Image for post
Image for post
Image Source: Shutterstock

Scaremongering sales tactics seem to be reaching a new level lately.

Several contacts have received “reports” lately as PDFs or tables pasted into emails, painting the recipient in a bad light. They’re full of generic FUD security infographics and pages of content about how they’re exposed including user names, emails, passwords, where details were found, etc.

In other instances, an executive was targeted, receiving a dump of all the places they were found. The message accompanying the “reports” was akin to “look at all the places we found your data / get in touch with us to help fix this”.

My first reaction: it’s clever spam by a cybercriminal, like scams where they ring up, tell you your computer is sending out viruses, and extort money to make the problem go away.

They’re also reminiscent of the tactics used by others telling you that you were in an accident / have a speeding fine / unpaid taxes and they can fix the problem. For a fee.

It’s interesting to understand if these tests were solicited as “samples” or if legitimate organisations are now doing the basic scans and analysis to demonstrate capabilities and hoping to scare someone into giving them business.

No matter. To me, it’s a bad look. Has anyone else seen these lately?

Another random thought — could this be a form of a Protection Racket? We keep the “bad guys” out if you pay us but if you don’t, then we’ll use your data against you?

Stay safe out there!

Aspiring CISO. Cyber Entertainer, Writer, and Presenter. Humanity, not machinery. An observer of how we use and abuse technology. Empathetic and altruistic.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store