Cyber criminals target mortgage transactions as they phish for a big catch
Buying a house is the biggest purchase most people make, with large amounts of money involved it’s not surprising that these transactions are attractive to cyber criminals.
Security specialist Barracuda Networks has released an analysis of a recent mortgage spear phishing attempt where an attacker attempted to divert a payment.
The scam works by sending an email, supposedly from the buyer's mortgage company, notifying a switch of banks and requesting payment be wired to a different account. In the stress of organizing a house purchase it's easy to see how people could fall victim to this type of attack. Though fortunately in the case Barracuda analyzed, the client opted to check before proceeding.
Similar scams have already been occurring in the UK with emails from solicitors being spoofed to trick users into making payments to fraudsters' accounts, as the Daily Telegraph highlighted last year.
"One of the reasons spear phishing continues to be so successful for criminals is because traditional email security gateways often fail to detect these highly-personalized, social engineering attacks," says Asaf Cidon, VP of content security services at Barracuda, writing on the company's blog.
Tips to guard against this type of scam include training people to spot the signs of an attack, but also implementing email technologies like link protection and DMARC authentication to protect against domain spoofing and brand hijacking.
You can find out more about this type of attack and how to combat it on the Barracuda Blog.