Spear-phishing 2.0

Last month, we offered a reboot on an article first published in August 2017 on “spear-phishing” – the targeted attempt to get a specific party to transfer funds or information to a cyber-criminal for nefarious purposes.  However, in the last month, we’ve received numerous reports from clients that they have received a new type of spear-phishing request – one that attempts to blackmail them into paying to suppress potentially embarrassing information.

For example, the following email was received by a client earlier this month.  In this email, the sender properly addresses the sender, and even includes an example of a password formerly used by this user as an attempt to influence the recipient to believe that they’ve been “hacked”!

In reality, this sender has purchased this password information on the dark web; likely purchased after having been gained in one of the well-publicized data breaches like the 2013 Yahoo event and are using this information to coerce this recipient into payment.

Remember, the best defense against cyber-crime is a healthy dose of skepticism.  Keep Calm, Compute On!