The IT Nerd

It’s been a while since I have written about extortion phishing scams. But three new ones have appeared and one of them is potentially dangerous.

Let’s start with the dangerous one. The scumbags behind this one are now utilizing a new extortion email campaign that claims the recipient’s phone was hacked, includes a partial phone number of the recipient, and further states that they created videos using the recipient’s webcam. Here’s an example:

@It seems that, 14, *last two digits your phone-
\You may not know me and you are probably wondering why you are getting this e mail, right?-

!actually, I setup a malware on the adult vids (porno) web-site and guess what*
@you visited this site to have fun (you know what I mean).(
^While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop)(
&having a keylogger which gave me accessibility to your screen and web cam.*
@after that, my software program obtained all of your contacts, phone and email.\

_What did I do?(

!I backuped phone. All photo, video and contacts.+
!I created a double-screen video./
&1st part shows the video you were watching (you’ve got a good taste haha . . .)$
%and 2nd part shows the recording of your web cam.=

+exactly what should you do?/

#Well, in my opinion, 809$ is a fair price for our little secret.\
=You’ll make the payment by +Bitcoin% (if you do not know this$ search !how to buy bitcoin& in Google)._

-Bitcoin^ Address:

<BITCOIN ADDRESS REDACTED>

%(It is cAsE sensitive, so copy and paste it)*

%Important:
!You have 45 hours in order to make the payment.\
%(I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message)-
\If I do not get the !BitCoins+
%I will certainly send out your video recording to all of your contacts%
@Having said that, if I receive the payment, I’ll destroy the video immidiately._
)If you need evidence, reply with “Yes!*

-If I find that you have shared this message with someone else$
)the video will be immediately distributed.=

Now the person who got this email told me that the last two digits of his phone number were accurate. Thus he wondered if he had been hacked. But I can say that after examining his computer and phone, that he had not been hacked. But clearly this is a new method to convince the recipient that they have been hacked and it has replaced displaying a password to do the same thing.

The thing is, it’s really easy to get the last two digits of someone’s phone number. The most logical way that these scammers are getting these numbers is via it may password or account recovery functionality such as the one from Gmail or the one from Microsoft. There have been data leaks in the past that only contained partial phone numbers as well, But the bottom line is that you have not been hacked.

The second is aimed at companies. It’s pretty low level and not very sophisticated. Here’s a copy of what one of my clients got:

FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!

We Hacked You Infrastructure.
We Caught Possible Communication.
We Backuped Available DATA And DOCUMENTS.
That you trusting our words, we send this mail to you with YOUR account.

After analyzing documents. We see your Illegal activity. HIDING TAXES.

That we do NEXT.
I want two (2) Bitcoin

if you don’t pay fees. To my wallet Bitcoin.

<BITCOIN ADDRESS REDACTED>

We want send this Documents and Proofs to your Tax Departament.
And in this time Your network will be DDoS.
Read that in this link
https://en.wikipedia.org/wiki/Denial-of-service_attack

This is our guarantee, that you don’t clean evidence and build a protection policy.

If you don’t pay by in 7 days, attack will start.
Yours service going down permanently and price to stop will increase to Four (4) BTC,
Price will go up one (1) BTC for every day of the attack.

This is not a joke.

Our attacks are extremely powerful – sometimes over 1 Tbps per second.
And we pass CloudFlare and others remote protections!
So, no cheap protection will help.

Prevent it all with just Two (2) BTC
To my wallet Bitcoin.

<BITCOIN ADDRESS REDACTED>

Pay strict sum. This is your identification. And we will know that its you.
AND YOU WILL NEVER AGAIN HEAR FROM US!

Bitcoin is anonymous, nobody will ever know
you cooperated.

Time started after open this mail.
To track the reading of a message and the actions in it, I use the facebook pixel.
Read that in this link
https://www.facebook.com/business/help/898185560232180?helpref=faq_content

There’s nothing here that is interesting. Such as passwords that the user has used, or a partial phone number like the previous scam. Thus this scam is purely trying to take advantage of the fact that a company might not have paid their taxes. And that they can track that you opened this email using Facebook Pixel. Which for the record when I examined the email it showed no evidence that Facebook Pixel was in use. #Fail. I seriously doubt that this will get this scammer anything.

Finally, there are new scams that utilize QR codes to direct you to their Bitcoin wallet so that you can pay them. The QR code has the amount that you have to pay as well which is kind of clever.

I took screenshots of the text that the recipient gets:

Below that is a QR Code that goes to a Bitcoin wallet . I am not reposting the QR code as I don’t want to give these scumbags any more time than I need to. Other than that, it’s the usual extortion phishing scam that we’ve seen for the last little while.

If you come across any of these scams, you know what to do. Simply delete them and move on with your life.

This entry was posted on April 28, 2019 at 10:16 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.