Cashing In On Fear
Scaremongering sales tactics seem to be reaching a new level lately.
Several contacts have received “reports” lately as PDFs or tables pasted into emails, painting the recipient in a bad light. They’re full of generic FUD security infographics and pages of content about how they’re exposed including user names, emails, passwords, where details were found, etc.
In other instances, an executive was targeted, receiving a dump of all the places they were found. The message accompanying the “reports” was akin to “look at all the places we found your data / get in touch with us to help fix this”.
My first reaction: it’s clever spam by a cybercriminal, like scams where they ring up, tell you your computer is sending out viruses, and extort money to make the problem go away.
They’re also reminiscent of the tactics used by others telling you that you were in an accident / have a speeding fine / unpaid taxes and they can fix the problem. For a fee.
It’s interesting to understand if these tests were solicited as “samples” or if legitimate organisations are now doing the basic scans and analysis to demonstrate capabilities and hoping to scare someone into giving them business.
No matter. To me, it’s a bad look. Has anyone else seen these lately?
Another random thought — could this be a form of a Protection Racket? We keep the “bad guys” out if you pay us but if you don’t, then we’ll use your data against you?
Stay safe out there!
