Vistaprint Exploited For Real Estate Wire Fraud Scams

In real estate, the threat of wire fraud is real. Industry professionals are aware of the growing real estate scams that dupe buyers into giving their purchase money to hackers. In 2016, wire fraud topped the list as a sophisticated scam causing consumers to lose millions of dollars each year. Realtor.com has published best practices for Realtors, and even offers a sample wire fraud e-mail template notice to use in daily correspondence. 

Labeled "Sophisticated" Because To The Average Eye, It Looks Legit 

The typical scam involves hackers gaining access to e-mail accounts through captured passwords, and then searching inboxes for messages related to real estate transactions. Once a targeted victim is identified, hackers send spoof e-mails to look like they are coming from the agent, title representative, attorney, or lender, often including "new" wiring instructions to a fraudulent account. Victims unwittingly comply, sending funds directly to the hacker's account. And once the money is gone, it is often unrecoverable. 

For those who work in the real estate industry, the chances of being exposed to wire fraud or attempted wire fraud are increasing. And while we do our best to warn and educate, the crime is too easily perpetrated, as no one thinks it will happen to them -- or their clients -- until it does. 

Tehse wrods may look lkie nosnesne, but yuo can raed tehm, cna't yuo?

The scam works partly because our brains can read jumbled letters and are wired to overlook typos.  Coupled with content that uses real information (like e-mail signature blocks and  specific details relating to property information dates), an unsuspecting reader trusts written words, as well as the relationship behind the real identity of the person with whom they believe they are corresponding. For example: 

mickeyrnouse.com  - at a quick glance, this might look like MickeyMouse.com, but upon closer inspection, can you see that it really says MICKEYRNOUSE.COM?

mikeymouse.com  - in this instance, the "c" in mickey was dropped , and Mikey reads everything. 

mickeymuose.com -because transposed letters are easy to miss

These are the types of tricks scammers leverage to get their foot in the door.

Vistaprint - More Than Economical Business Cards and Free Pens... 

In a recent case of attempted fraud, scammers spoofed an agent's personalized e-mail domain by dropping 1 letter in the name.  As we investigated the fraudulent e-mail account, WHOIS showed the domain owner to be Vistaprint, registered through TuCows.com. We reported the attempted wire fraud to both companies. TuCows responded immediately to shut down the domain. 

While pleased with the registrar's fast response, we wondered about Vistaprint's connection to the case and pressed  further in pursuit of the culprits behind the scam. Surprisingly, we learned through a google search that Vistaprint has been a long-standing platform favorite exploited by scammers for the purpose of business e-mail compromise (BEC) scams and phishing attacks. Stories involving abuse of Vistaprint's platform have been making news headlines dating back to 2014. CNBC aired a particularly disturbing story in August of 2016 which targeted the CEO of Centrify, a California-based cybersecurity company. 

A Shocking Petri Dish Of Cyber-Hacker Slime 

Phishme.com explains in detail here how attackers sign up for Vistaprint's option to create a free domain. Scammers use fake information to meet Vistaprint's bare bones "validation" measures, and pair web hosting with an e-mail account on Vistaprint's 1-month free trial. (A few days is ample time to perpetrate wire fraud.) As Vistaprint retains ownership over all of their domain names ("leasing" them to end users), it is easy for scammers to hide their true identities and get away with the ploy. Wash, rinse, and repeat. 

Uncool, Vistaprint!

To help illustrate the rampant abuse taking place on a daily basis, consider the reverse Whois search we performed at https://www.whoxy.com/reverse-whois/ this morning. The query looks for domains where the registrant's email address matches to Vistaprint's "csadmin@vistaprint.com" e-mail address:

 

The sorted the results to show a list of domain names that lit up yesterday, November 1, 2017. Check out what 15 seconds of a closer look was able to spot. See anything that looks tricky to you? We found a few...

 Sadly, the results haven't changed much from those found by Ronnie Tokazowski in the September 2015.

A Call For Accountability & Policy Changes 

Threatstop.com writes: "Registration of fake domains by fraudsters and hackers is a real problem that is relatively easy to solve and even a very simplistic fix would prevent a great deal of crime. The BEC scam is just one example of how criminals use fake, free domains to perpetrate crimes. One would hope that domain vendors take notice of this issue, and begin to put policies and processes in place to help stamp out this type of criminal activity." 

Vistaprint, if you're not part of the solution, you are part of the problem.  We implore you to stop enabling fraud on your platform. Turning a blind eye to criminal use of your resources just doesn't work for civilized society.

Amanda Thomas, Broker Realtor®, SRES®, BPOR, MCNE , Providence Group Realty
Phone: 469.645.6363 Mobile: 469.298.9706 Email: amanda@amandathomas.com Website: www.providencegrouprealty.com Address: 3308 Preston Rd #350-124, Plano, TX 75093