Traditionally, when it comes to monetizing a real estate deal its all about location, location, location, but malicious actors are now targeting everyone from the home buyer to the lender to steal vital information.
Proofpoint recently looked at 600 real estate transactions came across six attacks targeting those involved that utilized a laundry list of techniques designed to gather login credentials or payment card and bank account information. The tools used included social engineering, phishing, malware, specifically banking trojans and information stealers, compromised personal and business landing pages, weaponized attached documents, email thread hijacking, phishing portals themed around individual agents/agencies and financial wire fraud.
In most cases several of these methods were combined to make a more powerful tool
The first three methodologies were all aimed at stealing a person’s Office login credentials. Each used a slightly different type social engineering message with the common theme that it would be of importance to a person involved in a home sale.
One was a fake Office 365 login page sent to a real estate firm CEO via a spear phishing email that attempted to harvest his credentials. The second used a spoofed real estate company login page requesting the recipient enter their Office 365 sign in info so they can view the attached document that was purportedly part of a real estate deal. The third was similar but sent to brokers at a specific nation-wide company telling the target they needed to sign in to view the attached document.
In another case the attackers used a similar social engineering scheme to entice the victim to download an attached document. Except in this case the threat actor was not looking for login information, but had attached a malicious document that would inject payment card and bank info-stealing malware onto the target system.
The final attack-type found also went after payment card data, but was a bit more straightforward merely being an email with the real estate company logo that contained a fake credit card authorization form asking for the person’s name, account number and CVV.
Proofpoint noted that since home sales and other real estate transactions are not only quite complicated, but also very stressful it leaves the participants open to t his style of attack. This means a higher level of caution needs to be in place throughout the deal.
This should include telling those involved to be on the look out for scams, using MFA for signing in to Office 365 or other productivity tools and verify with the named sender whether or not the document that was received is legitimate.