Fraud Alert ~ Remote Access Tools (RATs) Can Give Criminals Control of Your Devices

A trend has developed recently where fraudsters have been using Remote Access Tools (RATs) in combination with phishing attacks to compromise digital devices like mobile phones, tablets, laptops and desktops. These RATs are tools that are used for legitimate purposes—IT support for example. However, bad actors can abuse them to steal assets and data.

How a RAT-Based Attack Works

1. First, the fraudster sends a phishing email with a link or attachment that appears legitimate.

2. Once the victim clicks, the RAT is installed on that device without any notification to the user and automatically connects to a remote server controlled by the attacker.

3. At this point, the attacker can:

• Steal sensitive data (passwords, financial details, etc.)

• Monitor user behavior through keylogging and screen recording

• Gain access to anything the user accesses using the infected device, which can include Schwab Alliance, Fidelity or other financial institutions. This online access can let them set up fraudulent trades and/or money movements.

4. This type of attack is difficult to detect for many reasons, including:

• The fraudulent activity is generated by a device that's trusted by the user.

• These attacks may use legitimate applications, so the problem may not show up in antivirus/malware scans.

Unlike many other scams, RAT-based attacks do not require interaction with a scammer or taking action to download malicious software—for that reason, these attacks can seem "invisible". 

RAT-based attacks are versatile and difficult to detect, so they are particularly dangerous. It's important to look out for these red flags:

• Clicking a link or attachment in a seemingly legitimate communication from a government department or trusted institution may appear to do nothing. However, a RAT may have been installed with no other notification.

• If your device suddenly displays a blue or black screen and a message like  "Do not turn off your computer. Computer is currently being scanned," this may be a sign that a RAT attack is in progress. Immediately shut down the device, contact your IT professional and report the incident to Schwab or any other custodian whose platform you may have interacted with ASAP. Please also notify River Wealth immediately.

Once we are notified of a potential breach, River Wealth will monitor your accounts closely and ensure you are as protected as possible from our end. Please contact your wealth advisor or Ralph Manna, Chief Compliance Officer, as soon as possible if you suspect any malicious activity in your accounts.