Avanan researchers have uncovered an attack that leverages the notification of closing documents to send a credential harvesting link.
Here's the email:
Notice that "Open Message" will direct you to a suspicious-looking website. Here's where it leads you:
That is a convincing login page, but it's actually hosted on a malicious page.
This is not the first time we've written about scammers taking advantage of mortgage closing and wire information. Back in November, we wrote about a fairly similar attack.