Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« June 2018 | Main | August 2018 »

July 16, 2018

The Extortion Trick Must Be Working Permalink

I'm genuinely sad to say that the recent rapid spread of the Bitcoin extortion scams described here and here indicates that enough recipients are being fooled into paying the ransom to encourage more crooks around the world to use the same scam.

On the other hand, if you know that these messages are pure horse hockey, the various machine translations by non-English speakers are somewhat entertaining. Here are two I received in the past two days:

Subject: You're my victim

Hi, victim.
I writе you bеcause I put а mаlware оn thе wеb pagе with роrn whiсh yоu have visitеd.
My virus grabbed all your рersonal infо and turnеd оn yоur camerа whiсh cаptured the prосess оf your onаnism. Just аfter that the soft sаvеd your соntaсt list.
I will dеlеte thе cоmрromising vidео аnd info if you рay me 300 USD in bitcоin. This is аddress fоr рayment : 1KGJEVP5ygu5XPKbXC3X7BZ8YMXqppQGUV

I givе you 30 hоurs after you оpеn my messаge for mаking thе transасtion.
Аs soon as you rеad thе message I'll sее it right awаy.
It is nоt neсessary to tеll me thаt you hаve sent monеy to mе. This аddress is сonnеctеd tо yоu, my systеm will deletе еvеrything automаtically аftеr trаnsfer cоnfirmаtiоn.
If yоu nеed 48 h just rеply оn this letter with +.
You can visit the роlice station but nobody саn help you.
If yоu try tо dесеivе me , I'll sеe it right аway !
I dоnt livе in yоur сountry. So thеy саn not track my lоcаtiоn еven for 9 mоnths.
Goоdbye. Dоnt forgеt abоut thе shame and to ignоrе, Yоur lifе cаn be ruinеd.

Subject: Tickеt#928540465: 16/07/2018 07:53:17 Ῐts up to you to make a right decision

Hope you will not care about my language sentence structure, considering that i am from Denmark. I toxified your system with a virus and now have all of your personal information from your computer system.

It was set up on a mature web site then you've picked the online video and clicked on it, my software quickly got into your computer.

Then, your cam recorded you hand fucking, besides i captured a movie that you've looked at.

After a little while it also picked up every one of your social contact info. If you ever need me to erase your everything i have - transmit me 680 euros in btc it's a crypto-currency. It is my btc account transfer address : 1NxAmbD8p6ZtWa1e9Azjta5wk5MEZpqRQN

At this point you will have 27hours. to make a decision Once i will get the deal i'll wipe out this footage and everything completely. Otherwise, you should be sure that your footage would be forwarded to all your contacts.

In my experience, you don't see criminal activity repeated online unless it is working. The cost for this kind of email campaign is negligible, All they need is a couple of suckers to pay up, and they've made it big.

Don't be a sucker.

Posted on July 16, 2018 at 10:45 AM

July 12, 2018

Another Bitcoin Extortion Scam Permalink

I reported back in April 2018 that an extortion scam was running around the email highways. Another one arrived today that might freak the bejeezus out of recipients because the message sender claims to have one of your passwords. Here's the message (with one word removed):

I know, [redacted], is your password. You do not know me and you are most likely thinking why you're getting this e mail, right?

actually, I actually setup a malware on the adult videos (porn material) website and you know what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your browser began operating as a RDP (Remote control Desktop) having a key logger which provided me access to your display screen as well as cam. after that, my software collected all of your contacts from your Messenger, social networks, as well as email.

What exactly did I do?

I created a double-screen video. 1st part displays the video you were watching (you have a nice taste lmao), and next part shows the recording of your web cam.

What should you do?

Well, I believe, $2900 is a fair price tag for our little secret. You will make the payment by Bitcoin (if you don't know this, search "how to buy bitcoin" in Google).

BTC Address: 171GatjRZ9SpnrgKnTJuYsuDcA1gQwjVbJ
(It is cAsE sensitive, so copy and paste it)

You now have one day in order to make the payment. (I've a unique pixel in this message, and right now I know that you have read through this email message). If I do not get the BitCoins, I will, no doubt send out your video to all of your contacts including family members, co-workers, and many others. Nonetheless, if I do get paid, I'll erase the video immidiately. If you really want proof, reply with "Yes!" and I definitely will send your video recording to your 12 contacts. This is the non-negotiable offer, and so please do not waste my time and yours by replying to this email message.

Other than the password business, the thrust of the message is the same as before: the "crook" claims to have installed malware on the recipient's computer that tracks browsing activity at a porn site and records the user's activity from the computer's built-in camera. It's easy for me to know this is a scam because I don't visit porn sites and my computer is protected by anti-virus software (I know, it's not always perfect, but it's better than nothing).

So what about the password thing?

It is well known that thousands of web servers have been hacked over the years, many of them yielding login credentials to the hackers. You can find dozens of databases/lists of username/password/email address combinations scattered around the web. It's a major reason you should not re-use the same credentials on multiple sites to prevent break-ins to multiple accounts you have created. Note that even a complex password created by password management software won't help in this case, because the hacker has grabbed that complex password from the hacked site. Using a different password for each site minimizes the potential for disaster. (Hackers will try stolen credentials on thousands of web sites to find access.)

It turns out that the username/password combo "revealed" in this crook's message was an old one that I used on a few non-critical sites (i.e., sites that did not contain any valuable personal information) in the early days. I have since updated all my passwords for critical sites to randomized strings that even I can't remember. I'll be in trouble if I should be captured like James Bond and strapped to a table where a laser slowly approaches my genitals to extract the secret passwords.

Just be aware: one or more of your login credentials are out in the public web for crooks to see. That's how they can try to get into your head with scam messages, such as this one.

One more note about this message. In the final paragraph, the crook claims to have included a "unique pixel" in the message that lets him know you've read the message. Unfortunately for him, the message was sent only in plain text (not HTML) form, so there was no remote image request made. And even it there were, I have my email client set to not automatically load remote content for all messages. These so-called beacon images are still used in HTML-formatted messages to confirm your email address as being actively viewed.

Protect yourself as best you can so you won't blow a gasket when you receive a scam email like this one.

Posted on July 12, 2018 at 12:44 PM

July 09, 2018

Another Day, Another Apple ID Phish Permalink

The author of the phishing email below went to some effort in the design department; not so much in the English department. Even so, the tenor of the message seems dire to the unaware. That could lead the recipient to click on the Verify Your Account button, whose URL is to a bit.ly URL shortener address — always a sign of no goodness in this type of message. URL shorteners, such as bit.ly have their place, but not here. Apple would never utilize such a service.

Phony AppleID scam email message

Your AppleID password is a valuable commodity. Guard it with your life!

Posted on July 09, 2018 at 10:04 AM