Cyber-criminals are leveraging on the shift from pen and paper to electronic signatures in real estate transactions. According to new research from Proofpoint, fraudulent real estate transactions are being used to steal people’s credentials.
Attackers are capitalizing on the number of unfamiliar parties and documents involved in a typical real estate transaction to lure unsuspecting homebuyers into clicking on fake landing pages.
Researchers have identified schemes employed by attackers targeting homebuyers with DocuSign lures and fake Office 365 login pages associated with bogus real estate documents. In addition, the computer networks of real estate firms have been directly attacked with remote access Trojans (RATs) to obtain confidential information.
The electronic signature has proven to be an effective target for threat actors, and click rates for DocuSign lures are averaging five times higher than click rates for the top 20 lures, according to a 15 August blog post.
The goal, however, is not to steal users’ DocuSign credentials. Rather, the lure is to have victims log in to fake DocuSign landing pages with third-party credentials such as Microsoft Office 365 or other generic email credentials.
“These landing pages are linked in phishing emails; the URLs for the links suggest targeting for homebuyers and generally reside on compromised sites, the administrators of which have all been notified,” Proofpoint wrote.
In addition to abusing the DocuSign brand to harvest credentials on phishing pages, attackers have used other phishing templates specific to mortgage closings. The phishing landing page – complete with national realtor and Norton logos – tricks users into thinking they are opening documents containing their closing disclosure.
Though less frequent than real estate phishing, attackers are also targeting real estate businesses, including realtors and homeowner insurance agencies, using RATs. “Because of the nature of the transactions in which these business engage, RATs and information stealers offer additional opportunities for threat actors to steal a range of personal and banking information.”