“You have 48 hours after reading this letter”– How to Identify the Latest Phishing Scam

“You have 48 hours after reading this letter”– How to Identify the Latest Phishing Scam

One of the latest phishing scams affecting small businesses is a message that alleges “your email account and device <have> been hacked” and that “we have installed one RAT software into your device.”

The suspense-inducing language used in these scams is meant to incite action on your part. Thankfully, this message is a fake — your email and other accounts have not been hacked.

Of course, this doesn’t mean you can disregard all phishing attempts. If you were to receive a worrisome message or one like it, here are steps you should take to prevent actual attacks from compromising your business or personal information.

 

What’s happening? 

Groups on the dark web have created a spam campaign to trick victims into thinking they have been hacked. The hackers behind this scam threaten to have used spyware to illegally obtain your search history and video of you. Then they say they’re going to release reputation-damaging information if you don’t pay them within a certain period of time, which may vary from attack to attack.

While the dire language might raise some red flags, this scam is making headlines because, for many people, it contains personally identifiable information (PII) like usernames, email information or passwords. Most of the time the password or PII the hacker references are outdated, but it’s still close enough to the truth to incite concern for someone receiving a suspicious email.

If you’re wondering how these hackers got your PII, your password may have been exposed through any number of breaches over the years (Equifax, LinkedIn, Adobe, etc.) and they’re repurposing it now to frighten you.

 

Here’s how it looks for businesses

In our research, most people receiving these emails get a word-for-word transcript from the attackers, which helps shed light on the fictitious nature of the threat. To help you identify the threat and familiarize yourself with identifiers in the language, here’s an email one of our own team members received (though the dollar amount asked for may vary): 

Hi, dear user of <your website>

We have installed one RAT software into you device.

For this moment your email account is hacked (see on <from address>, I messaged you from your account).

Your password for <your email>: password1

I have downloaded all confidential information from your system and I got some more evidence.

The most interesting moment that I have discovered are videos records where you <profanity>.

 I posted my virus on <adult> site, and then you installed it on your operation system.

When you clicked the button Play on <adult content>, at that moment my trojan was downloaded to your device.

After installation, your front camera shoots video every time you <profanity>, in addition, the software is synchronized with the video you choose.

For the moment, the software has collected all your contact information from social networks and email addresses.

If you need to erase all of your collected data, send me $800 in BTC (crypto currency).

This is my Bitcoin wallet: <omitted because these people are criminals>

You have 48 hours after reading this letter. 

After your transaction I will erase all your data.

Otherwise, I will send video with your pranks to all your colleagues and friends!!!

And henceforth be more careful!

Please visit only secure sites!

Bye!

How to protect your PII   

First and foremost, do not pay the cyber criminals. If the password mentioned in the email is your current password, then you should change it everywhere it’s in use. If it’s an old password that is no longer in use, then you can simply ignore the message. 

Do, however, change your current password if you are using password patterns that match the old one. For example, if your old password was “Kevin2011” and your current password is “Kevin2018” — that is not a good practice, and you should change the current password to be unique.

The best way to avoid these sorts of risks is to create dynamic, secure passwords and install two-factor authentication wherever possible. You should also keep track of your passwords with password managers tools.

If you’re worried your PII has been exposed, check out our free Dark Web security monitoring tool to identify what credentials (if any) have been compromised. 

If your PII has been exposed, Switchfast offers Dark Web security monitoring services to help locate personal and business PII.