Don’t fall for this email-based scam and scare tactic…
A new extortion tactic has been spreading via email scam
A new extortion tactic has been spreading via email scam. The email threatens recipients with a ransomware infection that purportedly will destroy all data on their devices if they don’t pay up. According to an article from Dark Reading, the hackers do not have ransomware in hand, but are using this threat as a technique to get people to click on the links or files in the email and pay the extortion sums.
Phishing emails are becoming more targeted and convincing, and often may even reference items specific to your operations, industry and personal context. The criminals purpose with a phishing email is usually to either trick you into giving up money or personal information (i.e. click here to reset your password…), or to trick you into downloading malware via a link or attachment.
Rubica’s cyber analysis investigated a targeted phishing email which convinces the user to click a link in order to download an invoice for an overdue payment. The invoices themselves were fake and, if paid, the money would have been transmitted directly to the cyber criminals. The word docs themselves contained a malicious “macro” (program within Microsoft word) that downloads and installs malware on the user’s device.
Rubica was able to automatically block the user’s devices from responding to the phishing link and downloading the Word document, thereby preventing this highly malicious cyber-attack.
Tips on how to spot a phishing email:
1. Hover over links and buttons to see whether the URL looks suspicious
2. Don’t contact the scammers
3. Avoid emails with spelling errors and vague or threatening language
4. Check the sender’s email address (not just the display name)
5. Don’t click on prompts that urge you to download or “upgrade”
6. Were you expecting this email from this particular sender? If not, be suspicious and question its veracity before taking the action suggested in the email.
Contact us if you have any questions about any cyber security matters.
