Don’t Get Fooled by the Latest Phishing Scam
Ragtag is creating resources to help progressive campaigns & organizers stay ahead of malicious online attacks.
A recent study shows that 1% of all email sent now are malicious. Attackers use various methods to get users to give up their usernames and passwords, bank account or credit card info, or send them money directly. Campaigns are especially vulnerable to phishing attacks because they give volunteers, who may lack the know-how to spot a malicious message, access to critical tech infrastructure and data.
We wanted to spotlight a phishing tactic that’s been on the rise the last several weeks and is increasingly being sent to campaign and progressive activist staff members. The emails cleverly use data from the ongoing rash of security breaches to scare the reader into believing that the attacker has accessed their accounts or computer. Specifically, the email subject line contains a password matched to the recipient’s email address that was exposed in a breach. The rest of the email threatens to release a video of the user watching porn if a ransom isn’t paid in Bitcoin within a short time frame. The video does not exist. The attacker obtained the password through the data breach, not by accessing the email recipient’s accounts or computer. Security researcher Brian Krebs has a great breakdown of the scheme if you want to see more details. If you receive an email like this, it’s safe to ignore it.
Ragtag is currently offering free security trainings, including one on how to spot phishing emails and what to do if you get phished, and another that will help you secure your account even if your password is exposed. Our trainings are open to campaign staff, volunteers, and candidates. Check out our training schedule to get signed up for yourself.
Don’t need a training but have a specific campaign tech security question? Submit a request for 1:1 support at Campaign Helpdesk.
