• Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact

Beware of Fake Ransom Note Campaigns Coming Via Snail Mail

March 11, 2025

I put together this blog post together for an internal security awareness program. Feel free to grab and use for your own.

In recent weeks, an alarming scam has been targeting businesses using a tactic we may not expect: physical mail. Criminals looking to take advantage of data breach news are sending fake ransom notes through snail mail according to a new Guidepoint Security report. In this particular scam the criminals are pretending to be from a newer ransomware-group called "BianLian." These letters demand Bitcoin payments, claiming to hold sensitive data hostage and threatening to release it unless paid within a short timeframe, often 10 days.

 

What Makes This Scam Dangerous?

The key element that makes these scams so effective is fear. Corporate executives or individuals may panic at the thought of sensitive company data being released, which can lead to rash decisions like paying the ransom. This type of scam capitalizes on the urgency and distress of the threat, even though there is no actual data breach.

 

FBI's Warning: This is a Scam!

The FBI has issued a Public Service Announcement (PSA), clarifying that there is no verified connection between these ransom letters and the BianLian ransomware group. While the attackers are attempting to intimidate victims, they are, in fact, preying on fear without any real access to stolen data.

 

What You Should Do

As part of our internal security awareness efforts, it’s essential to be aware of this type of scam. Here are a few tips on how to protect yourself and the organization:

 

  • Remain Calm: If you receive a ransom letter (or any unusual communication), do not respond immediately.

  • Report Suspicious Incidents: If you receive a suspicious letter or email, report it to the Service Desk or reach out to the Cybersecurity Team directly.

  • Stay Informed: Criminals are constantly shifting tactics to try and get people to fall for their scams. Blogs like this can help you stay informed about the latest threats.

The Bigger Picture: Ransomware is Evolving

While this particular scam may seem unusual, it’s part of a broader trend where ransomware groups and other cybercriminals evolve their tactics to bypass traditional security systems. This underscores the importance of staying ahead of the curve, maintaining awareness of new attack vectors, and ensuring that all team members are educated about the latest cybersecurity threats.

In News Tags Ransomware, Scam
← March 2025 - ExploreSec Cybersecurity Awareness newsletterHow to Participate in a CTF: A Beginner’s Guide to Capture The Flag Competitions →

Latest PoDCASTS

Featured
Jul 15, 2025
[RERELEASE] What are BEC attacks?
Jul 15, 2025
Jul 15, 2025
Jul 8, 2025
[RERELEASE] How to crack passwords
Jul 8, 2025
Jul 8, 2025
Jul 2, 2025
[RERELEASE] How to find vulnerabilites
Jul 2, 2025
Jul 2, 2025
Jun 24, 2025
[RERELEASE] What is data driven security?
Jun 24, 2025
Jun 24, 2025
Jun 17, 2025
[RERELEASE] What is a CISSP?
Jun 17, 2025
Jun 17, 2025
Jun 10, 2025
[RERELEASE] From ShowMeCon 2017: Dave Chronister, Johnny Xmas, April Wright, and Ben Brown talk about Security
Jun 10, 2025
Jun 10, 2025
Jun 4, 2025
How to Perform Incident Response and Forensics on Drones with Wayne Burke
Jun 4, 2025
Jun 4, 2025
Jun 3, 2025
That Shouldn't Have Worked: A Red Teamer's Confessions with Corey Overstreet
Jun 3, 2025
Jun 3, 2025
May 28, 2025
when machines take over the world with Jeff Man
May 28, 2025
May 28, 2025
May 20, 2025
How to Disconnect From Cybersecurity
May 20, 2025
May 20, 2025

Powered by Squarespace