IREM® member security: How your information is protected

Protecting member information is central to how IREM^® serves its community. As phishing and spoofed messages become more common, IREM uses multiple safeguards to help protect its systems, communications, and member data. For more information about how IREM collects, uses, and protects personal information, see IREM’s Privacy Policy in the footer of every page on its website. Members can help by staying alert to red flags and following a few simple security habits.

Behind-the-scenes security measures

IREM uses security measures across its on-premises environments and hosted services, supported by systems and alerts that monitor for suspicious activity. It also conducts regular penetration testing to identify vulnerabilities and strengthen defenses before issues can grow. This proactive approach supports faster detection, better logging, and ongoing security improvement.

How IREM helps prevent email spoofing

IREM uses email authentication standards aligned with best industry practices that include SPF, DKIM, and DMARC to help protect its domain from spoofing and impersonation. These controls enable receiving email systems to verify whether a message from an irem.org address is legitimate and whether it’s been altered. In practical terms, these authentication standards make it harder for bad actors to send convincing fake messages that appear to come from IREM.

How directory information is protected

Because IREM makes selected opted-in member contact information visible in its Member Directory, it also uses measures to reduce automated scraping and misuse. These include CAPTCHA protections, controlled click-to-reveal information, and techniques that make email addresses harder for bots to harvest at scale. These measures help preserve the directory’s value for legitimate member use while limiting mass collection of data.

5 ways to avoid phishing attempts

1. Be cautious with urgent requests, especially messages asking you to click a link, open an attachment, reset a password, or share personal or financial information.

2. Check the sender’s full email address and watch for misspellings, odd wording, or unusual formatting.

3. Be skeptical of messages that create pressure or seem out of character.

4. If something feels off, go directly to the official website instead of using the link in the message.

5. Use strong, unique passwords and enable multi-factor authentication wherever available.

IREM will never ask you to pay dues anywhere other than on irem.org.

Emails from IREM will always be sent from the email prefix @irem.org. Don’t engage with emails that seem to be from IREM but aren’t using this email address prefix.

Security is an ongoing effort. IREM continues to invest in protective technologies and monitoring, and members can help by staying alert to common phishing tactics. Together, those layers of defense support a safer online experience for everyone who engages with IREM.