12/22/2023
I know this is a really long read, but hear me out...
An appraisal software company, ACI was recently compromised by hackers. They won't admit it, but it's happened. Real estate appraisers from around the Country are raising hell. This is delaying the closing of home sales everywhere!
Here is one appraiser's reply and the only reason I post it here is because it applies to everyone that uses the internet. Again, it's a long read:
"In light of ACI being down the last couple of days. I thought as a software developer I'd enlighten you to security risks, and no I'm not trying to sell anything.
Just for arguments sake, my experience with computers started in the late 70's when i ran an IBM 36 with 12" floppies for a bank operating under Unix. From there I started building PC's from parts, taught my self how to program in the late 80's, built and sold a property management software in the 90's, built a daily rental reservation software for STR's in the late 90's, built a cash register software in the 2000's, built Appraiser Genie in the mid 2010's and now I'm just about done with Freedom. I've written code in Pascal, C, C++, C #, Visual Basic, Java, Javascript, Kotlin, HTML, Flutter, Python and some I've probably forgotten. So I have a little experience with the things I'm talking about below.
1st- hackers don't really hack anymore. Servers have built in redundancies to block their attempts. That's why you see a 3 password attempt login before you are locked out for a while. Hackers in the old days, tried every word in the dictionary automatically to get into your device prior to the 3 login failure software.
2nd - hackers exploit vulnerabilities.
What's a vulnerability?
With nearly every game, quiz, etc. on social media, when you click ok to play, they get access to your account info where they can use this info, to reset passwords or use your email/photo to help the hacker reset your info on other servers where they can gain access to sensitive information.
Don't click on links of just about any kind, in emails, game downloads, photos, from people or companies you don't know. Now the hackers are spoofing email addresses of amazon, paypal, etc. and even text messages where they are going to help you with something and you unknowingly give them your password or email. look at this email link address. [email protected] is not an amazon address. for best protection, login under your usual method and don't use the link provided.
Employees/family/friends bringing thumb drives from home, where they have less security or no antivirus etc. It's a common mis-understanding that your home computer is more safe than a cloud server. If you buy a router at the store there are multiple ports open, unless you know how to close the ports you don't use, these are windows a hacker can come through to get to your desktop/laptop. Email and browsers typically use a specific port, so the extra ports you don't need. Literally, it's like keeping an unlocked window or door in your home, any one can walk right in. Always keep a firewall and anti-virus working on your computer and if you have a tech guy, see if he can close the unused ports. If you use the free or cheap anti-viruses you can expect problems. The anti-viruses that use heuristics actually analyze the problem and decide if it's risky or not. The cheap ones block everything or nothing and can interfere with your appraisal software.
Word docs and Excel docs can have macros that can be enabled to assist the hacker to get into your computer. If you get a warning by word or excel to approve anything other than editing or printing, beware. It's probably got a link to a dangerous site that is hidden in the code behind the spreadsheet. If the file wants you to approve a macro, delete the file before you approve anything, unless it's from a trusted source that tells you in advance that there is a macro in it.
Passwords. Everyone wants a password they can remember. The easiest ones are from the dictionary ie. "cookie", your hometown, date of birth, etc. Remember above when i talked about social media getting your info when you play games, etc. Now they have your personal info to help with resetting your password. This happens a lot in social media. Also don't store your passwords in your browser. Nothing can get to your computer from your browser without your permission, ie. downloads, run macros on excel, but anything in your browser is easy to get to for the hacker. Use a password manager that stores your passwords on your hard drive or their server. Especially one that encrypts your passwords etc. An encrypted file is nearly impossible to open without the correct password. That is why you can't get into your ACI files with another software, they are encrypted.
These are just a few tidbits to keep you from getting hacked at home. You as an appraiser keep confidential information, reports, bank account numbers, social security numbers, etc. that you don't want anyone to have access to. Using the methods I've outlined above will greatly reduce your risk of being hacked.
The best password is jibberish with numbers and special characters built in. An example is "!QZJ%WaKPEQ67ukr" that's an un-hackable password. I've used Roboform password manager for 20 years because there is no way I can remember that password, but I'm safe from anyone else getting it as well.
Hope this helps you in the future and it explains a little what happened to Servicelink and ACI recently."
