'Security Breach - Stolen Data' Email Scam

After examining the 'Security Breach - Stolen Data' emails thoroughly, cybersecurity researchers determined that they were fraudulent extortion letters. The malicious campaign includes at least two variations of the letter, with the attackers using the names of notorious cybercriminals to intimidate the recipients and give legitimacy to their threats. The letter's primary aim is to extort money from the recipient by falsely claiming that they have compromising information or incriminating evidence that could harm the victim's reputation or business.

The 'Security Breach - Stolen Data' Scam Emails Rely on Fake Scares

After analyzing the contents of the email, it has been identified as a fraudulent extortion letter that comes in at least two different versions. The letter claims to be from either the Surtr or Midnight cybercriminal groups and states that they have obtained sensitive data from the recipient's company due to a security breach.

The letter further threatens to expose the supposedly stolen data, which includes HR records, employee records, and personal and medical data of employees, if the recipient fails to take action. The perpetrator demands that the recipient contact directors via a specified email address using only their corporate email. The recipient is then expected to enter a secure chat to negotiate payment for the return of the stolen data.

In the second email variant, the sender claims that there has been a security breach at the recipient's company carried out by the Midnight group. They allege that 600 GB of sensitive information, including HR and employee records and personal and medical data of employees, has been accessed.

The email asks the recipient to inform managers of the breach and provides several reasons for doing so, including the severity of the stolen information, potential consequences for the company and partners, and strict regulatory laws in America.

The sender also threatens to harm customers and staff if the recipient's employer does not pay and provides an email address for managers to contact the group. The email promises to provide a comprehensive listing of the stolen files and instructions on what to do next.

Pay Attention to the Typical Signs of a Deceiving Email

Users can rely on several signs to recognize a scam or phishing email. These include unexpected or suspicious email addresses, such as an unfamiliar sender's name or domain, especially if it is not related to the supposed sender. Another sign is poor grammar, spelling mistakes, and awkward phrasing, which can indicate that the email was not written by a native speaker or was generated by a machine.

Additionally, scam emails often use threatening or urgent language to scare recipients into responding quickly, such as claims that their accounts will be suspended or terminated unless they take action immediately. These emails may also offer overly generous rewards or prizes, such as lottery winnings or free gifts, to lure recipients into clicking on links or downloading attachments.

Users should be wary of emails that request personal information, especially sensitive data such as passwords, credit card numbers, or social security numbers. Legitimate companies and organizations typically do not request this information via email, and users should not provide it unless they are sure that the request is genuine.

Finally, users should check the URL of any links in the email, as phishing emails often use deceptive links that appear to go to legitimate websites but actually redirect users to fraudulent sites. Users can hover their cursor over the link to view the URL and ensure that it matches the supposed destination.