With fraud and cybercrime becoming more commonplace, online security is increasingly important for individuals and businesses.
Between April 2018 and March 2019, over 740,000 crimes were reported to Action Fraud, with total losses in the UK totaling £2.2bn. Of those reports, 65% were from businesses and 35% from individuals*.
We’ve pulled together information to help you and your teams keep your accounts, including Rightmove Plus, safe. We also share advice for spotting and reporting suspicious activity.
*Source: Action Fraud https://www.actionfraud.police.uk/what-is-fraud
What can you do? |
Why is it important? |
|
1 – Avoid shared logins |
|
Having individual logins means if one person’s account is breached, the rest of your team will be able to continue working as normal, minimising the disruption to your business. |
2 – Use a strong, unique password on every account |
Whenever you login to Rightmove Plus, our security systems will automatically check your password strength based on the above criteria. If your password needs to be updated, you’ll see a red banner at the top of the page asking you to update your password to something more secure. |
A common method fraudsters use to gain access to online accounts, is to obtain a list of email address and use them in combination with the most common passwords and/or passwords which have previously been breached.
Using a secure password which does not appear on any of those lists makes it more difficult for fraudsters. By using a different password for every account, it ensures that if a fraudster does get hold of your login details for one account, they can’t use the same credentials to access any of your other accounts. |
3 – Stay one step ahead |
|
By increasing your awareness of the latest scams and using security software to notify you of suspicious activity, you can stay one step ahead of fraudsters. |
Under GDPR, you are the primary data controller of the personal consumer data that sits within your Rightmove Plus account.
According to ICO guidelines, this means “You must comply with, and demonstrate compliance with, all the data protection principles as well as the other GDPR requirements. You are also responsible for the compliance of your processor(s). Supervisory authorities (such as the ICO) and individuals may take action against a controller regarding a breach of its obligations.”
You can read more about the GDPR on the ICO website.
To keep your Rightmove Plus account secure:
Your leads can go to a shared inbox, but every member of your team needs their own Rightmove Plus login details.
This means if one person’s account is locked down due to suspicious activity, or if a member of your team with access to your branch leaves, your other team members will still be able to conduct business as usual with their own accounts.
As part of your membership, you can have as many users set up on your branch as you’d like. And with self service, you can even manage your branch user accounts yourself in real time. To request a new account for you or another member of your team, or to update your access level click here.
We also have some back-up security measures in place to help keep your account secure. If you have trouble logging into Rightmove Plus, it could be that one of these security measures has incorrectly identified fraudulent activity. Here’s how we can help you get back up and running:
[expandsub1 title=”Verifying your Rightmove Plus account” rel=”submenu-highlander” tag=”h6″]When you first login to Rightmove Plus, you’ll need to confirm your email address. This is to ensure that the only people who can access your branch on Rightmove Plus are those with permission, keeping your company’s data secure.
After you input your login details a message will appear saying you need to verify your account. You’ll be sent an email to the address associated with your Rightmove Plus account with details of how to do that.
If you see the verification message repeatedly this could be because:
What to do
We can help you or your IT team make sure these cookies are not cleared so you don’t have to verify your identity on this device/browser again – email us at customersupport@rightmove.co.uk to find out how to do it.
Verification links expire after 24 hours
To keep your account secure, the link in the email that verifies your Rightmove Plus login expires after 24 hours and can only be used once. If your link has expired, go back to Rightmove Plus and login – another email with a new link will be sent.[/expandsub1]
[expandsub1 title=”Accessing your Rightmove Plus account on multiple devices” rel=”submenu-highlander” tag=”h6″]You can login to Rightmove Plus on as many different devices as you like. The first time you login to a different device you will need to verify that it really is you logging in. See the above advice on verifying your account. [/expandsub1]
[expandsub1 title=”Using SMS based two-factor authentication (2FA) to access areas of Rightmove Plus that contain personal data” rel=”submenu-highlander” tag=”h6″]Two-factor authentication (sometimes called 2FA) is an added layer of security that we’re introducing to some areas of Rightmove Plus that contain personal data. We’re introducing an SMS based type of two-factor authentication.
SMS two-factor authentication means that to gain access to Rightmove Plus you need both:
You’ve probably used a form of two-factor authentication before – to log in to your online bank accounts for example.
How it will work when you access areas of Rightmove Plus that contain personal data:
You: Enter your login details and password as usual and access one of:
All other areas of Rightmove Plus will not require 2FA.
We: Send you a one-time passcode via text message to your mobile phone. The one-time passcode will be valid for 20 minutes.
You: Type in the one-time passcode and proceed as usual.
If you have further questions about two-factor authentication, you can visit our 2FA FAQs page here.
We can help if you have technical or practical challenges around you and your team adopting 2FA. We want to help you to take every step to reduce the very real threat to your business from fraudsters getting into your account. We’ve created a specialist team to help you 2FAHelp@rightmove.co.uk or phone us at 01908 712357.[/expandsub1]
[expandsub1 title=”What to do if your IP address is blocked on Rightmove Plus” rel=”submenu-highlander” tag=”h6″]We have systems in place to automatically detect and block IP addresses which have been used for suspicious activity, such as spamming other computers or visiting unsafe websites.
If you try to login to Rightmove Plus from an IP address which has been blocked, you’ll see a message saying your IP address doesn’t look quite right. On this page you’ll also be asked to complete a form, providing your details and a unique Access ID.
Once we receive your form, we’ll work with a third-party provider to investigate why your IP address was flagged as suspicious and determine whether it’s safe to unblock your IP address from accessing Rightmove Plus.
In the meantime, we recommend that you consult an IT professional to run a full virus check on your computer, to check for malware. [/expandsub1]
If your password does not meet the latest guidance or has been featured in a breach of another website, you’ll see a red banner at the top of the page, asking you to update your password. It’s important you do this immediately, to keep your account and all the data held within it secure.
When you reset your password, the system will automatically check your new password meets the latest security guidance and does not appear in a current global database of breached passwords.
It’s important you use a unique password for all your online accounts, including Rightmove Plus, and never share your login details with anyone else. See the “Online Security Checklist” above for more information.
We recommend you always access Rightmove Plus via the button in the footer of the Rightmove homepage, or a bookmarked link in your browser. See “How to identify phishing emails and websites” for more details.
If you receive a reset password email from Rightmove unexpectedly, do not click the link. Instead, send us an email on fraud@rightmove.co.uk with a copy of the unexpected email attached and we’ll happily check if it is genuine for you.
Your Rightmove Plus account hosts your leads, which contains personal data. Under GDPR, you are the primary data controller of the personal consumer data that sits within your Rightmove Plus account.
[expandsub1 title=”If a data breach occurs, you will need to:” rel=”submenu2-highlander” tag=”h6″]
[/expandsub1]
[expandsub1 title=”What to do if you suspect someone has access to your Rightmove Plus account” rel=”submenu2-highlander” tag=”h6″]
[/expandsub1]
It’s important you follow all the advice on this page to keep your Rightmove Plus account secure and avoid breaching GDPR.
As a back-up, we have also put in place measures to help identify and block fraudulent activity on Rightmove Plus, should a fraudster gain access to your account.
If our systems pick up suspicious activity on your account, we’ll take immediate steps to protect your data.
[expandsub1 title=”We’ll immediately switch off Rightmove Plus access for the affected user(s) while we investigate” rel=”submenu3-highlander” tag=”h6″]We do this to protect the personal data held within Rightmove Plus, as giving unauthorised access to this data is a breach of GDPR.
If your branch shares a log-in, this will mean your whole branch being made invisible on Rightmove until we’ve fully investigated the instance. That’s why we require you to create a log-in for each individual user, so that only the compromised user would have their access revoked and not the entire branch.
[/expandsub1]
[expandsub1 title=”After we’ve investigated the incident, we’ll make sure you reset your Rightmove Plus password” rel=”submenu3-highlander” tag=”h6″]We’ll also ask you to confirm you’ve changed your password on your email account and any other websites where you used the same password. If you didn’t previously have individual logins set up, you’ll need to create them before we put your branch back online.
We reserve the right to suspend the account of any agent who gives their Rightmove Plus account details away multiple times, as outlined in our terms and conditions.
[/expandsub1]
A common method for this is to send an email which appears to be from a person or brand you communicate with or use regularly, with a link to a website requesting you to login. When you input your login details, the fraudster gains access to your account, where they’ll be able to carry out fraudulent activity and access any additional data within that account. They may also attempt to use the same credentials to log-in to your other accounts.
[expandsub1 title=”Check the sender’s email address” rel=”submenu5-highlander” tag=”h6″]
[/expandsub1]
[expandsub1 title=”Watch out for unusual URLs” rel=”submenu5-highlander” tag=”h6″]
[/expandsub1]
[expandsub1 title=”Be wary of unusual requests in your leads” rel=”submenu5-highlander” tag=”h6″]
[/expandsub1]
[expandsub1 title=”Common characteristics of a phishing email” rel=”submenu5-highlander” tag=”h6″]
[/expandsub1]
[expandsub1 title=”Rightmove will never…” rel=”submenu5-highlander” tag=”h6″]
[/expandsub1]
A really simple way to save an email as an attachment, is to drag the email onto your desktop. This works on most laptops. You can then attach this to a new email like you would any other document.
Sharing this information with us helps us investigate and block potentially fraudulent activity as quickly as possible.
Head over to the Take Five website, led by UK Finance, and backed by the government, to take their quick fraud-spotting quiz and learn more about fraud prevention. Take the quiz.