A New Variant Of The Extortion Phishing Email #Scam Has Appeared
Over the years I’ve documented many variants of the extortion phishing email scam. But here’s a new one that I am sure will catch a few more people out because it addresses many of the ways that make these sorts of emails easy to spot. Let’s start with the email itself:
On the surface, this looks like your cookie cutter extortion phishing scam email. But if you look closer there’s some differences. Starting with this:
So let’s unpack this. This email lists my personal email address (which I’ve redacted), and it lists a password that the threat actor claims was in use on my email. Which is completely false. It was in use in another online account that I know had a data breach. More on that in a moment. But what I believe that the threat actor is doing is using a password that you know that they likely acquired on the dark web in a data breach dump in order to scare you into paying up.
Now how did I know that this password was in a data breach and I wasn’t using this password on my personal email? Well I use a password manager to keep track of all of my passwords, and I’ve spent the last few years making all my passwords unique. Thus if one of my passwords leak, I can be sure to spot where it leaked from. And it stops the possibility of credential stuffing attacks where a threat actor takes credentials gained from a data breach and tries them elsewhere under the logic of humans having a tendency to reuse passwords in multiple places. The 23andMe hack is a prime example of this. The other thing that I do is keep a history of password changes so that I know what passwords that I have used in the past. That’s another way for me to spot if I’ve been compromised in some way.
Now besides the usual threats of leaking data that is embarrassing to you because they allegedly recorded you, which is a lie by the way, along with demands of payment by Bitcoin which is standard for these sorts of scams, there’s this:
The 14 copies of this email that I have received have come from different email addresses. That’s meant to add to the illusion that this threat actor is some sort of hacker. When in reality he’s just some loser with a mass email application who bought some credentials off the dark web and is hoping to make a buck by scamming people. Speaking of which, I checked the Bitcoin wallet that he’s using and he’s made no money thus far. That means that nobody is falling for this, which is good.
Other than that, it’s your typical extortion phishing email that I have written about in the past. Take this example, or this one, or this one. You get the idea. Thus if you get one of these emails, delete it and move on with your life.
This entry was posted on January 17, 2024 at 9:04 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
A New Variant Of The Extortion Phishing Email #Scam Has Appeared
Over the years I’ve documented many variants of the extortion phishing email scam. But here’s a new one that I am sure will catch a few more people out because it addresses many of the ways that make these sorts of emails easy to spot. Let’s start with the email itself:
On the surface, this looks like your cookie cutter extortion phishing scam email. But if you look closer there’s some differences. Starting with this:
So let’s unpack this. This email lists my personal email address (which I’ve redacted), and it lists a password that the threat actor claims was in use on my email. Which is completely false. It was in use in another online account that I know had a data breach. More on that in a moment. But what I believe that the threat actor is doing is using a password that you know that they likely acquired on the dark web in a data breach dump in order to scare you into paying up.
Now how did I know that this password was in a data breach and I wasn’t using this password on my personal email? Well I use a password manager to keep track of all of my passwords, and I’ve spent the last few years making all my passwords unique. Thus if one of my passwords leak, I can be sure to spot where it leaked from. And it stops the possibility of credential stuffing attacks where a threat actor takes credentials gained from a data breach and tries them elsewhere under the logic of humans having a tendency to reuse passwords in multiple places. The 23andMe hack is a prime example of this. The other thing that I do is keep a history of password changes so that I know what passwords that I have used in the past. That’s another way for me to spot if I’ve been compromised in some way.
Now besides the usual threats of leaking data that is embarrassing to you because they allegedly recorded you, which is a lie by the way, along with demands of payment by Bitcoin which is standard for these sorts of scams, there’s this:
The 14 copies of this email that I have received have come from different email addresses. That’s meant to add to the illusion that this threat actor is some sort of hacker. When in reality he’s just some loser with a mass email application who bought some credentials off the dark web and is hoping to make a buck by scamming people. Speaking of which, I checked the Bitcoin wallet that he’s using and he’s made no money thus far. That means that nobody is falling for this, which is good.
Other than that, it’s your typical extortion phishing email that I have written about in the past. Take this example, or this one, or this one. You get the idea. Thus if you get one of these emails, delete it and move on with your life.
Share this:
Like this:
Related
This entry was posted on January 17, 2024 at 9:04 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.