New Twists on Ransomware Spear-phishing Attacks
In recent years we have seen an increase both the number of spear phishing campaigns, and increased ingenuity as to the ways that scammers try to assist you in getting your systems infected, or attempt to fleece you out of money.
In the past, this may have been something sent via emails that used official-looking emails complete with a financial institution’s corporate logo, or they could get phone calls from a fake bank account executive. The email or caller could tailor an email to the customer with personalized information they downloaded, making it seem like it was a legitimate email.
The fake bank account executive or emailer would then indicate there is an urgent problem with the customer’s account, and then ask for birthdates, Social Security numbers or passwords. The virtual trap could also be set by the official-looking email asking customers to click on a link embedded in the email to, say, update their account information. However, the link takes the unsuspecting victim to a fake but legitimate-looking website, where the customer is then tricked into listing passwords, bank account numbers, Social Security numbers, user ID’s, access codes, and PIN’s.
Some recent twists on the above are:
An email that spoofs your email account in the emails “sent from” field. The body of the scammer’s email claims that they have already hacked into your system via a porn or adult dating website that you “supposedly” recently visited. The email indicates a direct threat to email explicit photos or videos to all of the contacts in your email system, specifically to your employer, and/or the police, if you don’t send money to a specific destination as of a specific date and time.
One or both of the following may be included:
- Instructions on where to go to pay the ransom.
- Clickable links that direct you to site to pay a ransom, and/or a link that actually infects your system with encryption malware, which subsequently locks you out of your system, with another ransom demand in order to get a key to un-encrypt your drive(s).
Typically, the best thing to doing in these situations is to immediately delete the email, and clear it out of your mail deleted mail folder and the follow-up with staff on how to be diligent about recognizing and handling these sorts of threats.
– John