The emails prompt you to download a Social Security statement, but clicking will allow malicious actors to install a remote access tool called ScreenConnect.
Another day, another scam. Cybercriminals are sending fake Social Security emails to trick victims into installing a remote access tool on their computers, Malwarebytes reports.
The emails appear to come from the Social Security Administration (SSA) and prompt you to download a Social Security statement. Quite often, the entire email is in the form of an image, and clicking on the download link will allow malicious actors to install a remote access tool called ScreenConnect.
One of the fake Social Security emails in circulation (Credit: Malwarebytes)
The attack has been linked to a phishing group called Molatori. Their primary goal is to take control of your PC, steal sensitive or banking information about you, and commit financial fraud. They can also use the stolen data for identity theft and other harmful activities.
To avoid falling for this trap, pay attention to your messages. Since these emails are generated on compromised WordPress sites and are delivered as images, they tend to pass through email filters quite easily. You’ll have to verify the source of the email independently and avoid clicking on links to open or download files unless you’re sure they are not malicious.
To download Social Security statements, the SSA recommends visiting ssa.gov and accessing them yourself.
(Article Credit: https://www.pcmag.com/news/beware-this-social-security-scam-installs-remote-access-malware-on-your)
