This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
09/13/2018
Beware the Homeless Homebuyer Real Estate Scam!
The State of Security
Security professionals are warning users who are or soon will be engaged in real estate transactions to watch out for the “homeless homebuyer” scam.
On 10 September, Verdict built upon its coverage of account takeover attacks found in its threat insight magazine Verdict Encrypt to discussthis particular scam.
The homeless homebuyer ruse first begins with an attack targeting a real estate agent. Per enterprise security firm Proofpoint, such an attack may take the form of a malicious email document that delivers a remote access trojan (RAT) or an infostealer. Bad actors may then leverage a successful malware infection to conduct a business email compromise (BEC) attack so that they might seize control of the agent’s email account and steal customers’ information, including when a particular homebuyer might be closing on a house and the amount they will pay.
Next, the digital attackers will inject themselves into the real estate transaction by abusing the compromised real estate agent’s email account to send a email. That message will oftentimes contain instructions for the homebuyer to send their down payment to an account under their control. Believing the email to be legitimate, the homebuyer will send their payment and in so doing could lose a significant chunk of money to the bad actors.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information