Phishing Attacks Make Mortgage Wire Fraud Easier



phishingvsspearphishingThe stress of obtaining a mortgage has just gotten worse, thanks to cybercriminals trying to con you out of your money.

In new attacks targeting companies involved in the mortgage lending process, cybercriminals have found a lengthy, but very sneaky way to commit wire fraud at a time when tensions are high, and the victim is highly motivated to participate.

Because many mortgage transactions complete with a wire of tens or hundreds of thousands of dollars, real estate firms, brokers, and other firms involved in closings have become the target of phishing scams aimed at obtaining credentials using fake sign-in pages.

Once an account has been compromised, cybercriminals use the account to watch for high-value real estate transactions. With one identified, the buyer is sent an email pretending to be from their realtor, lender, or title company informing them of a last-minute change in the process – one that usually details the need for the buyer to wire funds to an account held by the cybercriminals.

The credibility established in this scam is incredible – the email purports to be from someone known to be involved in the process, has the right dollar amount (obtained through use of the compromised account), and comes at the correct time, as the deal is about to close.

The homebuyer falling victim to this scam can lose their money, the house (due to a lack of funds), and can expose their personal information. In most cases, the money wired is nearly impossible to recover.

With wire fraud estimated to have cost consumers $5B since 2013, according to the FBI, this scam has only become easier to commit with the addition of the phishing attacks resulting in the compromising of mortgage professional credentials.

There are two warnings here:

  1. Organizations involved in the mortgage process need to elevate their security awareness, looking out for phishing attacks aimed at stealing credentials.
  2. Consumers need to be made aware that the wire fraud email attacks exist, and that they should respond to such emails by picking up the phone and calling their lender.

Topics: Phishing

Subscribe To Our Blog


Domain Spoof Test Contest




Get the latest about social engineering

Subscribe to CyberheistNews