We're talking about enough information to create a list of people who are in the process of making the largest purchase of their lives, coupled with the name of the businesses that they're considering sending money to and the exact dollar amounts that they're considering sending.

Scammers pay a lot of money to people who can get them those kinds of lists.

Except that's not how it works. You don't pay the mortgage company, you pay the seller.

In the U.S., you pay the title company which acts as or with an escrow company. The escrow company disperses funds to the correct companies once the proper paperwork and all conditions of the sale are met. This could include paying the mortgage company fees and prepaid interest or paying the seller.

As others have mentioned, title fraud. My recent closing disclosure has buyer, seller, agent, and title company. It'd be pretty easy to call the buyer claiming to be the title company and request a wire for exactly the right amount to a fraudulent location.

I'm skeptical anyone here has actually bought a house. That's not how it works at all.

Not sure what you mean. Just bought a house in the U.S. last month.

Title company called and left a voicemail saying they emailed wire instructions and to call to verify with them then check with lender on correct closing amount. The email came from the title company domain so it was easy to verify but literally anyone could have called and mentioned the same.

Because every country has agreed on a standard procedure

Why would that be a factor? This website only analyses US based loans.

Public info that you bought a property is entirely different from info about all the properties you are searching for and seriously considering. Especially being able to couple that with what you eventually did later.

If you're uploading a loan estimate you've already made a loan application for a specific house- this isn't going to give them information on every house you were considering, it is probably just the single house which accepted your offer and are shopping around for financing.

Why would a name and a random property address have value before the transaction, but not after it?

Well, one is before they spend a lot of money, and the other is after. In only one of those scenarios are they prone to spear-phishing wire fraud on the Title deposit. The victim is already primed, and has indicated they have gobs of money set aside.

You are also signalling that you have enough money to buy said house and are actively in the process of doing so which makes you a mark. And if there is a whole DB of this info readily available...

Anyways the security could be fine. But if a user's primary action is uploading that document then maybe wanna have more than a quick sentence on it.