Cyber criminals are working a new email scam: Luring people to open purported real estate contracts and thus get access to their emails, according to the security firm Retarus.
The emails
carry the Microsoft logo and pretend to have the email boilerplate of Dotloop, a platform for conducting real estate transactions.
When the victim clicks on the button to open the
contract document, the link leads to a fake Microsoft page, the company says.
Recipients are asked to log in using their email credentials.
"With this password, users are
not only granting access to their emails," says Martin Mathlouthi, product line manager secure email platform at Retarus. Mathlouthi adds, "As single sign-on is commonplace, this is also likely to be
the password for the active directory, allowing the phishers to gain access to other critical company data."
One possible protection is that the emails are poorly done.