out). Booking deposit receipt should be issued. The BER certificate and report should go to the solicitor. Send requests for docs/info to successful bidder including steps they need to take to progress sale e.g., organise the bank valuation and/or schedule the survey. Once the deposit is paid the property is Sale Agreed, inform other bidders, and update all websites/sales board etc. Stage 3 – Getting to closing Access should be organised for the bank valuation/survey. Stay in touch with both solicitors ‘contract-chasing’ i.e., check when contracts are issued, signed and queries answered. Legal searches undertaken by the solicitors may include checking boundaries, land registry, title, rights of way, compliance certs etc. When contracts are signed 10% purchase price/booking deposit should be sent to the vendor’s solicitor. Once all queries satisfied = drawdown of mortgage/funding, house/life insurance in place. Title deeds will be requested once contract is signed. Decide final closing date. Check that the property taxes have been paid. Check that vendor has vacated the property. When vacant, conduct the final walkthrough and take final readings (MPRNs ). Check with solicitor if the drawn down funds h, and once received the solicitor gives authorisation to the estate agent to release the keys. The agent will do up invoice, send the balance of funds to solicitor and provide gift to purchaser. Finally remove sign, mark as sold on CRM, seek testimonials, upload to social media and close a/c on CRM

Related quizzes

Related quizzes