A phishing scam from Howard Lorber’s company email address was detected a week after a hack and data leak at Corcoran.
If earlier this week you received a suspicious email from Howard Lorber, the chairman of New York City-based brokerage Douglas Elliman, send it to spam. A Douglas Elliman source confirmed to Inman that a phishing email was sent to numerous recipients purported to be from Lorber’s company email account.
The source confirmed that no personal data from anyone at the company, or any of its clients, was at any risk as a result of the link being sent around. The source, however, declined to speak on the record about what infrastructure is currently in place to protect company email accounts.
A separate source confirmed to Inman that it had received the suspicious email from Lorber, which contains a nondescript link.
It’s not clear if Lorber’s email had been compromised, or if a scammer was spoofing his email address — a common practice where scammers make it look like the message is coming from a friend, associate or family member.
“It’s easy to spoof logos and make up fake email addresses,” according to the Federal Trade Commission. “Scammers use familiar company names or pretend to be someone you know.”
The hack comes slightly more than a week after an email breach at New York City competitor Corcoran, which resulted in the companywide share of internal information, that previous reporting from The Real Deal said contained commission split data.
“During the afternoon of Friday, September 13, 2019, we determined a Corcoran employee’s email account was compromised and three emails containing inaccurate and misleading Corcoran information were distributed within Corcoran in a deliberate attempt to distract employees and agents, disrupt business and cause damage to Corcoran,” a spokesperson for Corcoran told Inman in a statement, a few days after the hack.
Phishing emails are intended to get you to click a link and subsequently install malicious software on your computer.
“If you click on a link, scammers can install ransomware or other programs that can lock you out of your data and spread to the entire company network,” according to the Federal Trade Commission. “If you share passwords, scammers now have access to all those accounts.”