If you’ve ever wondered if you’re a juicy target for a cyberattack, don’t fret because there’s a new malware allowing bad actors to decide that for you. It’s a creepy thought, but there’s a new email phishing campaign installing malware that takes screenshots of a device and its contents and sends them to the hacker. If the data is deemed hack-worthy, it’s the beginning of a financial nightmare for the chosen victims.

Heavily targeting organizations in the U.S., Proofpoint researchers began tracking this phishing campaign last year and find it continues today. They discovered the emails carry TA866 malware known for its screenshot and other nefarious abilities, including espionage.

When TA866 is let loose, it starts snapping pictures of the device contents. Those on the screenshot receiving end decide if what they’re seeing shows promise for financial gain. If so, additional malware infections follow. The added malware facilitates hijacking PII and other useful data, including stealing browser-stored passwords and the contents of crypto wallets.

Proofpoint believes the attacks are financially motivated, and typical attacks involve sending up to tens of thousands of phishing emails, 2-4 times weekly.

Just One Little Phish

The best way to prevent this phishing attack and others from succeeding is recognizing email phishing when you see it. Remember, all it takes to compromise an entire organization is for one employee to enable one phish.

Using 2FA (two-factor authentication), a type of MFA (multi-factor authentication) can save the day. Using 2FA verifies a user is who they claim to be and can prevent an attack from moving forward. MFA blocks 99.9 of automated cyberattacks like email phishing, a great reason to use it.

Password power. Since 81% of hacking-related breaches are due to weak or stolen passwords, creating a strong and unique guardian for different accounts is a cybercrime deterrent. A minimum of 12 randomly chosen letters, numbers, and symbols are advised, and never use whole words or meaningful dates like birthdays and anniversaries. Passwords should never use PII, especially if PII is posted on social media.

Mystery emails. Emails from unknown senders, especially those with attachments or links, should never be acted on. Despite how curiously tempting they may be, they’re better off deleted than trusted. Also, never share PII with those you don’t know, don’t trust, or if you can’t confirm the email sender is legitimate.