Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Warning: Phishing Campaign Impersonates the US Social Security Administration

    Social Security PhishingResearchers at Malwarebytes warn that phishing emails are impersonating the US Social Security Administration (SSA) to trick users into installing the ScreenConnect remote access tool.

    ScreenConnect is a legitimate tool used for remote IT management, but it can be abused by hackers to take control of victims’ computers.

    “Because ScreenConnect provides full remote control capabilities, an unauthorized user with access can operate your computer as if they were physically present,” Malwarebytes explains. “This includes running scripts, executing commands, transferring files, and even installing malware—all potentially without you realizing.”

    The phishing emails, sent by the Molatori cybercriminal gang, state, “Your Social Security Statement is now available. Thank you for choosing to receive your statements electronically. Your document is now ready for download.”

    If a user downloads the attached file, a ScreenConnect client controlled by the attackers will be installed on their system.

    “After cybercriminals install the client on the target’s computer, they remotely connect to it and immediately begin their malicious activities,” Malwarebytes says. “They access and exfiltrate sensitive information such as banking details, personal identification numbers, and confidential files. This stolen data can then be used to commit identity theft, financial fraud, and other harmful acts.”

    Malwarebytes offers the following advice to help users avoid falling for these attacks:

    • “Verify the source of the email through independent sources
    • Don’t click on links until you are sure they are non-malicous
    • Don’t open downloaded files or attachments until you are sure they are safe
    • Use an up-to-date and active anti-malware solution
    • If you suspect an email isn’t legitimate, take a name or some text from the message and put it into a search engine to see if any known phishing attacks exist using the same methods”

    New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Malwarebytes has the story.

     

    Return To KnowBe4 Security Blog

    Live Demo: Identify and Respond to Email Threats Faster with PhishER

    With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you not only handle the phishing attacks and threats—and just as importantly—effectively manage the other 90% of user-reported messages accurately and efficiently? PhishER.

    phisher-01

    To learn how, get a product demonstration of the new PhishER Security Orchestration, Automation and Response (SOAR) platform. In this live one-on-one demo we will show you how easy it is to identify and respond to email threats faster:

    • Automate prioritization of email messages by rules you set that categorize messages as Clean, Spam, or Threat
    • Augment your analysis and prioritization of messages with PhishML, a PhishER machine-learning module
    • Search, find, and remove email threats with PhishRIP, PhishER’s new email quarantine feature for Microsoft 365 and G Suite
    • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox.
    • Easily integrate with KnowBe4's email add-in button, Phish Alert, or forwarding to a mailbox works too!

    Request A Demo

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/phisher-request-a-demo

    Topics: Social Engineering, Phishing, Security Culture

    Cindy Zhou

    ABOUT CINDY ZHOU

    Cindy Zhou is an award-winning global executive serving as the Chief Marketing Officer of KnowBe4. With over 20 years of experience in B2B marketing, cybersecurity, revenue operations, and sales development, Cindy has a proven track record of building high-impact marketing organizations that drive qualified leads, robust sales pipelines, industry awareness, and customer loyalty.

    As CMO of KnowBe4, Cindy continues to leverage her extensive experience and industry insights to elevate the company's market presence and drive growth in the ever-evolving cybersecurity industry. Cindy's approach combines strategic vision with practical execution, enabling her to develop and implement marketing strategies that align with business objectives and drive measurable outcomes. Her leadership style fosters innovation, collaboration, and a data-driven mindset within her teams.

    Prior to KnowBe4, Cindy has successfully led marketing transformation initiatives at various technology companies, including LogRhythm, IBM, and Verizon.

    A passionate advocate for women in technology and cybersecurity, Cindy's contributions have been widely recognized in the industry. She has been named a Star CMO by DCA Live in 2023, 2021, and 2019. She was also named a Top 101 B2B Marketing Influencers by CMO Huddles in 2023, and a finalist for the CMO Club Customer Experience Award in 2021. Cindy earned an MBA from Louisiana State University and a BA from the University of Maryland.

    Read more from Cindy »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews