At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Warning: Phishing Campaign Impersonates the US Social Security Administration

    Researchers at Malwarebytes warn that phishing emails are impersonating the US Social Security Administration (SSA) to trick users into installing the ScreenConnect remote access tool.

    ScreenConnect is a legitimate tool used for remote IT management, but it can be abused by hackers to take control of victims’ computers.

    “Because ScreenConnect provides full remote control capabilities, an unauthorized user with access can operate your computer as if they were physically present,” Malwarebytes explains. “This includes running scripts, executing commands, transferring files, and even installing malware—all potentially without you realizing.”

    The phishing emails, sent by the Molatori cybercriminal gang, state, “Your Social Security Statement is now available. Thank you for choosing to receive your statements electronically. Your document is now ready for download.”

    If a user downloads the attached file, a ScreenConnect client controlled by the attackers will be installed on their system.

    “After cybercriminals install the client on the target’s computer, they remotely connect to it and immediately begin their malicious activities,” Malwarebytes says. “They access and exfiltrate sensitive information such as banking details, personal identification numbers, and confidential files. This stolen data can then be used to commit identity theft, financial fraud, and other harmful acts.”

    Malwarebytes offers the following advice to help users avoid falling for these attacks:

    • “Verify the source of the email through independent sources
    • Don’t click on links until you are sure they are non-malicous
    • Don’t open downloaded files or attachments until you are sure they are safe
    • Use an up-to-date and active anti-malware solution
    • If you suspect an email isn’t legitimate, take a name or some text from the message and put it into a search engine to see if any known phishing attacks exist using the same methods”

    Malwarebytes has the story.

    With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you not only handle the phishing attacks and threats—and just as importantly—effectively manage the other 90% of user-reported messages accurately and efficiently? PhishER.

    phisher-01

    To learn how, get a product demonstration of the new PhishER Security Orchestration, Automation and Response (SOAR) platform. In this live one-on-one demo we will show you how easy it is to identify and respond to email threats faster:

    • Automate prioritization of email messages by rules you set that categorize messages as Clean, Spam, or Threat
    • Augment your analysis and prioritization of messages with PhishML, a PhishER machine-learning module
    • Search, find, and remove email threats with PhishRIP, PhishER’s new email quarantine feature for Microsoft 365 and G Suite
    • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox.
    • Easily integrate with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:Live Demo: Identify and Respond to Email Threats Faster with PhishER

    Sign Up to the TIO Intel Alerts!

    Back To Top