Mortgage Software Solutions Blog

Phishing: What to Look For and What to Do When You Recognize the Bait


Phishing is a popular cyber security term that describes a certain form of computer hacking through electronic communications. As it sounds, the methods involved resemble baiting a hook and trying to persuade a person into compromising sensitive data through deception.

Businesses that store large amounts of sensitive data, such as mortgage companies, are most at-risk of these attacks. Fortunately, with a keen awareness of common phishing tactics, many of these attacks can easily be discerned. In this article, we'll discuss specific phishing methods and what to do about them when recognized.

A Brief History of Phishing

The first occurrence of phishing was in 1995 and involved the attacker acting like an AOL representative. This deceptive bait was thrown in the water with an instant message, which lured users into giving sensitive account and billing information.

The numbers show just how effective phishing can be and how quickly this problem has grown. In any given month of 2005, around 14,000 unique phishing campaigns were recorded. In only 10 years, this number increased to around 100,000 unique campaigns per month.

Methods of Phishing

  • Email
  • Phone
  • Instant messages
  • Websites


This is one of the most prevalent methods used in phishing. There are some common signs to look for, though, to help you recognize when something fishy is going on.

For starters, it’s important that you and your mortgage team are aware of potential phishing attempts. With a careful examination, these scam artist can easily be detected and reported.

A simple mistake hackers are prone to make is misspelling words and/or using bad punctuation or grammar. If these signs are detected, then a user can generally guess it's not from the professional service it claims to be. Phishing scams are effectively deceptive because they claim to be a popular company. However, a reputable company is probably not going to send a mass email with mistakes like this.

Does the email have suspicious or unexplained links in it? This link is likely a poisonous element you'll want to avoid clicking on. Malicious files that spread viruses could be on the other side of these links. Sometime, you can detect a bogus link by hovering over it to see if the address matches what's in the link. If it doesn't match the link, this is a potential sign that it's a phishing attempt.

By examining the tone and content of the email itself, a user can often detect a phishing email. If there are threatening or urgent messages, this could be a sign of a phishing attempt. An example would be something like: “If you don't act fast your entire security system will be breached by an invading virus!” This sounds silly, but because they're acting as a popular company whose service you may already be using, your fear or curiosity may encourage you to click the malicious link.

With careful observance of incoming emails, a user can detect these bogus phishing attempts and thwart their intentions. The trusted services you use are not going to act in such an unprofessional manner. If there's any question about the legitimacy of an email, always contact your service provider directly and confirm, before acting on questionable email requests.

Phone calls

These are another method of phishing. Though more obvious in some ways, because phone calls involve a human element, they can be even more deceptive. Understand that no professional service you use (or want to use) is going to call you out of the blue and ask for important and confidential information.

These phone calls basically employ the same type of tactics email phishing does. In other words, they'll claim to be trying to help resolve some issue or sell you something necessary, like a software license. These cyber criminals will use deception and fear tactics to try to gain sensitive information from the user, such as passwords or usernames.

Unsolicited phone calls like this need to be approached with caution. If something feels off about a phone call you’re having, don’t offer up any valuable information. Tell them you are busy and will call the appropriate party when you have time to talk.

Instant Messages and Texting

Phishing attempts through instant messages and texts, though not as common, can still be a threat. Through the phone or social media, instant messages and texts will generally have a link and some bogus problem they want to solve. Again, the use of deception and fear are the way they lure the user into clicking on the link in the message or offering up personal data.

These are easy to avoid and spot, yet because of the mode of communication used, users could be caught off guard. Therefore, being aware of phishing methods that involve instant messaging and text can help prevent hacking attempts.

What to Do When Detecting a Phishing Scam

If users detect any phishing scams through these methods (or any other), contacting the appropriate authorities is what to do next. For those in the U.S., contact the FTC and fill out a complaint form. For those in the UK, contact Action Fraud to report the attack. For other countries, contact your local fraud and cyber crime center to report the attempt. This will help thwart the hackers and prevent others from falling prey to their phishing attacks.

Phishing is an act of criminals who use deception and fraud to steal information from businesses and individuals for their own personal gain. Businesses like mortgage companies, are particularly vulnerable to attacks on their guarded systems. This is because they have a wealth of valuable and sensitive client data on hand. The results of a successful phishing attack can be devastating and should be guarded against through awareness and maintenance of a robust security system.

Access Business Technologies understands the sensitive nature of the mortgage businesses we serve, and for that reason, we have created DocumentGuardian™. DocumentGuardian™ provides mortgage firms with a secure data center where their borrowers’ non-public information documents are stored, instead of being stored on individual computers and devices.

This is one way ABT ensures security within our MortgageWorkSpace®—our comprehensive cloud-based platform for mortgage institutions. To learn more about cyber security and our solutions for the mortgage industry, please contact us today.

Learn More
Topics: ABT phishing