At this point in time, with 10 years of phishing attack analysis under our belt, we can predict with a high reliability level what will be showing up in the near future. We see two scams that will be extremely popular during the rest of 2020. We will cover the first one in this blog post, the other one in a few days.
With so many individuals out of work, furloughed, and having trouble keeping up with mortgage payments, I predict we’re going to see a resurgence of this scam.
We haven’t seen much by way of scams seeking to bail out distressed homeowners in a few years, as after the recession in the late 2000’s the mortgage industry has been working without issue. But, as the mortgage industry prepares for mortgage fraud in the form of borrowers misrepresenting income, those who haven’t been able to pay their current mortgage will be susceptible to new mortgage “rescue” scams - ones that claim to be able to help fend off foreclosure, refinance anyone, and generally improve the financial situation of those with many missed payments.
My expectation of mortgage rescue scams during the rest of 2020 is that it not only seems possible, but highly probable.
And it’s not just those that are in a financial strain that may be targeted; the pandemic has led to government programs that augment unemployment, provide payroll protection to organizations, and other financial instruments that have no strings attached.
The existence of – and familiarity with – this new “norm” of government assistance is all that’s needed by cybercriminals to phish the average person with promises of a new government program designed to help them payoff their mortgage, catch up on payments, etc.
We’ve seen recent scams that impersonated government websites, so the idea of a scammer sending an email purporting to be from a department within the government and then taking the victim to an “official” website to collect personally identifiable information, credit card details, etc. is extremely plausible.
Organizations are equally at risk – with 55% of employees using employer-provided devices while working from home, using these same devices for personal needs as part of a work/life balance, the possibility for malware in all its’ forms to be successfully installed on one of these devices is also very probable, putting the organization at risk.
Individuals who are undergoing financial strain with their mortgage payments should proactively contact their lender to seek whatever remedies are available. Organizations looking to reduce the likelihood of their users falling for these social engineering scams should offer the same advice and roll out continual Security Awareness Training to educate users about any new scams (including inoculating employees against the mortgage rescue scams before they shop up in a few months) and how to avoid becoming the scammer’s next victim.
