Spear Phishing Emails in Mortgage Business

How to check if and email is a Spear Phishing Email and is used to attack us?

  • Comes from unknown sender
  • Solicits sensitive information, like your password
  • Prompts you to open an attachments or click a link
  • Appeals to urgency fear or desire
  • Contains spelling or grammatical error

Types of Social Engineering Attacks

  • Baiting – Attackers lure targets in with items of value: They might leave a flash drive where someone will find it or can upload malicious files to a site where thousands can download it.
  • Pretexting/Bohoing – Some attackers might impersonate a person of authority or whom trust to solicit sensitive information. An attackers might impersonate your username and password to solve some issues
  • Mind games – an attackers might send an email or call you in response to an imaginary question. This can lead the target to believe that he or she simply forgot their previous conversation, making the target more likely to give up information.
  • Spam & Phishing – Both methods usually rely on email to lure victims in. Most spam emails are after monetary gain while phishing emails usually solicit  sensitive information.
  • Tailgating – An attacker might wait besides a locked door to glean your credentials so they can get inside.


Here are some facts about Spear Phishing in Mortgage business

  • 1 in every in 2.3 organizaitons is targeted by a spear phishing attacks.
  • 600,000k it’s an average cots in USD to fix the damage done by a spear phishing attack.
  • Number of organizations affected by a data breach in 20014 rose 9% comparing data from 2013 year.

Types of Spear Phishing emails in mortgage industry

  1. Data Entry
  2. Click-Only
  3. Attachments 

A sample spare phishing email version 1

The webpage where person is forwarded looks like a legit website and even an email from which the message is sent looks like real one. In most cases can be misspelled or used ASCII symbols.

A sample spare phishing email version 2

A sample spare phishing email version 3


Leave a Reply

Your email address will not be published. Required fields are marked *