Extortion Scam: Attackers initially send seemingly normal emails that appear to be part of an invoice or payment-related conversation.

Extortion Scam: Cybercriminals are constantly targeting companies using new methods. Recently, Google 's cybersecurity teams uncovered a dangerous data theft and extortion campaign targeting several US companies. According to reports, this campaign is being run by a cybercriminal group known by names such as Luna Moth, Silent Ransom Group, and Chatty Spider.

How does this new scam work?

According to the report, attackers initially send seemingly normal emails, posing as part of an invoice or payment-related conversation. Importantly, they contain no suspicious links or dangerous attachments.

The email often just says, “Hello, this is the invoice we talked about yesterday.”

Such messages mislead employees and attempt to initiate further conversations. Cybercriminals then attempt to gain access to company systems using techniques such as social engineering and voice phishing.

What do attackers do after entering the system?

Once they gain access to a network, criminals begin searching for sensitive and confidential data. They can steal customer information, business documents, internal records, and other important files.

In many cases, they also deceptively coerce employees into taking actions that will give them access to more information or systems.

Criminals demand money by creating fear

After stealing the data, the attackers send a threatening email to the company, claiming they have stolen a large amount of the company's database and confidential files.

To gain confidence, they allegedly share screenshots and claim they have a complete record of the stolen data. They then demand to contact the company and reach a financial settlement.

What do they threaten if you don't pay the money?

In threatening messages, criminals claim they will release the stolen data if the company doesn't comply. They also threaten to send information about the data breach to employees, customers, and business partners.

Apart from this, they try to create pressure by writing things like the company's reputation getting tarnished, legal action being taken, customer trust being broken, and a serious impact on the business.

Law enforcement agencies are also said to be ineffective.

In the emails, cybercriminals also claim that law enforcement agencies are beyond their reach and will be unable to help the company. This is intended to intimidate the victim organization and force it to make a quick payment.

How can companies stay safe?

• Do not immediately trust any unknown or suspicious email.
• Don't grant system access based on a call, email, or message without verification.
• Provide regular cybersecurity training to employees.
• Use multi-factor authentication (MFA).
• Keep regular backups of important data.
• If you notice suspicious activity, immediately notify your cybersecurity team.