Have you ever received an e-mail offering you a unique and irresistible offer on a new mortgage for your house? If you didn't request the offer originally, you are probably a potential victim of mortgage email phishing. And, chances are you have received not only one of these e-mail scams, but dozens - each one with better terms than the last. It's not just the people who own homes who receive these, but any one of any age who has an e-mail account. What's going on?



Mortgage phishing is the way unscrupulous e-mail scammers have devised to get your personal banking information, credit card numbers and passwords, social security numbers, and all of your personal income and debt information. Once they have your vital information they have the opportunity to access your financial accounts and help themselves. They can charge your credit cards past the limits and empty out your checking and savings accounts. All this can happen while you wait for the quick reply to your on-line mortgage application.

However, the reply never comes! Or, the reply says, "Sorry, you don't qualify." You delete their e-mail, they have all your vital information, and you have no way to begin tracing them if you should need to. It might be weeks before they actually use the information they gleaned from you so you won't make a connection between the false application and the possible disappearance of your funds.

The e-mail mortgage phishing scams are tempting, especially to those with weak or poor credit. They state that even if your credit record is not good, and even if other finance companies have turned you down, they are willing to refinance your home and consolidate your debts and loan you between $75,000 and $1,000,000 . The payments, of course, will be ever so low - to suit your particular pocket. And the interest? A measly 1% or 2%. You're probably already pre-approved, so just fill out the short application and they will help you out right away. There are hundreds of variations of these terms, some more realistic than others.

There are millions of e-mails for these mortgage promotional scams sent out each month. Statistically, it doesn't take a large percent of the people responding to make phishing a lucrative business. Less than a third of the email spam is sent from the United States, which makes taking legal action more difficult. Those doing the phishing use false e-mails and fraudulent websites. They can redirect your confidential information through several different countries, creating a difficult and, quite frankly, an impossible task for finding them and recovering your money. The websites they use are impressive looking and often are clones of well-known banks or mortgage institutions - colors and logos can be identical. Hijacking trusted names gives the unsuspecting borrower a false sense of security.

"There are no free lunches" will always be a good rule of thumb in evaluating spam - any spam on any subject - but especially regarding mortgages. 'Spam' means you didn't request the information in the first place. If you didn't request it, something phishy is going on.

Here's some more hints that you are being phished:

  • The return email is garbled letters, such as pswehsld@dsy.com

    Some spammers will use the e-mail address of a legitimate bank or mortgage company. These may or may not be spam. However, if the e-mail IS from your bank, they will address you by name. No bank or mortgage company these days sends out generic letters with fantastic offers that weren't requested in the first place.
  • The e-mail is being sent on Friday night or Saturday, and in order to take advantage of the special offer you need to respond within 24 hours. Of course, the banks and mortgage companies are closed on Sundays, so you can't call and confirm to see if the offer is valid. Legitimate mortgage companies will never have a weekend special.
  • The form you need to fill out comes in an 'attachment' to the e-mail. These unrequested attachments usually contain viruses or spy ware.
  • The application you are being asked to fill out is not on a secure site.
    How to tell if a site is secure?
    Look at the address line that you are filling out.
    Most sites start with: http://
    A SECURE site will start with https://
    (There's a little 's' in that one - means 'secure')
    Also, look in the bottom right hand corner of the site. There should be a gold padlock there. If both of these items aren't there, you are probably being phished.

What can you do to be safe if you are tempted to respond to a mortgage offer that appeals to your particular needs?

  • Phone the company up (after confirming the phone number through the yellow pages or white pages). If there's no phone number, you are being phished. Also, if there is no street address (which you also need to confirm before replying) you will not end up with a legitimate mortgage.
  • If you do locate a live person or company, ask them to mail you the application. Do not fill out an application on line.
  • Change your passwords on all credit card and checking accounts at least once a month. Keep your virus checkers up-to-date on a daily basis.
  • The most important thing you can do: Apply Common Sense! The pot of gold at the end of the rainbow will not arrive at your doorstep via spam e-mail!