METHOD: Scammers Use Breached Personal Data in Phishing Campaigns

Scammers often use a wide spectrum of social engineering methods when persuading potential victims to follow the desired course of action. Recent campaigns are using details gathered in mass breaches such as passwords, email addresses, and other personal information gained from past data compromises. Such example of scams include:

 

1) Personalized Porn Extortion Scam
This campaign involves the sender claiming to have the evidence of the recipient’s porn viewing activities, and then demands payment in exchange of “suppressing” the evidence. It is also observed that the scammer utilises personal information about the recipient beyond just the name, such as a real password the recipient used that was discovered in a data breach dump. Attackers have also been observed claiming to have RDP (remote desktop protocol) access to your computer as a means to watch you while you browse the pornography sites. The scam often demands payment via non-trackable cryptocurrency like Bitcoin and deems this as “privacy fees.” The real user password used in the scam was likely to have been obtained and in one of the mass data breaches that includes email addresses, passwords, and other personal information.

2) Data Breach Lawsuit Case
In this case, the scammer utilizes the victim’s phone number to prove that the victim has sensitive data that was leaked. The scammer poses as an entity that is preparing to sue the company that allegedly leaked the data:

“Your data is compromised. We are preparing a lawsuit against the company that allowed a big data leak. If all our clients win a case, we plan to get a large amount of compensation and all the data and photos that were stolen from the company. For example, we write to your email and include part your number ****** from a large leak.”

The sender’s objective is to solicit additional personal information from the victim under the guise of preparing the lawsuit, possibly requesting the social security number, banking account details, etc.

Proficio Threat Intelligence Recommendations:

  • Enabling spam filters to recognize and prevent emails from suspicious sources to reach the inbox of employees.
  • Do not email or reply the scammers.
  • Paying only highlights being vulnerable and you may be targeted by the scammers again.


General Information on Campaigns – Click Here

Recent Blog Posts

Stay Ahead of Evolving Threats

Sign up for our free newsletter and receive invaluable threat notifications from our Threat Intelligence team.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.

REQUEST A DEMO

Experience Tomorrow’s
Security Today

Request a Demo and Experience Proficio's
Innovative Solutions in Action.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.