Beware of Social Security Scams That Give Hackers Full Access to Your Computer
If you receive an email claiming your Social Security, proceed with caution: Hackers are posing as the Social Security Administration (SSA) to trick people into installing a remote access tool and handing over full control of their devices, according to a new report from Malwarebytes Labs.
The SSA is no stranger to phishing scams: Last month, the Office of the Inspector General issued an alert warning the public about fraudulent emails purporting to contain Social Security claims that actually resulted in the creation of fake websites.
How the Social Security Phishing Scam Works
The current attack is the work of a phishing group known as Molatori. It begins with an email that appears to come from the SSA with the message “Your Social Security Statement is now available” and an invitation to download the attached document. The supposed operator is actually a ScreenConnect client that provides remote control of the affected device.
ScreenConnect is a legitimate remote support platform for IT professionals that helps users set up systems and resolve technical issues while providing the same access as if they had your device at hand. Once hackers gain control of your computer through ScreenConnect, they can use it for anything from installing malware to transferring files and accessing sensitive data such as bank account information and financial accounts, all without your knowledge.
The main goal of this campaign is believed to be financial fraud, but as always, the stolen data could be used for identity theft or sold to other malicious groups.
As described by Malwarebytes Labs, the scheme is difficult to identify, in part because the phishing emails originate from hacked WordPress sites with legitimate domains. The body of the email may also be sent as an image rather than text, making it difficult for filters to detect it as malicious.
How to protect yourself
All general precautions to avoid phishing apply here. Do not click on links, download or open files or attachments sent by email, especially if the message is unsolicited. Go directly to the company or organization’s website to find important documents and check connections. Attacks coming from compromised (but legitimate) domains are harder to detect, so be especially wary of anything you’re asked to download, click, or fill out in an email.
If you’re unsure whether an email or message is real and safe, Malwarebytes also suggests copying some of the text into a search engine to determine if it’s part of a known phishing campaign.