Phish Are Biting – Real Estate Edition

Received a pretty clever phishing message last night from a friend who clearly has lost her credentials.   Don’t worry, I let her know and recommended she turn on Google Two Step Verification.

Please check out real estate documents I uploaded for you on Google Docs
Click here to view (link redacted)
Thank You

Something about this tickled my fancy enough to load it up on a test box.  Here is the resulting page…

IMG_20130408_205603
Our secured auction page

First off, this isn’t Google Docs… How dare you mislead me like this!  At least they got the real estate angle right.  However, I am not sure how good the hit rate is on people who are active in the real estate auction game.  Maybe the mentality is that the reader will see an auction, and imagine treasures of $1 homes and short sale mansions.  Perhaps they will blindly log in, fearing their own property is the property up for bid.

What is interesting is the play on single sign-on.  Are users so used to these types of convenience buttons that they will fall into this trap? under the guise of a legitimate business?  Probably so.  I am actually shocked they didn’t include Facebook in this list.

This site is a perfect example of a middle of the road phishing site.  There are some awkward formatting issues and the story line has gaping holes in it, but it would get a high enough hit rate to meet the author’s objectives.

If the victim looked at the web address the Remax brand has been convincingly worked in as well (For example :http://remax.com.realsite.co.au/remax/).  The big give away was the .au top level domain.  The author added a folder at the end “/remax/” to draw away the victim’s attention.  It is a lame trick, but can trick the eyes if you only glance at it.  It is like the URL was designed to leverage typoglycemia.  It doesn’t matter in what order the letters in a word are, the only important thing is that the first and last letter be in the right place.

Is your business tracking this type of brand abuse?  Digital Armor offers monitoring and remediation of these types of phishing attacks for our customers today.  If you are concerned with this type of brand fraud contact us and we can help.