SPAM EMAIL ALERT
Spammers are “Phishing” Metro MLS members. Here’s how to confirm your Emails are official Metro MLS correspondence…
06.26.18
Many Metro MLS Members received a Spam e-mail that appears to come from the Metro MLS Administrative Staff. Please disregard this e-mail – Please do not respond!
EXAMPLE
This e-mail was a classic example of Phishing. Phishing is a targeted spam e-mail used by a bad actor to get to a particular audience, in this case the Metro MLS membership.
The above e-mail was not sent by Metro MLS. The e-mail From admin@metromls.com was spoofed meaning someone made it appear that the e-mail was sent from the Metro MLS admin department; a sharp eye however, reveals a different reply to address: wavesnew0@gmail.com (the address has already been reported to google as spam sender).
A bogus “reply to:” e-mail address is the first sign something is wrong, other clues are:
- The missing salutation (who is the intended recipient?)
- The vague request with no details (which dates?, which amounts? Which invoices?)
- The oddly constructed sentences
The e-mail as received by one of our members:
How did this bad actor get my e-mail address? It’s almost impossible to tell, the source could be one or many sources including any public or private rosters, referral service databases, hacked e-mail accounts and compromised computers with contact data on them.
What was the intention of this Spam e-mail? The intention is hard to tell, the e-mail has no malicious links or attachments, just a vague request to confirm information. A best guess would be that the bad actor hoped to get a dialog going that would possibly end up with the bad actor requesting payment information or credentials to verify account info.
Here is an example of a real Metro MLS Signature:
Thanks for your attention.