May 19, 2022
Phishing is the act of pretending to be a figure of authority to steal confidential user information. It is the most common method in which scammers access title agencies and their clients accounts, in order to commit wire-fraud scams.
It starts with a title agency team member receiving an email or contact from outside the business. It might even look like an email from your bank, or a community event or even from internal IT department.
This email will request the team member to follow a link to access information or perform a task. When this link is followed, it will typically take you to a login screen for whatever service the company uses (Such as Microsoft Outlook). This ‘login’ page is not legitimate but actually designed to steal the credentials of the user.
The team member will enter in their login information into the fake website, and then be rerouted to the real website. The scammers now have access to the team member’s accounts and will proceed to leverage those accounts.
These are not the only ways that phishing works and we will showcase a variety of other creative ways that scammers try to steal credentials to commit wire fraud.
We have already described Phishing in great detail in our past article, but many of our partners have asked for more concrete examples of what a phishing attempt actually looks like, and how they can prevent their own employees or team members from falling for them.
Each example will go over a type of phishing attempt to showcase what can be used to identify them.
[caption id="attachment_3795" align="aligncenter" width="593"]
Example 1: A fake email from an internal IT department. Source
The first example of a common phishing scam is an email from the companies internal or outsourced IT department. The email will claim that upcoming IT outage or system update will delete accounts if they do not click on a certain link. As many organizations inform their staff to reset their passwords every six months or so, an email like this can go unnoticed.
Any IT department that has access to their client's system, such as a title agency, will never ask for team members to follow an external link. They will be able to update the system remotely with or without a team members input.
[caption id="attachment_3794" align="aligncenter" width="590"]
Example 2: A fake email that claims that an account will be deleted if no action is taken. Source
A hallmark of many scam phishing emails that target title agencies (to attempt wire fraud) is to make the request as urgent as possible.
A common wording that we see at CertifID is that a user's account will be deleted in under 24 hours if the target does not enter in their details. Or even that an external request has been made by someone else (See the example below) to delete their account. This is known as ‘threat’ motivation, the fear that by not doing a certain action you will miss out.
It is important to use logic in these scenarios, to pause for one moment and think the email through. No IT company would survive if they deleted clients accounts for a simple update or because they got an external request to delete an account. Hard drive space is not at a premium so why force someone to take an action or otherwise face deletion?
[caption id="attachment_3793" align="aligncenter" width="955"]
Example 3: A invite to an event. Notice how there is no link to a website or any other information about the event. Source
The opposite of threat motivation is ‘reward’ motivation, something that scammers use to great effect when trying to gain access to accounts for wire fraud. A target might receive an email inviting them to an event, winning an award, sharing a photo they were tagged in etc. The idea is that someone outside the target's network will get in touch with them out of the blue.
They will then be directed to a login page to sign up. This login page, of course, is a scam and designed to steal your credentials.
[caption id="attachment_3792" align="aligncenter" width="640"]
Example 4.1: Paypal will always have your full name, not address you by your email. Plus look at the email address above. Source
This type of phishing is actually rather brilliant if not devious. A target will get an email from an authorized source saying that someone has attempted to hack their email account. It will appear completely legitimate and claim that someone has access to all their details.
Following this alarming news, it will ask the target to do several things.
The first may be to login and change their username and password (Sending the target to a credential-stealing page, simultaneously giving the old password information and the targets new changed password).
[caption id="attachment_3791" align="aligncenter" width="640"]
Example 4.2: An example of a telephone scam, the phone number leads to a scammer’s call center. Source
A second way is to request victims to call a phone number to discuss their system vulnerability. This would be a Skype number or an actual landline that goes to a ‘real’ call center, answered by a computer or in some cases a real person working for the scammers.
[caption id="attachment_3790" align="aligncenter" width="640"]
Example 5: A fake login for google. Notice how the URL links to a location on the hard drive (C: not www) not onto an actual site. Source
It is well known that attachments can hold viruses, but they can also hold phishing attempts as well. Hidden in the file will be an HTML form that will look just like a login page. When the target clicks on the email attachment they will open the form either on their computer or as a link to another page.
The rule here is that no attachment should require a login, you already have the file and should be able to access it offline.
[caption id="attachment_3789" align="aligncenter" width="760"]
Example 6: A word document that pretends to be encoded and requests macros to be switched on. Source
Another common phishing scam attempt is including a malicious macro within a document. Essentially, when a target downloads an attachment with a macro and opens it, they will (if they have macros activated) be automatically directed to a credentials stealing login page.
[caption id="attachment_3787" align="aligncenter" width="800"]
Example 7: Pay attention to the email address at the top of the email. OneDrive would not have a generic email address. Source
Ironically, this is one of the easier things to spoof, but many phishing attempts forget to do it. If the email is from a professional company, they will have a professional email, not @gmail.com or @hotmail.com.
[caption id="attachment_3786" align="aligncenter" width="640"]
Example 8: A ramshackle website that does not look like a professional page for a national bank. Source
Any large firm or business worth its salt would have a high-fidelity design and look professional. Scammers, on the other hand, are lazy, choosing a design that lacks any real integrity and looks terrible. Watch for branded company websites that just don’t seem right, are not responsive on mobile (Or don’t change size/shape when you scale the browser window) or use plain HTML (Like a website from 1995).
[caption id="attachment_3785" align="aligncenter" width="640"]
Example 9: A fake social media page. Source
Scammers have found a way to exploit social media platforms, like Facebook. It works by sending an attachment through the messaging system, that redirects the victim to a credentials phishing page, most of the time for that specific social media site.
[caption id="attachment_3784" align="aligncenter" width="640"]
Example 10: Scammers using LinkedIn to direct message scam links. Source
Not to be restricted only by email, scammers are now also looking to use the same tactics on other platforms. Like using the common bank email phishing scam via LinkedIn. It looks strange, but by going via LinkedIn they will know what their targets company is, what their role is, and many other personal details.
This will allow them to personalize their scam to make it as accurate and convincing as possible.
[caption id="attachment_3788" align="aligncenter" width="735"]
Example 11: A CEO phishing scam. The CEO grew suspicious of the continued insistence of payment and delayed the wire transfer. Source
The last example and one that we have seen a spike of phishing attempts is made directly to CEOs. This is especially potent for title agencies, as scammers know they are responsible for vast sums of clients money, and if they could gain access, leverage that brands trust to do a lot of damage.
CEO’s should be extra vigilant and keep a lookout for the previous examples, knowing that they are the number one priority on the scammers hit list.
Additionally, title agency CEO’s should protect their business by using CertifID... With four different types of mandatory security validation before each and every wire transfer (even if it’s regular business), you can feel safe that your business and your client’s money is protected.
You can sign up for a free trial to explore the different options for your business.
Co-founder & CEO
Tyler brings a decade of leadership experience developing and launching technology businesses. Before co-founding CertifID, Tyler led new product development at BCG Digital Ventures for Mercedes-Benz, First American Financial, Boston Scientific, and Aflac.
Learn how a SoftPro integration with CertifID delivers productivity benefits and wire fraud protection to your business and clients.