Anatomy of Mortgage Spear-Phishing Campaigns


According to new numbers from the U.S. Commerce Department released recently, new home builds and sales are rising, which could mean a big opportunity for mortgages and unfortunately, cyber criminals.

Increasingly, malicious hackers are spoofing emails as part of a spear-phishing attack designed to trick home buyers into wiring money into the hacker’s bank account. The FTC even issued a consumer advisory, warning of scammers phishing for mortgage closing costs.

“Hackers have been breaking into some consumers’ and real estate professionals’ email accounts to get information about upcoming real estate transactions. After figuring out the closing dates, the hacker sends an email to the buyer, posing as the real estate professional or title company,” Colleen Tressler, Consumer Education Specialist, Consumer Education Specialist, FTC wrote.

The bogus email says there was a last-minute change to the wiring instructions, and tells the buyer to wire closing costs to a different account. But it’s the scammer’s account.

What are the most-clicked email subject lines for phishing attacks?

This nightmare scenario could have substantial financial consequences for the homebuyer, who could end up losing the house, a whole lot of money, personal information, and much more.

In a new report, phishing experts at Campbell, Calif.-based Barracuda Sentinel dissected a recent incident where an attacker attempted to interfere with a mortgage closure.

“Sadly, this is a real scenario, and as spear phishing attacks continue to increase — people, businesses, and brands should be on high alert,” Asaf Cidon, spear phishing behavior researcher for Barracuda, said. The recent attack attempt, made at the eleventh hour of a mortgage deal, tried to trick a home buyer into wiring a large payment into the wrong hands.

According to the case study, all seemed to be going according to plan until the day the buyers needed to wire funds. They received an email from their mortgage company stating they switched banks, and to follow the updated wiring instructions in the email attachment.

“This is certainly a curious message that should raise questions from homebuyers, especially considering that it’s asking for funds to be wired differently than what was originally expected,” the report conveyed. “There’s plenty of evidence that mortgage scams continue to bring in revenue for criminals so anyone buying a home needs to be aware of the risk.”

Fortunately, in this instance, the message raised a red flag and the client immediately called his mortgage agent to investigate before proceeding. “When the client took a closer look at the actual sender’s email address, the domain didn’t match the one listed in the real mortgage agent’s email signature. The attackers spoofed the domain to appear like it was an actual message from the client’s mortgage agent.” An easy way to tell if the domains match is to hover a cursor over the sender’s address and a window appears identifying the actual

Author: Amanda Walker

Share This Post On
Submit a comment

Submit a Comment