Threat Alert: MORTGAGE PAY-OFF-Themed Lures Steal Credentials

• A series of phishing attacks are using mortgage pay-off-themed lures.
• The lures come from purported senders like “RTG Sunbelt Title Pace” at noreply@mechleric[.]com and use the subject line “Mortgage Pay-off for Review.” 
• The lures, designed to trick users into going to a credential phishing page, contain a link to a purported secure file share page.
• Clicking on the lure leads to a fake authentication page that then steals user credentials, multi-factor authentication tokens, and session cookies.

Key Action: Report Suspicious Emails 

• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link or asks you to provide credentials.
• Be cautious of clicking on URLs, particularly in unsolicited. Instead, always navigate to a website directly through a known URL or a trusted bookmark.
• Report ANY suspicious emails received in your UCSF email box using the Phish Alarm button.