The criminals provide bank details and ask that the transfer
Posted: Sat Jul 12, 2025 6:46 am
In the message, be made within 48 hours of receiving it; otherwise, the content will be shared with your phone and WhatsApp contacts. However, this is a scam. The recipient's computer or smartphone was not infected, and the criminals do not have access to the device, nor do they have any videos or compromising details. Unfortunately, two people have already made transactions to the criminals' account.
By reviewing the bank account details of one of the victims, ESET found that on shop the same day the transaction was made, some of the money was spent or transferred, amounting to approximately USD 663.00. Furthermore, it was confirmed that the account had recently been reported by several individuals who had received similar emails, albeit sent from different email addresses, requesting payment of up to USD 950.00 in some cases.
According to ESET, the personal data contained in the email was likely obtained through a previous data breach. The attackers claim they obtained your information from a data breach suffered by a service provider.
According to research by the HaveIBeenPwned research team —a website that allows us to check if our email address or password has ever been compromised—the email recipient's address was exposed in at least 11 security breaches experienced by various services, including LinkedIn, Bitly, Canva, Taringa, and other platforms.
"With the numerous data leaks and the fact that confidential information is circulating publicly, this opens the possibility for malicious actors to use it for specifically targeted social engineering campaigns," comments Camilo Gutiérrez Amaya, Head of Research Lab at ESET Latin America.
If personally identifiable or confidential information is compromised, ESET advises changing login credentials for any service where the information was exposed, as well as any other service where the same or similar access code is used. Additionally, it's important to be aware of potential misuse of this data to add substance to messages, especially if they're intended to convey urgency, a question, account closure, etc.
By reviewing the bank account details of one of the victims, ESET found that on shop the same day the transaction was made, some of the money was spent or transferred, amounting to approximately USD 663.00. Furthermore, it was confirmed that the account had recently been reported by several individuals who had received similar emails, albeit sent from different email addresses, requesting payment of up to USD 950.00 in some cases.
According to ESET, the personal data contained in the email was likely obtained through a previous data breach. The attackers claim they obtained your information from a data breach suffered by a service provider.
According to research by the HaveIBeenPwned research team —a website that allows us to check if our email address or password has ever been compromised—the email recipient's address was exposed in at least 11 security breaches experienced by various services, including LinkedIn, Bitly, Canva, Taringa, and other platforms.
"With the numerous data leaks and the fact that confidential information is circulating publicly, this opens the possibility for malicious actors to use it for specifically targeted social engineering campaigns," comments Camilo Gutiérrez Amaya, Head of Research Lab at ESET Latin America.
If personally identifiable or confidential information is compromised, ESET advises changing login credentials for any service where the information was exposed, as well as any other service where the same or similar access code is used. Additionally, it's important to be aware of potential misuse of this data to add substance to messages, especially if they're intended to convey urgency, a question, account closure, etc.