It's bad enough when you are the victim of a ransomware attack and you get an email saying you've been hacked and you need to pay up or else. Now threat actors have a new phishing scheme - telling you that you have been hacked (when you haven't), and using your response as a method to attack. It is like the fabled boy who cried wolf - except that when you respond, he actually purposefully releases the wolf.
While the scheme is somewhat new, it relies on the same old tried and true phishing techniques:
- Engineered legitimacy. A bit of truth amongst a sea of garbage will go a long way to convince a victim.
- Social pressure. Threats of repetitional harm or other non-direct damages.
- Asymmetrical financial offer. The cost to pay is often much less than the perceived total cost - both direct financial costs and the indirect costs alluded to by the social pressure.
Don't fall victim! Stop, take a breath, and have your IT folks fully investigate any claims before responding. Doing so may prevent you from actually becoming a victim.
/Passle/63109459f636e905f41c4854/SearchServiceImages/2023-05-26-04-20-42-268-6470339a90422089088b7df3.jpeg)
/Passle/63109459f636e905f41c4854/SearchServiceImages/2023-05-11-21-20-26-210-645d5c1ace655ad46684800c.jpg)
/Passle/63109459f636e905f41c4854/SearchServiceImages/2023-04-24-18-48-19-707-6446cef35d3471c06954b7cd.png)