Albuquerque
--°

SCAM WATCH

GAAR warns members not to fall for 'locked window' login scams

Ellen Marks Ellen Marks
Published

Login windows that come up while going to a trusted website can be faked in a deceiving way that can threaten your email and even your identity.

The problem has been hitting the Greater Albuquerque Association of Realtors especially hard lately, but it can happen to anyone.

The scheme starts with a login pop-up window that looks like your basic Google or Microsoft sign-in prompt, with familiar branding and a seemingly valid address in the corner.

You enter your email address and password and are told to complete a verification step with a link sent to your phone. Once you do all this, you continue to the website without any clue that you’ve been duped.

Cybercriminals are behind the fake pop-up, which has been created to steal your email, password and sometimes two-factor authentication codes.

“Basically, it’s a phishing attack wearing a Halloween costume and hoping you don’t look too closely,” says a GAAR blog.

The address bar displays a legitimate URL, although it isn’t a real browser address bar. It’s merely a part of the design.

An example of what a locked window login scam would look like.

“Our metro area has really been hit,” says Chris Venegas, president of GAAR. “It can happen to anyone, especially the sales industry, where people are excited” about a potential sale.

Local real estate agents have received contact with a supposedly interested buyer asking for a meeting on Zoom. They even cite a particular property, he says.

However, the calendar invite they send contains a fake Zoom link. It’s tricky because a real estate agent who wants to make a sale “is not wanting to look for the negatives.”

Here are a few things to watch for:

  • A fresh login request suddenly appears, even though you have already logged into Google or another site.

  • When you try to drag the pop-up, it doesn’t move. While a legitimate window moves freely, a fake one stays locked inside the page.

  • Don’t accept the address on a pop-up. Check the URL in the address bar of the actual webpage.

  • Be cautious when “the pop-up is unusually eager, like a salesperson who gets paid by the password,” the GAAR blog says.

Contact Ellen Marks at emarks@abqjournal.com if you are aware of what sounds like a scam. To report a scam to law enforcement, contact the New Mexico Consumer Protection Division at 505-490-4060. Complaints can be filed electronically at nmag.gov/contact-us/file-a-complaint/.

greater albuquerque association of realtors cybersecurity opinion fake login pop-ups phishing scams real estate agents
Powered by Labrador CMS