The text discusses the prevalence of the 'Security Alert' scam, which involves tech-support fraud targeting Windows and Apple users, exploiting trust to gain remote access and steal personal data. Attackers use newly registered domains, making detection difficult. The method includes getting users to call a fraudulent support team to install an RDP tool
In one incident targeting a SentinelOne customer, quick response from the Threat Hunter thwarted the scam. The story details the challenges faced, successful detection methods, and emphasizes the importance of end-user education and IT collaboration to combat phishing efficiently. The investigation, indicators of compromise, deep-dive analysis, and recommendations for ongoing training and firewall blocking are outlined to help organizations defend against evolving scams. https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-combating-security-alert-scams