Avanan researchers have uncovered an attack that leverages the notification of closing documents to send a credential harvesting link.

Here's the email:


Notice that "Open Message" will direct you to a suspicious-looking website. Here's where it leads you:


That is a convincing login page, but it's actually hosted on a malicious page.


This is not the first time we've written about scammers taking advantage of mortgage closing and wire information. Back in November, we wrote about a fairly similar attack

Subscribe to Our Attack Briefs for More Research