Many Metro MLS Members received a Spam e-mail that appears to come from the Metro MLS Administrative Staff. Please disregard this e-mail - Please do not respond!
This e-mail was a classic example of Phishing. Phishing is a targeted spam e-mail used by a bad actor to get to a particular audience, in this case the Metro MLS membership.
This e-mail was not sent by Metro MLS. The e-mail From
[email protected]
was spoofed meaning someone made it appear that the e-mail was sent from the Metro MLS admin department; a sharp eye however, reveals a different reply to address,
[email protected]
. (the address has already been reported to google as spam sender)
A bogus "reply to:" e-mail address is the first sign something is wrong, other clues are: The missing salutation (who is the intended recipient?), The vague request with no details (which dates?, which amounts? Which invoices?) and the oddly constructed sentences.
The e-mail as received by one of our members:
Here is the exposed reply to: address:
How did this bad actor get my e-mail address? It's almost impossible to tell, the source could be one or many sources including any public or private rosters, referral service databases, hacked e-mail accounts and compromised computers with contact data on them.
What was the intention of this Spam e-mail? The intention is hard to tell, the e-mail has no malicious links or attachments, just a vague request to confirm information. A best guess would be that the bad actor hoped to get a dialog going that would possibly end up with the bad actor requesting payment information or credentials to verify account info.
Thanks for your attention - and here is an example of a real Metro MLS Signature: