At Lofty, we prioritize the security of your website and the protection of your business. Our team is continuously working to enhance the security of all websites hosted on our platform to ensure that you, your clients, and your leads are protected from potential threats such as spam and fraudulent activities.

While no website can be 100% immune to unwanted traffic, Lofty has taken several important measures to safeguard your site. This article outlines what Lofty is doing to secure your website and provides tips on how you can defend against fraudulent lead registrations and other malicious activities.

Summary

• Lofty's Two-Layer Security Approach
• • • Front-End Security Layer
    • Back-End Security Layer
• How You Can Defend Against Fraudulent Leads
• Be Cautious with Off-Platform Communication
• Lofty’s Commitment to Your Security

Lofty's Two-Layer Security Approach

Lofty implements a robust two-layer approach to protect your website, comprising both front-end and back-end security measures. These layers work together to mitigate potential threats while ensuring that your website remains accessible to legitimate visitors.

Front-End Security Layer

In the front-end security layer, Lofty configures a set of Web Application Firewall (WAF) rules designed to filter out unwanted traffic, including spam crawlers and junk requests. These rules help prevent malicious activities before they even reach your website's core systems.

• Blocking Unauthorized Access: Traffic from certain regions or countries unlikely to have a legitimate interest in U.S. or Canadian real estate is blocked, reducing exposure to spam and fraudulent leads.
• Preventing Exploits: Lofty blocks illegal requests attempting to exploit system vulnerabilities or disrupt operations. This includes shielding your site from common web-based attacks, such as SQL injection or cross-site scripting (XSS).
• Mitigating DDoS Attacks: If a request matches the criteria of a Distributed Denial of Service (DDoS) attack, it is immediately blocked, preventing attackers from overwhelming your site with a flood of illegitimate traffic.

When a request is flagged by our WAF, it is responded to with a 403 Forbidden status, effectively preventing the traffic from proceeding further. 

Back-End Security Layer

In the back-end security layer, Lofty performs thorough analysis and filtering of traffic that passes through the initial front-end defenses. This layer involves:

• Monitoring Access Logs: We continuously monitor access logs to identify suspicious IP addresses that may be attempting to disguise themselves as legitimate users. If a potential threat is detected, users from these IPs are blocked.
• Regular Rule Updates: Our security engineers periodically review and update our WAF rules based on new findings and trends, ensuring that our defenses remain effective against evolving threats.

This two-layered approach ensures that for the most part, only legitimate traffic gains access to your website, while suspicious activity is filtered out and handled appropriately.

SSL Encryption

All Lofty websites come with SSL (Secure Sockets Layer) encryption, which secures the transmission of data between your website and its visitors. This encryption ensures that sensitive information, such as login credentials and personal details, is protected from interception by unauthorized parties.

Secure Hosting on AWS

Lofty websites are hosted on Amazon Web Services (AWS), a leading cloud platform known for its robust security infrastructure. Hosting on AWS ensures that your website benefits from industry-leading measures that prioritize data integrity, availability, and security.

How You Can Defend Against Fraudulent Leads

Even with these security measures in place, fraudulent leads may still find their way through. Here are some steps you can take to protect your business from potential threats:

Be Cautious with Off-Platform Communication

If a lead requests communication via non-traditional methods, such as WhatsApp, take extra care to verify their identity. Fraudsters often use off-platform channels to avoid detection.

Watch for Red Flags

Fake leads often include incomplete or suspicious information. Pay attention to:

• Names that seem generic or fake.
• Emails from suspicious or random domains.
• Phone numbers that don’t correspond to the expected area or country code.

Validate Lead Intent

Some fraudulent leads may appear interested in your services but quickly shift the conversation to irrelevant topics, like personal information or financial details. Be cautious and always verify a lead’s intent before engaging further. 

What to Do If You Encounter a Fraudulent Lead

If you suspect that a lead is fraudulent, follow these steps to protect your business:

• Do Not Engage: Avoid responding to the lead or providing additional information.
• Report the Lead to Lofty: Notify Lofty support immediately. Provide us with the lead’s details so that we can investigate and take action.
• Flag Suspicious Emails: If you receive a phishing attempt through your website, mark the email as spam in your email client to prevent future attempts.

Lofty’s Commitment to Your Security

Lofty is committed to keeping your website secure by continually monitoring and enhancing our platform's defenses. By following these best practices and staying vigilant, you can help protect your website from fraudulent activities.

Questions?

If you have any questions regarding this topic or any others, please reach out to our Support Team via email at <support@lofty.com>, by phone at 1 (855) 981-7557, or by chat with us through your Lofty CRM.