This home buying season, two new phishing scams are making the rounds targeting mortgage lenders and their customers. As I’ve written before, phishing emails look like official communications from real companies, but they aren’t. They’re imitations. By posing as a trustworthy entity, the scammers want to fool you into giving them valuable information, such as your usernames, passwords, and credit card numbers. They may also be trying to infect your computer by directing you to a website full of malware, again giving them access to your personal information or sensitive information relating to your business.
Recently, there have been phishing attempts that target financial institutions and consumers that are engaged in mortgage lending:
- Phishing attempt #1. Customers and financial institutions that are in the process of finalizing loans are receiving a phishing email with the subject “RE: Closing Package,” containing an embedded URL that leads to a fake Google Docs-branded credential harvesting site.
- Phishing attempt #2. Customers and financial institutions that are in the process of finalizing loans are receiving a Dropbox-themed phishing email with the subject “Please verify your email,” containing an embedded URL that leads to a phony Dropbox-branded credential harvesting site.
At Bank of the West, we are on high alert for emails with either of these subject lines. If you are in the process of seeking a loan from any financial institution, be extra careful, and don’t open emails that seem suspicious.
If you receive an email with one of these subject lines there’s a good chance it is a phishing attempt. Do not click on any of the links or reply to the email. Instead, delete the message.
Here are my seven top tips to help you protect yourself from phishing attempts:
1. Keep your inbox tidy, to make it easier to spot a phish. Start by unsubscribing from offers and newsletters you don’t really want.
2. Look closely at emails, including URLs.
3. Delete suspicious emails.
4. If you receive a questionable email, contact the business directly to verify the message.
5. Always go directly to websites you want to visit rather than clicking a link.
6. Never open attachments or links in emails from unknown senders.
7. Be on guard with emails from people you know. If it seems suspicious or contains a seemingly random link, it may have come from a hacker impersonating someone else.
For more information, please see my post, “Don’t take the bait: Tips to help prevent phishing” and this brief video on phishing.Read More ›
Here are some basic tips and good practices as you get ready to file your annual income taxes.Read More ›
Phishing emails look like legitimate communications from real companies, but they aren’t.Read More ›
Miles and points are currency, as they can be used for many real-world transactions such as flights, shopping, gift cards, and even cash.Read More ›