Lenders, Stay Alert | Sophisticated Spear Phishing Mortgage Scams On the Rise

As an appraisal management company, Janus is particularly interested in helping our clients maintain regulatory compliance and helping them avoid potential pitfalls. As cybercrime becomes more prevalent and harder to defend against, both borrowers and lenders have to keep a critical eye on all communications and transactions. Most recently, spear phishing attacks targeting mortgage closures try to lure homebuyers into wiring funds into fraudulent accounts.

In a detailed report which includes images of emails from a real attempted spear phishing campaign, Mortgage Compliance Magazine examines some techniques used in these types of attacks and ways to detect a scam. “On the day that the buyers were set to wire funds, they received an email from their mortgage company stating that they switched banks, and to follow the updated wiring instructions in the email attachment,” the article states. “This is certainly a curious message that should raise questions from homebuyers, especially considering that it’s asking for funds to be wired differently than what was originally expected. Fortunately, in this instance, the message raised a red flag and the client immediately called his mortgage agent to investigate before proceeding.”

In addition to providing alternate payment instructions, the attacker pretended to be the homebuyers’ mortgage agent and even tried to mimic the agent’s real email address through a technique called “spoofing.” According to the article, “when the client took a closer look at the actual sender’s email address—the domain didn’t match the one listed in the real mortgage agent’s email signature. The attackers spoofed the domain to appear like it was an actual message from the client’s mortgage agent. An easy way to tell if the domains match is to hover your cursor over the sender’s address and a window will appear that identifies the actual address.”

While technology continues to advance, it is important for the mortgage industry to take proper precautions when it comes to cybersecurity and IT protections. “One of the reasons spear phishing continues to be so successful for criminals is because traditional email security gateways often fail to detect these highly-personalized, social engineering attacks.” Janus AMC encourages all clients to revisit internal system securities and to discuss potential risks and strategies of defense. Check back here soon for industry updates regarding developments in cybercrime.

Sign up to receive the latest industry news and updates.