By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post
If you or someone you care about is one of the 71.6 million people receiving social security, you need to be aware of a new email scam making the rounds.
According to Malwarebytes these fake emails claim to come from the Social Security Administration and install a remote access tool, ScreenConnect, onto the victim’s computer.
What can a tool like ScreenConnect do?
Tools like ScreenConnect provide full remote control of a computer; an unauthorized user with access can operate your computer as if they were physically present. This includes running scripts, executing commands, transferring files, and even installing malware—all likely without you realizing someone else is controlling your system.
Once your system is compromised, the bad actor can pillage whatever data they want!
The scam emails claim that the user has a new Social Security statement to download:
Image of scam Social Security email from Malwarebytes
There are some variations to the email, but the example above shows how legitimate these emails look.
And yes, the Social Security administration does offer online statements and online access to your Social Security account, so that makes this email scam extra confusing. However, they do not generally email actual statements to users, just reminders that online statements are available or other alerts; the emails would not ask you to download anything.
After the remote access software is installed on the target’s computer, the cyber crooks can do whatever they want; access and exfiltrate sensitive information such as banking details, personal identification numbers, and confidential files. The pilfered data can then be used to commit identity theft, financial fraud, and other harmful acts. Experts studying the campaign are fairly confident the primary goal is financial fraud. These crooks could easily get access to your bank accounts and drain them via this scam.
These are well-done scam emails, and difficult to detect for several reasons. First, they are sent from compromised WordPress domains, so they can appear to be using legitimate domains.
The emails often embed the email content as an image, meaning email filters can’t scan and block based on text in the email. Finally, ScreenConnect is a legitimate application so your anti virus will likely not block it.
To avoid falling for a phish, always be cautious when dealing with unsolicited emails like this:
- Stop and ask yourself if the sender would actually contact you via email when they never have before.
- Take the time to verify the source of the email independently, call the alleged sender through a number obtained from their legitimate website, or previous correspondence.
- Don’t click on links in unsolicited emails.
- Always use an up to date anti virus on all your computers.
- If you think an email is a scam, take a name or some text from the message and put it into a search engine to see if there are any known phishing attacks using the same methods.
Be aware of scams like this, and inform your loved ones to watch out for this one, it’s a doozy.
Stay safe online, and don’t click those links!
Image from Groundhog Day movie – ‘watch out for that first step it’s a doozy!’
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.