Imagine this scenario: you’re going about your daily tasks when you receive an email from a cybersecurity company claiming that you have become the target of a hacking attack. Now, you don’t work in IT, so you’re not sure what your security agency is or what security policies or procedures you have in place, so you trust the message and respond to the email. Unfortunately, the message came from a cyberthreat, and now you are on their hook, line and sinker.
Cyberthreats Can Masquerade as Cybersecurity Companies
Believe it or not, hackers have the gumption to impersonate cybersecurity companies and trusted resources in an attempt to subvert even the most careful employees. One such phishing campaign has been detailed by the security researchers at CrowdStrike, a company who has had their name dragged through the mud by cyberthreats impersonating them. This particular campaign had users calling a fake helpline to get support, which in this case means that the hacker remotes into a victim’s computer while the user is helpless on the other side of the line.
The worst part is that for someone who isn’t necessarily scrutinizing the message, it could be seen as legitimate. The email contains language about outsourced security providers, something which is increasingly common nowadays, abnormal activity, and potential compromise, all of which could be misconstrued as true if you aren’t careful. The phony email contains a case number and contact information to address the concern. When the victim calls the number, the hacker installs a remote access tool onto their device, allowing them to gain access to the device at their leisure.
What’s the Motive?
As for the motive behind such an attack, it’s not necessarily clear at the moment. It could be that the attackers simply want to infect systems for later remote access. It is also possible that they want to profit off these infections by selling access to infected devices to the highest bidder. In any case, it’s a dangerous situation to be in, and certainly one that you should be wary of.
What Should You Do?
In just about all circumstances, your security company or department is not going to contact you in the way addressed above. It’s incredibly important that your employees know this, too. To keep you from making the same mistakes outlined above, we recommend you do the following:
- Verify the sender’s identity through secondary methods
- Look for spelling errors, grammatical issues, or inconsistencies
- Contact your own IT department, not the one in the email
To learn more about how you can get your team the training they need, contact Wolk9IT at (646) 741-1166. To read more newsletter content from Wolk9IT click here.