Like any industry, cybercrime has fads and trends. A recent trend in phishing attacks is especially dangerous for companies in the real estate sector and anyone in the process of buying real estate: phishing emails that look like mortgage documents.
These typically look like emails about closing documents with a link to a fraudulent website intended to steal your login credentials.
What is really scary about this trend is how good the emails look. In many cases, they’re coming from the real email addresses of people at real mortgage companies. They’re almost indistinguishable from real emails you’d get from these companies. This trend is especially dangerous for companies in the real estate industry and homebuyers—the people who are looking for and expecting to see these emails.
In some cases, cybercriminals are targeting mortgage companies, and getting access to their email accounts. They’re then using these real email accounts to launch new attacks. We’ve covered more about how this method is used in other attacks in this video.
It looks like the hackers are also using real emails to make the phishing emails look legitimate. They’re just replacing the URL in an existing email with the URL of a website that goes to a fake login screen, used to steal your credentials. Because they’re just replacing links in real emails, it’s almost impossible to spot these as a phishing attack.
Here are some real examples we’ve seen (click to expand):
What to Look For and What to Do
So how can you spot them? The biggest give away is getting an email about mortgage documents or a home warranty when you aren’t actively involved in the process of dealing with them. If you get an email about these, don’t click on any links and delete it.
If you are expecting an email about it, verify with the company (via a method other than email) that it’s real before clicking on anything. If you can log into whatever website it’s telling you to go to without clicking a link in the email, do that.
Look at the sender and any URLs. Does the sender email match the rest of the email? Hover over links—do the links actually go where they say they’re going? If you are unsure if it’s real, check in with your IT team. They can help you spot a fake. PTG customers—just open a ticket and we will check it out for you!
If you work for a mortgage company, or another company in the real estate industry, warn your clients about these scams up front. Have a voice conversation with them about what to expect from you and how to access files from you.
For everyone, we recommend implementing multi-factor authentication. It’s the best way to protect your account, even if someone gets your password.