Recently a few of our clients were recipients of phishing email leveraging scare tactics, also known as the Phantom Extortion Scam. This scam involves cyber criminals sending fake emails or messages to individuals or businesses, claiming that there has been a security breach or incident involving sensitive client or organization data. The cyber criminals then threaten to leak or use this data in a malicious way unless a ransom is paid.
Please be aware that these messages are likely fraudulent and are designed to trick you into responding and potentially providing them with information or money. If you receive an email that claims that your data has been compromised, please do not click on any links, download any attachments, or provide any personal or business information.
Instead, for our clients, please contact us immediately so that we can investigate the matter further or work with your internal team to assess it. For our prospects, please reach out so we can tell you how we can help.
To protect yourself from this type of scam, here are some recommendations:
- Do not panic
- Do not respond to the actors
- Ensure that you report it to your internal incident response team
- Keep a record of it, and
- Ensure you have the appropriate discovery tools in place to identify a possible breach
Here are a couple examples of the emails: