Cybercriminals Are Disguising Attacks as Legitimate Tech Support Tools
A new phishing wave is using trusted remote management software to bypass security filters, affecting over 80 organizations. Here's what you need to know.
Source
GetCyberRight Intelligence
Original headline: RMM Tools Abused in Phishing Wave
Plain-English summary by GetCyberRight. Read the full report at the source above.
What's Happening
Cybercriminals are now weaponizing the same remote management tools that legitimate IT professionals use to help fix your computer. By disguising their attacks with trusted software, they're slipping past security filters and tricking over 80 organizations into giving them access. This matters because these tools look completely legitimate, making the scam much harder to spot.
The Details
Remote Monitoring and Management (RMM) tools are software programs that IT professionals use to access your computer from afar to fix problems or install updates. Think of them as the digital equivalent of handing your car keys to a mechanic. Companies like TeamViewer, AnyDesk, and similar services provide these tools, and they're completely safe when used properly.
Here's the problem: attackers are sending phishing emails that trick people into downloading these legitimate tools. The emails might claim there's a security issue with your account, a problem with a recent order, or an urgent software update needed. Once you click the link and install the tool, you've just given a criminal the keys to your entire computer.
Because these are real, trusted programs, most antivirus software won't flag them. Security filters that normally catch malicious downloads let these through because the software itself isn't harmful. It's like a burglar wearing a legitimate locksmith uniform. The uniform is real, but the person wearing it has bad intentions.
Who Is Affected
Small business owners and their employees are the primary targets of this campaign. If you run a company with fewer than 100 employees, you're in the sweet spot for these attackers. They know smaller businesses often lack dedicated IT security teams.
Anyone who receives unexpected emails about technical issues should be concerned. This includes home office workers, freelancers, and remote employees who might handle their own tech support. Seniors who are less familiar with how legitimate IT support actually works are especially vulnerable.
What You Should Do Right Now
Never install remote access software from an email link. If someone claims they need remote access to fix a problem, hang up or delete the email. Call the company directly using a number you find yourself, not one provided in the message.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Set up a company policy about RMM tools. If you run a business, establish clear rules: only your designated IT person can authorize remote access software installations. Put this in writing and share it with every employee.
Question urgency in tech support messages. Scammers create panic with phrases like "immediate action required" or "account will be suspended." Legitimate companies give you time to respond and multiple ways to verify the issue.
Enable multi-factor authentication on all business accounts. Even if someone gets access to your computer, MFA creates an extra barrier they'll struggle to cross. Set this up today on email, banking, and cloud storage.
Verify requests through a different communication channel. If you get an email from your bank about a security issue, don't click links. Open your browser, type in the bank's website yourself, and log in there.
The Bigger Picture
This attack represents a troubling evolution in cybercrime. Criminals are getting smarter about using our trust in legitimate tools against us. As security filters improve at catching traditional malware, attackers adapt by hiding behind software we're supposed to trust. Staying informed about these tactics isn't optional anymore. It's essential protection for your family's digital life and your business's survival.
How GetCyberRight Can Help
Our Cyber Threat Radar tool tracks active phishing campaigns like this one in real time. It monitors tool-based attacks specifically targeting small businesses, giving you advance warning about emerging threats. When a new campaign launches using legitimate software to bypass security, you'll know about it before it reaches your inbox. Think of it as your early warning system, helping you stay one step ahead of attackers who are constantly changing their tactics.
Curated from trusted cybersecurity sources by GetCyberRight
Source: GetCyberRight IntelligenceStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
Linux Dirty Frag Flaw: What Families Need to Know About This Security Risk
A newly discovered Linux vulnerability lets attackers gain complete control of affected systems. Here's who should be concerned and what to do next.
4 min readNew Linux Security Flaw 'Dirty Frag': What Families Need to Know
A newly discovered Linux vulnerability lets attackers take complete control of affected systems. Here's who's at risk and what to do.
3 min readMajor Cybersecurity Firm Trellix Hacked: What It Means for Your Family
When a company that protects others from hackers gets hacked itself, it's a wake-up call. Here's what the Trellix breach teaches us about real protection.
4 min readCybersecurity Company Breach Shows Why Your Data Is Never Fully Safe
When hackers breach a security company like Trellix, the risks cascade to customers and partners. Here's what families need to know about supply chain attacks.
3 min read