Cybercriminals are increasingly targeting MLS systems across the country, and Southwest MLS is no exception.

This year, MLS providers nationwide have reported a significant rise in attempts to gain unauthorized access to subscriber accounts. These attacks often begin with bad actors impersonating legitimate MLS subscribers and contacting MLS staff to request changes to account information, such as email addresses or phone numbers.

Once access is obtained, fraudsters may attempt to enter fraudulent listings, access roster and contact information, or misuse MLS data in other unauthorized ways.

How These Attacks Work

In many cases, attackers are well-prepared. They may provide convincing details such as a subscriber's license number, brokerage information, or other publicly available data to make their request appear legitimate.

One common tactic involves requesting that an account email address be changed from a brokerage or company domain to a personal email account. While not every request of this type is fraudulent, it should be treated with caution and verified before changes are made.

What SWMLS Is Doing

Protecting subscriber accounts and MLS data remains a top priority.

GAAR and SWMLS support staff have implemented verification procedures when processing requests that could impact account access. These additional safeguards help prevent unauthorized individuals from impersonating subscribers and gaining access to MLS accounts.

Steps Subscribers Can Take

Enable Multi-Factor Authentication (MFA)

Multi-Factor Authentication adds an important layer of security beyond a password. Even if someone gains access to your email address or password, MFA helps prevent unauthorized logins by requiring a second verification step.

If you have not already enabled MFA, we strongly encourage you to do so.

Verify Account Change Requests

Be cautious when requesting changes to your account information and expect additional verification from MLS staff. These security measures are designed to protect you, your brokerage, and MLS data.

Monitor Your MLS Activity

Review your account activity regularly and report anything unusual. Fraudulent listings, unexpected account changes, or unfamiliar login activity should be reported immediately.

Protect Your Credentials

Never share your MLS username, password, or authentication codes with anyone. Credential sharing is a major violation of SWMLS Rules and Regulations and may result in fines of up to $5,000.

A Shared Responsibility

MLS data is one of the most valuable tools available to real estate professionals. Protecting that data requires vigilance from both subscribers and MLS staff.

As phishing and impersonation attempts continue to increase nationwide, SWMLS will remain proactive in monitoring threats and implementing safeguards. Your attention to account security helps protect the integrity of the MLS and the valuable information it contains.

If you have questions about your account security or notice suspicious activity, please contact SWMLS Support immediately at 505-842-1433 (option 5) or support@swmls.com.