Anatomy of a Rental Phishing Scam

Apartment building in Philadelphia, Pennsylvania.There was an unsuccessful phishing attempt that security professional Jeffrey Ladish almost fell for. Jeffrey was house searching and was looking on Craigslist and Zillow for rental properties in San Francisco. She then reached out to a beautiful property to inquire about a tour. Despite Jeffrey's experience being a security professional, she didn't realize that this wasn't a scam until the third email.

She documented her experience to teach that the best phishing attacks can look very convincing. You normally hear the words of caution to look out for poor grammar and formatting to protect against phishing. There are cases like this example of how sophisticated the bad guys can get to pattern-match legitimacy. 

Below is the screenshot of the listing Jeffrey noticed online:

And here was the initial email Jeffrey received: 

At this point, she still did not realize that this was indeed a sophisticated phishing attack. It was then that she spotted the third and now suspicious email: 

It is very clear that this was indeed a scam and that this hacker's backstory did not add up. 

To prevent you and your organization from ever falling victim to an attack similar to this one, it's important to always spot for red flags. According to Jeffrey she stated, "The first red flag was “So we’ll keep our communication to email if that’s ok with you”. The second was the weirdness about Airbnb. Why would they want me to pay through Airbnb? The third was the excessive amount of pictures to convince me this was a real person. If they were in fact a real person, why were they trying so hard to convince me?". Always stay vigilant of the warning signs. Does it seem like you're trying to be convinced that they're real? 

It's also important to implement new-school security awareness training for you and your end users. Through continual education, users can be taught be remain vigilant, especially in the face of any communications that could look very authentic. 

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews