Are You About to Be a Ransomware Victim?

Did you know that cyber scammers check you out before launching a ransomware attack? Absolutely. Scammers are in business, too. They want to increase the chances that you’ll be a ransomware victim who is worth their time. Plus, they want to see if they can access your systems without detection. 

So, how do you know if a scammer is checking out whether you are ripe for the picking? A Sophos News article by Peter Mackenzie, The Realities of Ransomware: Five Signs You’re About to be Attacked, outlines how scammers leave a detectable trail and ways to protect your systems from being held for ransom. Mr. Mackenzie’s article shares valuable tips, tools, and methods. I encourage you to read it https://bit.ly/2PFuhnX.

Here’s some evidence of an imminent ransomware attack from Mr. Mackenzie:

  1. Unusual Behavioral

A periodic scan of your network’s file history can detect repeating patterns or other indicators of malicious activity on your systems. It could be nothing to worry about, but anything that looks unusual is probably worth checking out. Even if detected malware has been removed, scammers could still be conducting harmful operations on your network.

  1. Scanner Snooping

Scammers often gain system access by using phishing or social engineering schemes with authorized users. They can capture credentials for users with administrative rights because it gives them more access. Once in, they can install a network scanner to find files with valuable information, such as bank accounts and tax IDs.

  1. Neutralized Security

Scammers that manage to compromise admin rights often try to disable your security software to swing open the door to your systems even wider. Several tools are available to force the removal of your security software. These tools have legitimate purposes, but they can be used by criminals to leave your systems vulnerable.

  1. Embedded Tools

In addition to installing a scanner, scammers can embed keystroke readers to capture logon credentials. Capturing keystrokes allows access to your systems, some of which could store financial and confidential identity information. Other tools can be used to extract data and lists of usernames and passwords for use or sale.
Cyber scammers could be checking you out to assess your value as a ransomware victim, and to determine the likelihood of being detected. Want to know how to determine if your systems have been infected with scanners or malware, making them vulnerable? Read Peter Mackenzie’s article in Sophos News, The Realities of Ransomware: Five Signs You’re About to be Attacked at https://bit.ly/2PFuhnX to find out.

Attempted Ransomware Scam Averted

Within hours of writing last week’s blog post, Low-Cost Cybersecurity Tips, I was the victim of a ransomware attempt. Ironic, eh? The scammer’s approach was sophisticated and targeted. I was drawn in by the message, initially replied, and was astounded by what happened next. Good news – this story has a happy ending. But it could have turned out much differently.

I’m sharing this recent brush with cybercrime to illustrate just how insidious online scammers are, and how capable they are of masquerading as a trusted sender. Perhaps reading about my experience will help you avert a ransomware or other cybercrime.

As an established tax professional, I often receive emails from prospective tax clients. Some are referred or introduced to me by an existing client or referral partner. Some prospective clients find me through my website or the IRS’ Tax Pro Directory. On May 20th, I received a message from an individual saying that he and his wife needed a new tax preparer. He acknowledged that he had missed the May 17th filing deadline and provided a few details about their income. He asked me to tell him how much it would cost to prepare their 2020 income tax returns.

Even though I am not taking new tax clients now, I didn’t want to be rude and not respond. I also wanted to be as helpful as possible to a taxpayer in need without committing to perform any work. So, I took a few minutes to write back to explain that I am not available and to share an IRS website link with tips for finding a tax professional and a directory by location of individuals with tax credentials (https://www.irs.gov/tax-professionals/choosing-a-tax-professional).

I noticed that the sender’s email address contained extensions that indicated his location to be in the United Kingdom. That did not make me suspicious of the sender’s identity because I have tax client who live or used to live in the UK. It did, however, prompt me to also send the prospective client another IRS link to information about US taxpayers living overseas (https://www.irs.gov/individuals/international-taxpayers/u-s-taxpayers-residing-outside-the-united-states). Feeling like I had done a good deed, I hit “send”.

Within a few minutes, I received a second message from the sender saying that he had scanned his 2019 returns for my review with a link to access the return copy. Red flag! I stopped in my tracks to absorb what I was reading. It was a clear indication that my “prospective client” was a scammer luring me to click on a link that would probably have held my data for ransom. My valuable tax client files that that contain all sorts of confidential and private information, like bank account and Social Security numbers.

I quickly shifted from “helpful” to “obstructive”. I erased the message string and dumped my email trash. It’s only been a few days, but it looks like that scammer is not coming back. I managed to avert that ransomware scam attempt, but there will be others. We all need to be aware and diligent to avert them. Want some tips? Check out last week’s blog post!