“It could just be a case of mistaken identity or guilt by association. They could be using someone who seems to be low value to pivot toward somebody considered a higher value target, like somebody political in nature,” he told CNBC. “Or maybe they saw that you were discussing Bitcoin on a public message board.”
In any of these scenarios, attackers can use your social profile or email account to fish out valuable information, or break into your email account to do a password reset on your valuable financial accounts or cryptocurrency wallets.
Here’s some of what Risher warned us about.Risher said there has been uptick in attacks against people who hold cryptocurrencies in digital wallets. These attacks can often be traced back to a post by the victim on a public message board, which is then quickly followed by criminal attempts on their email accounts.
Criminals are also becoming much better at gaining access to “high-value targets,” like executives at prominent businesses or political figures, by taking a circuitous route through people who work with them or are loosely connected to them. If you’ve ever volunteered for a political campaign, gone to a dinner party hosted by a CEO or worked for a well-known technology company, that person could be you.
For email threats like these, which are often more persistent and backed by nation-states, Google sends an alert to customers that government-based hackers may be trying to steal their password. Risher said it matters because people who are aware that they may be on the wrong end of a particularly effective and powerful type of attack may take additional security steps if they have that information.