Cyber criminals are working a new email scam: Luring people to open purported real estate contracts and thus get access to their emails, according to the security firm Retarus.
The emails carry the Microsoft logo and pretend to have the email boilerplate of Dotloop, a platform for conducting real estate transactions.
When the victim clicks on the button to open the contract document, the link leads to a fake Microsoft page, the company says.
Recipients are asked to log in using their email credentials.
"With this password, users are not only granting access to their emails," says Martin Mathlouthi, product line manager secure email platform at Retarus. Mathlouthi adds, "As single sign-on is commonplace, this is also likely to be the password for the active directory, allowing the phishers to gain access to other critical company data."
One possible protection is that the emails are poorly done.