Published: March 21, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
With email among the top productivity tools in our everyday lives, we know cybercriminals have adopted it for their benefit, too. And now, according to an alert by the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA), there’s a new and highly lucrative email phishing campaign making the rounds.
Both agencies are sounding the alarm about a particular version of this phish, wanting the public to know how it works. Awareness can help prevent it from taking a big bite out of our bank accounts and opening the door to further attacks.
The Fear Factor
The advisory warns a popular version of these phishing attacks happens when targets receive an email warning a subscription is “about to expire,” saying it will automatically renew for the price of several hundred dollars. Often, it’s anti-virus software. Hackers know most users will open the email and follow instructions to prevent being charged. Fear, especially combined with finances and pressure to act quickly are a motivating mix for criminal success.
Now on the hook, email recipients are told to call a “help desk” which, is controlled by the hacker. They’re told to download a remote monitoring and management (RMM) software to resolve the situation and cancel the subscription payment. The hacker also convinces the now-victim to open their bank account while the RMM is active. Once done, the attacker has unfettered access to the money, and a quick getaway is assured.
RMMs are legitimate software and are often used by IT departments to manage users computers on the networks without having to pay a visit to a desk, or more often now, a home. But hackers found a way to exploit them. RMMs can bypass anti-viral protections, administrative privileges, and software management controls. Once inside a system, other crimes like ransomware attacks and identity theft may not be far behind.
Thanks to this email phishing attack’s success, downloading RMMs now deserve our attention and suspicion. The advisory states, “Threat actors often target legitimate users of RMM software. Targets can include managed service providers (MSPs) and IT help desks, who regularly use legitimate RMM software…”
To protect yourself and your finances, be aware of email subject lines and content “warning” about unexpected subscription fees. Don’t fall for the fear factor and don’t download tools to your computers or devices unless you are 100% certain they are safe. It’s always advised to ask your manager or IT support if in doubt.
Awareness is a great prevention tool for avoiding email phishing and other cybercrimes, so be sure to share the news with friends, family, and co-workers. You never know, one day they may thank you for it!
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com