Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown for September 12, 2025. I'm Tatiana Cuadras, Communications Assistant for the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. Today, we are going to talk about rats – not those medium-sized rodents, but rather different types of rats: remote access trojans.
A rat can be many different things. It can be the furry rodents that some consider pests and others have as pets. It can also be a term to describe a deceitful person. Some may have heard the term “The Rat Race”, which is a metaphor for the cycle of competition for money, power and status in the pursuit of wealth and success – also a great movie from the 1960s.
A rat can be many different things. It can be the furry rodents that some consider pests and others have as pets. It can also be a term to describe a deceitful person. Some may have heard the term “The Rat Race”, which is a metaphor for the cycle of competition for money, power and status in the pursuit of wealth and success – also a great movie from the 1960s.
Show Notes
Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/
Follow on Twitter: twitter.com/IDTheftCenter
Show Transcript
Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown for September 12, 2025. I'm Tatiana Cuadras, Communications Assistant for the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. Today, we are going to talk about rats – not those medium-sized rodents, but rather different types of rats: remote access trojans.
A rat can be many different things. It can be the furry rodents that some consider pests and others have as pets. It can also be a term to describe a deceitful person. Some may have heard the term “The Rat Race”, which is a metaphor for the cycle of competition for money, power and status in the pursuit of wealth and success – also a great movie from the 1960s.
We are going to talk about a lesser-known rat – remote access trojans (RATs). A remote access trojan is a type of malware that grants an attacker unauthorized control over an infected computer. According to researchers at Fortinet Labs, a rapidly growing phishing campaign targeting Windows users is stealing credentials and spreading remote access trojans via malicious software.
Fortinet Labs has detected a global-scale campaign targeting organizations across various sectors. Some of the industries include manufacturing, technology, healthcare, construction and hospitality.
Cara Lin of Fortinet says that the campaign involves attackers using various social engineering techniques to lure people to "convincing phishing pages" via emails related to fake voicemails for missed phone calls, purchase orders and other topics that require their immediate attention.
In a more typical phishing attack, identity thieves steal credentials. In this attack, the criminals also want long-term access to the organization’s networks. To do that, they are directing victims to a spoofed website that targets their email domain. Once there, victims' machines are infested with multiple remote access trojans.
Lin says that the campaign can have lasting effects on the organizations it targets and is also spreading across the globe with remarkable speed. As of late August, just two weeks since it was discovered, the detection count had more than doubled. For more information on how identity criminals are doing this, read Dark Reading’s article on it.
This sophisticated phishing campaign involving remote access trojans is an example of why security teams should build multi-layered defenses that include:
- Strong email filters to detect and block malicious emails;
- Employee training to spot the latest tactics; and
- Ensure web application firewalls, mail filters, endpoint detection and response, and antivirus tools are all up to date.
For consumers, this serves as a valuable reminder of the importance of maintaining good cyber hygiene. Never click on a link in an email you are not expecting. Instead, go directly to the source to verify the validity of the message.
The ITRC recently launched a cyber-hygiene quiz to help individuals enhance their online security and minimize their risk of being victimized by an identity crime. To take our quiz, visit our website, www.idtheftcenter.org, and click on our banner at the top of the page that says, “Are You Cyber Safe? Take our Quiz”.
If you want to know more about how to protect your business or personal information or think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.
Thanks again to Sentilink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to your podcasts. Next week, be sure to catch our sister podcast, the Fraudian Slip. We will speak with Tracy Goldberg of Javelin Strategy & Research about child identity theft as kids head back to school.
We will return in two weeks with another episode of the Weekly Breach Breakdown. I'm Tatiana Cuadras. Until then, thanks for listening.
Listen On
Also In Season 6
-
The Weekly Breach Breakdown Podcast: Gone Quishing – Criminals Use QR Code Phishing in New Attacks – S6E27
Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown f -
The Fraudian Slip Podcast: Socure – Identity Criminals Target Consumers with Fake Jobs – S6E8
Welcome to the Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcas -
The Weekly Breach Breakdown Podcast: Mapping Out The Problem – Concerns Arise Over New Instagram Map Feature - S6E26
Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown f