New mortgage spam campaign plays on Brexit uncertainties

Version imprimable, PDF et e-mail

We've had no shortage of “Brexit” related economic news since the United Kingdom voted to leave the European Union on June 23 of this year.  Take a look at these recent headlines:

And more importantly for our topic today:

With headlines like these, is it any wonder that there is so much confusion surrounding Brexit related economic issues and mortgage rates?

Unfortunately, spammers and other malicious attackers have spotted an opportunity here.   The Content Intelligence Analyst team at Barracuda Networks has identified a mortgage and refinance scam that has many variants, but all of these variants are related to Brexit.

This particular type of spam is designed to grab the recipient’s attention at first glance. The spammer begins by mentioning Brexit in the subject:

  • “Brexit drives down interest rates to all-time lows!”
  • “Brexit Shock! Rates are Down. See How Much!”
  • “Brexit Shock! Refinance Today!”

Recipients who are up to date with current events, and in the market for a mortgage, may be very tempted to open such an email based on its relevancy to current events.  The fact that Brexit has been in the news for several months can help lower suspicion on this type of email.  We often see high-profile topics such as the Olympics, the SuperBowl, Presidential politics, etc., often used to trick someone into trusting a malicious email message.

This spam campaign has some marketing phrases in the body of the email:

“ …its official Brexit… has rocked the financial markets worldwide”… “If you’ve been looking….truly no better time to lock in your rate”, and it states you may be able to save money:  “You could potentially save thousands of dollars over the life of your loan”.

Adding credibility to the message

One common strategy we found in this attack is the reference to a reputable company, which is done as an attempt to add credibility to the message.   “Lending Tree Partners” is used in this Brexit-mortgage spam campaign to grab the reader’s attention.  LendingTree is an online loan marketplace that connects borrowers to a large network of lenders.  LendingTree issued a press release on the effect Brexit has had on mortgage rates offered by network lenders.

“This historic event has created an opportunity for US borrowers to lock in some of the lowest interest rates we've seen since December 2012,” said Doug Lebda, founder and CEO of LendingTree. “We're seeing 30-year fixed-rates as low as 3.21% APR, which means there is a massive window of opportunity for borrowers to save.”

Based on the legitimate LendingTree press around Brexit, and the tactics used in this spam campaign, recipients could easily be tricked into thinking that this email was a genuine business communication.

Although there are large buttons such as “Calculate My New Rate” and “Home Loans” and the bottom of these emails, the entire body is actually a hyperlink.  Clicking anywhere in the body of these messages will open up  a browser tab that displays a blank page. If you look at the URL in the browser of that blank page, it will match the sending domain of these spams and not LendingTree.  The blank page does eventually redirect to

What’s the point?

So why would a spammer go through all this trouble just to send the recipient to the legitimate

Spammers are always developing more creative and less obvious ways to trick someone to give up private information. When the message is clicked on, and the blank browser page is opened, spammers may be getting access to personal information, including your location and other information passed to them by the browser.  Worse, that blank page may be injecting your browser with an ‘exploit kit' or executing another potentially malicious script.  Although these emails are not asking you to fill out a form or forward your personal information, the malicious intent is still there.  Emails like this need to be handled with caution.

How to avoid being victim

Check, check and triple check.  Ask yourselves,

  • Am I familiar with the sender of this message?
  • Why am I a recipient of this message?
  • Is this sending domain legit?  Does the message really come from a reputable/known company (sending domain)?

If you are unsure, use a search engine to search the sending domain. Do not click on the email body. If you are in the market for a mortgage or refinance, do not take the risk and click on a message you are not sure about.  Open a browser, type in the URL, and directly contact a representative of that company to get further information.

For more of our articles on malicious email campaigns, follow this link.

To test your knowledge of spam and phishing tactics, give this quiz a try.

Remonter en haut de page