Waiter, what is the Phish of the Day? – Aug 17 2022

The Middleman Phishing scheme.

Clicking on the links in these types of emails might get your address in hundreds of sales lists. They might also cost you money by going through a middleman, or worse, victim to a con artist.

A common catch in the market this year: Confirm an Account you don’t have

The domain in the Sender’s email is legit-(https://homeownerco.com/). It’s a safe website for the home buying and selling industry.

There is one link in the email. Should I find out about this new Quicken account? I make sure my Malwarebytes anti-virus is active before making the decision…

Move your mouse to hover over the link (View Your Detail… in this example), and a box will pop up showing you the domain of the website you’ll visit if you click it:

Interesting. The link directs you to www.echo4.bluehornet.com & then safely takes you to a Quicken Loans website ( https://refinance.quickenloans.com/ ).

Safe, but is it legit? The official website of Quicken Loans is https://www.quickenloans.com/. Browse the website & you’ll see a common design theme on every page that is entirely different from the email link.

The link in the email makes you think you’re going to Quicken Loans, but there’s a catch – you must stop at their shop first. Here it is:

There are fine print clauses in their Legal Disclosures / Privacy links that verify these guys are middlemen.

I’m pretty sure you’ll get a genuine Quicken Loan after these guys ( https://www.lowermybills.com/ ) get their cut.

There is also mention of Rocket Mortgage ( https://www.rocketmortgage.com/ ).

The one thing we know is that Georgia Miller gmiller@homeownerco.com gets a tiny chunk of cheddar every time the link is clicked.

Every good business consultant, either here in Nashville or parts unknown, must advise their clients to perform routine phishing scheme training. Articles indicate over 90% of ransomware attacks come via email. That stat seems high to me because of dedicated RDP attacks. As someone specializing in IT consulting, I think RDP open ports still account for at least 30% of successful attacks.

Thanks for visiting this website.  Sign up to receive our newsletter today.  Steve


Categories: Email