Real estate transactions are some of the higher value transactions performed by individuals and organizations. They often exceed hundreds of thousands of dollars in value, and for commercial properties, millions of dollars are quite normal. Many buyers and sellers are not familiar with what is normal when it comes to real estate transactions. Over the last few years, we have seen this exploited in a specific form of "Business E-Mail Compromise," where an attacker is injecting e-mails into conversations to trick the victim to transfer money to the wrong account. A weak link in this transaction is often the realtor. Realtor's e-mail addresses are easy to find. Many realtors work more or less on their own and do not benefit from a corporate IT department with security monitoring. Instead, they use public webmail systems and heavily rely on cloud-based file sharing systems and e-mail attachments to exchange documents. Recently, a realtor aware of this issue forwarded me the following exchange. Initially, the realtor received an e-mail that is very typical for the type of e-mail realtors receive from new clients:
The realtor sent more or less a standard reply:
Note that the realtor is asking for a mortgage pre-approval letter. This is a common "first step" to find out how much money the buyer can spend on a new house. Of course, James responded the next day: Thanks for getting back to me on my request to purchase a house and sorry for the late response . I have been busy with some project . I actually got your contact while looking for good realtors online . Presently i live in Palos Hills Chicago, but i wish to have a property in your state for Income Revenue.Am interested in purchasing a 3 to 4 bed room house with a large parking garage ( a house with a pool within our price range will be perfect ). I was told i needed pre approval so i obtained it from my bank. I have shared it with you as well as details on desired location and what I'm looking for via google docs . Check it and let me know so i can call you when i finish from meeting to decide when to come and view the property. Again, the e-mail is in-line with what you would expect from a buyer. Note the link to the "Approval Letter." This is where things get more interesting. The link went to http:// myrealestategoogldrive .atspace.cc/ . A fairly "plausible" URL for a link like this. There are dozens of different file sharing sites out there, and this hostname is certainly in line with what a realtor would consider normal. The site has been taken down now, but it offered a login screen asking for the realtor's webmail credentials. This is where the realtor contacting me got suspicious, so we do not know what "James" would have done with the credentials. But typically, the next steps involve:
The result, if successful, is that the buyer transfers money to the wrong account. Sadly, these wire transfers ("ACH Transfers") are often not reversible. The money will typically go first to a domestic account that "James" is monitoring, and as soon as the money arrives, it will be forwarded to a foreign account at which point the trail of the money often gets lost. Yes, the e-mails from "James" contain typos and bad grammar. But realtors will typically happily do business with you even if you are not an expert in the use of the English language. --- |
Johannes 4479 Posts ISC Handler Jan 10th 2017 |
Thread locked Subscribe |
Jan 10th 2017 5 years ago |
I work part-time as a real estate agent and full-time as a vulnerability assessor. At one point I was receiving 2-3 of these targeted emails every week. Fortunately I'm fairly quick to recognize things like this and just delete it, but if it's of interest to anyone I may have a few emails with pdf's attached in one of my email boxes.
|
Anonymous |
Quote |
Jan 10th 2017 5 years ago |
Great points. There are many sectors like realtors that are quite vulnerable, yet they are not aware. Blogs like this help get the word out.
Not to be a pessimist, but I doubt many realtors read this blog. The enemy is after professions like realtors, lawyers, accountants, etc., yet they don't realize the risks they take everyday with other people's sensitive information. Ignorance and complacency are enemies of security. My question is this: How do we get this message out to these groups? How do we help them understand the threats are real? Perhaps we can get security professionals to present at their trade shows and conferences. Also, security professionals need to take every chance they get to educate the masses. Security professionals, please use the great info provided by SANS to get the word out. Little steps go a long way. Otherwise, it's just preaching to the choir. |
Anonymous |
Quote |
Jan 10th 2017 5 years ago |
Sign Up for Free or Log In to start participating in the conversation!