Your phone rings. The caller knows your name, sounds calm and professional, and says they're from your IT company. There's a small problem with your computer, nothing major, and they just need a few minutes of remote access to fix it. Helpful, right?
That call is the entire attack. No virus. No malicious attachment. No suspicious link to click. Just a friendly voice and a moment of trust, and that's exactly what makes it so dangerous.
The Group Behind the Calls
In May 2025, the FBI issued a warning about a criminal crew known as the Silent Ransom Group, also tracked under the names Luna Moth and Chatty Spider. These aren't amateurs. The group grew out of the notorious Ryuk and Conti ransomware operations, and they've refined a method that sidesteps almost every piece of security software a business might have.
Their target of choice? Law firms. Between January and May 2026, they hit dozens of organizations, and in one tracked campaign the legal sector made up over 40% of their victims. The reason is simple: law firms hold piles of sensitive, regulated information (client files, contracts, settlement details, tax records) and they tend to pay quickly to make a breach quietly disappear.
How the Scam Actually Works
The attack is a "callback phishing" scheme, and it's clever precisely because it's low-tech:
- The bait email. The victim gets an email about a small charge, often under $50, for a subscription or service they don't remember signing up for. There's no dangerous link. Just a phone number to call if you want to dispute the charge.
- The call. When the victim calls (or when the criminals call them, posing as the company's own IT department), a smooth-talking "support agent" walks them through "fixing" the issue.
- The handoff. The agent asks the victim to install a remote-access program. These are legitimate tools with names like AnyDesk, Zoho Assist, Splashtop, or Atera, real products that real IT teams use every day, so antivirus software doesn't bat an eye.
- The theft. Once they're in, the criminals quietly copy sensitive files off the network. Then comes the extortion email, sometimes within 30 minutes, demanding payment and threatening to leak the data or tell your clients and regulators directly.
Because the victim installs the software themselves, and because that software is completely legitimate, there's almost nothing for traditional security tools to catch. The weak point isn't the computer. It's the conversation.
Why This Should Worry Small Businesses, Not Just Law Firms
It would be easy to read this and think, "I'm not a law firm, I'm fine." That's the trap.
Law firms are the headline, but the technique works on anyone. The same group has gone after accounting firms, financial advisors, and real estate offices, and the in-person version of this scam, where someone physically shows up claiming to be IT, has been flagged by the FBI too. Any office where a trusting employee might hand over computer access to a confident stranger is a target.
And the numbers around small organizations are sobering. In a survey of 500 U.S. law firms, 20% reported being targeted by a cyberattack in the past year. Smaller firms and solo practices are often the easiest marks, because they rarely have dedicated security staff to say "wait, let me verify that." The average ransomware attack now costs around $1.85 million, a number that can end a small business outright.
How to Shut This Down
The good news: because this attack relies on human trust rather than fancy malware, the defenses are mostly human too, and they're free.
- Make verification a rule, not a judgment call. Nobody on your team should ever grant remote access to someone who called them. The rule is simple: hang up, then call your known IT contact back using a number you already have on file.
- Know who your IT people actually are. If you don't have a regular IT contact, real "support" calling out of the blue should be an instant red flag, because there's no one who would call.
- Be suspicious of tiny, weird charges. That "$39 renewal" email designed to make you pick up the phone is the hook. Dispute charges through your bank or the real vendor's website, never through a number in the email.
- Talk about it openly. The employees who fall for this aren't careless, they're helpful. Telling your whole team that "IT will never cold-call you for remote access" turns your biggest vulnerability into your best defense.
Scams like this succeed in the gap between "that seems a little off" and "but I don't want to be rude." Closing that gap is exactly what a fresh set of eyes is for.
We offer a one-time review of the things that decide how badly a fake IT call could hurt you: your accounts and Multi-Factor Authentication (MFA), who holds administrator access, whether your backups actually work, and how your network and access are set up. You get a prioritized findings report you can act on. And for the moment an employee is staring at a suspicious email or an unexpected "support" call, we give you a real person to ask, with a straight answer within one business day.
Want to know where you stand? Book a free 15-minute call → We serve small businesses throughout Marion County, FL and the surrounding area.