by Dave Michmerhuizen & Luis Chapetti – Security Researchers
The real estate market in the United States is showing signs of heating up, and spammers are taking advantage of the increased activity by sending thousands and thousands of email phishing messages. Disguised as real estate listing notifications the messages are sent with the hope that harried home buyers desperate for new properties will unwittingly hand over their email passwords.
The phishing emails each use slightly different messages but all take advantage of the RE/MAX brand and, in every case, they contain a link to a compromised website that has nothing to do with real estate.
The compromised websites unknowingly host a simple webpage that pretends to be a login page.
Once there, these pages ask for your email address and your email password. There is no reason a real estate website would need your email password, and in fact if you provide a username and password it is immediately sent back to the spammers.
RE/MAX is aware of the problem and warns about it.
7/12/2012 – Update: A new and more convincing website template is now being used on the compromised servers.
Don't be fooled by this fancy layout. If the URL does not say remax.com, then it's not remax.com, and in any case, Remax has already stated that they do not ask for your email credentials.
The theft of email credentials can be disastrous for most computer users, particularly because many other internet services often allow you to recover a forgotten password by sending a message to your email address. For example: if you have an online banking account linked to your email address, a thief with the ability to log into your email account could potentially wreak havoc by finding and identifying emails from your bank, reset your bank password, log in and write themselves a nice check, all before you have any idea what has happened.
A Few Important Tips:
– Always treat your email password like the keys to the kingdom, because that's what it is for spammers.
– Use a short phrase for a password (longer is better, and can be simpler) rather than just a few characters, and change it regularly.
– Never share your email password unless you are logging in to your email provider's website.
Barracuda Networks customers using the Barracuda Spam & Virus Firewall are protected from these emails.