Security Stories of Interest
Pennsylvania State of Security
The following article refers to a real and present danger/issue and we have seen some of these ourselves as well as with our boroughs. Because, at this point, everyone’s data has been hacked in some form or another, hackers now have enough information to truly convince you that you have serious issues when you do not. The scheme is that they were able to get a hold of your phone number maybe, your pet’s name, and, in a lot of cases, one of your actual passwords. This leads to a ransom note, directed specifically to you, where they give you one of the passwords you use daily and they may have even more personal information. Enough to convince you that they might be telling the truth. Here is where it gets interesting. They will pick something that they “think” you may have done. If they hit a nerve, and convince you they are for real, then they want ransom money to not release the data they collected. For instance, they may say that they have compromising pictures that they obtained from your Email and they actually give you your Email password, or, an old Email password. In many cases, there is no concern because what they said they intercepted simply does not apply to you. However, they have been stepping up their game. So, lets put this a bit closer to home. If you use the same password for your Email as you do for another service and that service was hacked, then they could tell you that they skimmed social security numbers from your Email box and will publish them and inform your clients that you leaked the information. At that point they provide you with the actual password for your Email box. They are guessing that your Email password was the same as the one they hacked. But, if that is the case, can you see how this might be alarming? Please be on the lookout for these types of scams as they are going to get more and more complex because the hackers already have ALL of your data. They just need to guess right 1 in 10,000 times. Our recommendation, should you receive one of these types of notices and you recognize the password they provide, is to immediately review passwords for all of your accounts and if the one they provided is active anywhere, change it immediately. If this involves a PSAB account, and it should not as we have controls in place for this type of issue, notify IT immediately and take NO action. Let us deal with it. As always, if you have any questions, feel free to ask. Following is a brief article about this new type of ransom scam:
Sextortion plot uses public breach data to trick victims into thinking they were hacked
Have a nice weekend!
Contact Us to Get Started
"Your passport to all things web."
To contact us after hours please use the panic button.
Fees may be incurred depending on reason for support.