Security Awareness Training Blog

    Phishing Attacks Make Mortgage Wire Fraud Easier

    phishingvsspearphishingThe stress of obtaining a mortgage has just gotten worse, thanks to cybercriminals trying to con you out of your money.

    In new attacks targeting companies involved in the mortgage lending process, cybercriminals have found a lengthy, but very sneaky way to commit wire fraud at a time when tensions are high, and the victim is highly motivated to participate.

    Because many mortgage transactions complete with a wire of tens or hundreds of thousands of dollars, real estate firms, brokers, and other firms involved in closings have become the target of phishing scams aimed at obtaining credentials using fake sign-in pages.

    Once an account has been compromised, cybercriminals use the account to watch for high-value real estate transactions. With one identified, the buyer is sent an email pretending to be from their realtor, lender, or title company informing them of a last-minute change in the process – one that usually details the need for the buyer to wire funds to an account held by the cybercriminals.

    The credibility established in this scam is incredible – the email purports to be from someone known to be involved in the process, has the right dollar amount (obtained through use of the compromised account), and comes at the correct time, as the deal is about to close.

    The homebuyer falling victim to this scam can lose their money, the house (due to a lack of funds), and can expose their personal information. In most cases, the money wired is nearly impossible to recover.

    With wire fraud estimated to have cost consumers $5B since 2013, according to the FBI, this scam has only become easier to commit with the addition of the phishing attacks resulting in the compromising of mortgage professional credentials.

    There are two warnings here:

    1. Organizations involved in the mortgage process need to elevate their security awareness, looking out for phishing attacks aimed at stealing credentials.
    2. Consumers need to be made aware that the wire fraud email attacks exist, and that they should respond to such emails by picking up the phone and calling their lender.

     

    Return To KnowBe4 Security Blog

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews