The stress of obtaining a mortgage has just gotten worse, thanks to cybercriminals trying to con you out of your money.
In new attacks targeting companies involved in the mortgage lending process, cybercriminals have found a lengthy, but very sneaky way to commit wire fraud at a time when tensions are high, and the victim is highly motivated to participate.
Because many mortgage transactions complete with a wire of tens or hundreds of thousands of dollars, real estate firms, brokers, and other firms involved in closings have become the target of phishing scams aimed at obtaining credentials using fake sign-in pages.
Once an account has been compromised, cybercriminals use the account to watch for high-value real estate transactions. With one identified, the buyer is sent an email pretending to be from their realtor, lender, or title company informing them of a last-minute change in the process – one that usually details the need for the buyer to wire funds to an account held by the cybercriminals.
The credibility established in this scam is incredible – the email claims to be from someone known to be involved in the process, has the right dollar amount (obtained through use of the compromised account), and comes at the correct time, as the deal is about to close.
The homebuyer falling victim to this scam can lose their money and the house due to a lack of funds, and can expose their personal information. In most cases, the money wired is nearly impossible to recover.
With wire fraud estimated to have cost consumers $5B since 2013, according to the FBI, this scam has only become easier to commit with the addition of the phishing attacks resulting in the compromising of mortgage professional credentials.
There are two warnings here:
- Organizations involved in the mortgage process need to elevate their security awareness, looking out for phishing attacks aimed at stealing credentials.
- Consumers need to be made aware that the wire fraud email attacks exist, and that they should respond to such emails by picking up the phone and calling their lender.
Cyber-attacks are rapidly getting more sophisticated. GDR Group will help train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now and email firstname.lastname@example.org to request a quote for security awareness training for your organization.