S’pose you are working hard, trying to meet the customers’ expectations, and yet, you get to hear the dreaded words - “let me speak to your manager” or “corporate will hear about this.” Pretty jarring, no? Over the past few days, scammers have been trying to prey on this very fear.
About the scam
Sophos found that fake corporate complaints are surging and using targeted attacks to deploy malware. The emails come in the form of complaints from your boss or colleagues and use fear-inducing verbiage. The scammers hope that the targets would act without thinking and open the malicious attachment in the emails. While the first few emails were sloppy, the attackers soon got their act together.
Why this matters
While spear-phishing is not a high-tech cybercrime, they can make a template, which may be taken seriously by many employees; even the outsourced ones. These emails may have high success rates with junior staff, where time constraints are high and most likely to be threatened by aggressive callers.
Some latest scams
The U.S. SEC warned investors of a scam in which the attackers are masquerading as SEC officials in fraudulent schemes. The scammers are contacting investors via emails, letters, voicemails, and phone calls.
RedCurl, a corporate espionage threat actor, has resurfaced with new tools after a brief hiatus. It has already breached four companies this year, with two of them located in Russia.
More than 125 TikTok influencers found themselves sucked into a scam in which emails warned them that either their accounts might get deleted due to copyright violations or they might be eligible for a verification badge.
The bottom line
Phishing attacks and scams have considerably evolved lately and staying safe has become harder than ever. Experts advise users to never be threatened or feel pressured to act in haste as it is exactly what the hackers are looking for. Moreover, while communicating with staff, it is always advised to use official channels.