The real estate market in the United States is showing signs of heating up, and spammers are taking advantage of the increased activity by sending thousands and thousands of email phishing messages. Disguised as real estate listing notifications the messages are sent with the hope that harried home buyers, desperate for new properties, will unwittingly hand over their email passwords.
The phishing emails each use slightly different messages but all take advantage of the RE/MAX brand and, in every case, they contain a link to a compromised website that does not relate or lead to real estate.
|(press any thumbnail for a full size image)|
The compromised websites unknowingly host a simple webpage that pretends to be a login page.
Once there, these pages ask for your email address and your email password. There is no reason a real estate website would need your email password. In fact once this information is filled in, it is then forwarded to the spammers.
RE/MAX is aware of the problem and warns about it here.
The theft of email credentials is a disastrous for most computer users, compounded by the fact that other internet services often allow you to recover a forgotten password by sending a message to your email address. For example: if you have an online banking account linked to your email address, a thief with the ability to log into your email account can potentially wreak havoc by finding and identifying emails from your bank, reset your bank password, log in and write themselves a nice check, all before you have any idea what has happened.
A Few Important Tips:
– Always treat your email password like the keys to the kingdom, because that’s what it is for spammers.
– Use a short phrase for a password (longer is better, and can be simpler) rather than just a few characters, and change it regularly.
– Never share your email password unless you are logging in to your email provider’s website.
by Dave Michmerhuizen & Luis Chapetti – Security Researchers
Leave a reply