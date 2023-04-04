It's bad enough when you are the victim of a ransomware attack and you get an email saying you've been hacked and you need to pay up or else. Now threat actors have a new phishing scheme - telling you that you have been hacked (when you haven't), and using your response as a method to attack. It is like the fabled boy who cried wolf - except that when you respond, he actually purposefully releases the wolf.

While the scheme is somewhat new, it relies on the same old tried and true phishing techniques:

Engineered legitimacy. A bit of truth amongst a sea of garbage will go a long way to convince a victim.

A bit of truth amongst a sea of garbage will go a long way to convince a victim. Social pressure. Threats of repetitional harm or other non-direct damages.

Threats of repetitional harm or other non-direct damages. Asymmetrical financial offer. The cost to pay is often much less than the perceived total cost - both direct financial costs and the indirect costs alluded to by the social pressure.

Don't fall victim! Stop, take a breath, and have your IT folks fully investigate any claims before responding. Doing so may prevent you from actually becoming a victim.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.