Social engineering and business email compromise are nothing new, but criminals are finding even more sophisticated ways to exploit employees to carry out malicious activities.
The FBI and Cybersecurity and Infrastructure Security Agency have identified a group known as “Scattered Spider” that has been targeting large companies and their associates with the goal of obtaining credentials from an organization’s employees to install remote access tools and/or bypass multi-factor authentication (MFA). Scattered Spider then uses that access to make copies of proprietary data, install malicious software, and extort the victim organization.
Scattered Spider attacks have posed as company IT and/or help desk staff using phone calls, SMS messages and e-mails to obtain credentials from employees and gain access to their network. Multiple organizations have confirmed their employees received text messages directing them to the malicious sites to compromise credentials and access their networks.
Example Scattered Spider-attributed SMS message sent to a peer bank employee
To keep your employees and their organization safe from malicious attacks (including scattered spider type attacks) by following these tips:
- Don’t blindly trust anything that comes into your inbox or phone. Always verify an e-mail’s or text message’s authenticity before you click any links or open attachments.
- If the message received from an employee, verify through our internal messaging apps (Microsoft Teams, etc)
- Be suspicious of messages or conversations that are vague, generic or impersonal, or that stir strong emotions, such as fear, empathy, urgency or anger
- EX: “Your computer has a virus on it,” “your account has been compromised,” “this has to happen immediately”
- Never trust an e-mail or message that requests personal or sensitive information – such as your username and password
- Phishing websites may look legitimate by imitating company logos and using domain names that might be close misspellings or lookalikes.
- Go to websites directly in a browser. Do not click links within an e-mail or SMS message when possible.
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.