These Extortion Phishing Scams Are Getting More Sophisticated…. So I Will Highlight How To Avoid Being A Victim

Things on the extortion phishing scam front have been quiet for a while. But I now have a series of new emails that show that this scam may be getting a bit more sophisticated. Which in turn makes them far more dangerous. Take this one that a client of mine got today:

Hello!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your account: On moment of hack your account has password: [PASSWORD REDACTED]

You say: this is the old password!
Or: I will change my password at any time!

Yes! You’re right! But the fact is that when you change the password, my trojan always saves a new one!

I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $739 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).

My bitcoin address (BTC Wallet) is: [BITCOIN ADDRESS REDACTED]
After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best wishes!

Now when I examined this email, a casual computer user will notice that it came from their email address. Thus giving the impression that what the email is saying is true. But I had a look at the source code behind the email to see where it really came from. You see, when an email hits your inbox, it has all sorts of information in it that you can’t see but is really useful. Including where it came from. In the case of this specific email, the specific part of the source code that I care about looks like this

Return-path: <nobody@nowhere.com>
Envelope-to: nobody@nowhere.com
Delivery-date: Fri, 21 Dec 2018 07:13:40 -0500
Received: from static-166-195-87-188.ipcom.comunitel.net ([188.87.195.166]:25630)
	by srv2.deathstar.net with esmtp (Exim 4.80.1)
	(envelope-from <nobody@nowhere.com>)
	id 1gaJgR-00053w-KH
	for nobody@nowhere.com; Fri, 21 Dec 2018 07:13:40 -0500
Message-ID: <5C1CEA9F.4000909@nowhere.com>
Date: Fri, 21 Dec 2018 13:29:03 +0000
From: <nobody@nowhere.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: "password" <nobody@nowhere.com>
Subject: Security Scam Warning.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

If you are interested in seeing this info on your computer, this Google search can help you with that. Just pick something that matches the email client that you are using, be it Outlook, Apple Mail, or Thunderbird or whatever you happen to be using. Now I’ve changed some of the more sensitive info so that it doesn’t trace back to anyone but the scumbag scammers. But I was able to quickly determine that this email came from someplace other than the client’s email server because of this that I have highlighted in bold:

Received: from static-166-195-87-188.ipcom.comunitel.net ([188.87.195.166]:25630) by srv2.deathstar.net with esmtp (Exim 4.80.1) (envelope-from <nobody@nowhere.com>) id 1gaJgR-00053w-KH for nobody@nowhere.com; Fri, 21 Dec 2018 07:13:40 -0500

Now if this hacker has truly hacked this customer, the two items that I put in bold should match because those are the server that sent the email and the server that received the email. Both should match if the account was hacked. But they don’t match which means that this is a scam. And the server in question which is static-166-195-87-188.ipcom.comunitel.net as far as I can tell is in Spain.

This version of this scam is clearly meant to scare people into thinking that their email account has been hacked. But in reality it hasn’t been. Thus if you get one of these messages, I would look at the source info the way I did to confirm if you have been hacked or not. Chances are that you haven’t been hacked and you can simply delete this email and not pay the scumbags behind this scam a dime.

This scam joins the list of the last last eleven extortion phishing scams that I have been telling you about over the last few months. Sigh. Total #Fail.

 

Advertisements

One Response to “These Extortion Phishing Scams Are Getting More Sophisticated…. So I Will Highlight How To Avoid Being A Victim”

  1. […] got this scam email from a reader which scores low on the originality scale as it is similar to this one that I told you about a few days […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: