Archive for Scam

A New @Microsoft Email #Scam Is Making The Rounds

Posted in Commentary with tags on September 22, 2022 by itnerd

A new email scam that is likely a phishing scam that is using Microsoft as its hook is making the rounds. Here’s the email in question:

The first hint that this is a email scam is that this email does not fit Microsoft’s brand design. But there is a simpler way to tell that this is a email scam:

There’s looking at the email address. In this case, this did not come from Microsoft as this is not a Microsoft domain that is being used. That’s a #fail right out of the gate and should cause you to delete this email immediately.

Going further going down the rabbit hole, it references a Microsoft update. Specifically KB40341836081 which doesn’t exist. Microsoft update numbers are six digits at present and this one is way too long. The English is also horrible. Example “perhaps you may experience difficulties signing into your account following a restart or sign-out.”

It also encourages you to log into a website to fix this. And serves up a lot of technically incorrect information to push you to go to this website. It also tries to reassure you by saying that you don’t have to download anything which will reassure you that you won’t get infected by a virus or something. Finally, it offers a site where you can stop or change these “security alerts”. But that site isn’t actually a link so it’s just there to reassure you that this email is legit, which of course it isn’t.

As for the website that it takes you to, well I couldn’t get it to load. Perhaps it’s been taken out by Microsoft? Or maybe because I did this on a Mac it wouldn’t respond to me because it was looking for a PC to perhaps load malware on it? It’s hard to say.

Regardless, if you see this email show up in your inbox, delete it.

It’s Friday, And I Have Another Extortion Phishing Email #Scam To Share With You

Posted in Commentary with tags on September 16, 2022 by itnerd

I have to admit that the readership of this blog is engaged. I say that because a reader sent me this latest extortion phishing scam email. From what I can tell, it’s similar to this extortion phishing email which makes me believe that it’s the same threat actor behind it. Here’s the email:

Hello there!

Unfortunately, there are some bad news for you.
Around several months ago I have obtained access to your devices that you were using to browse internet.
Subsequently, I have proceeded with tracking down internet activities of yours.

Below, is the sequence of past events: 
In the past, I have bought access from hackers to numerous email accounts (today, that is a very straightforward task that can be done online).
Clearly, I have effortlessly logged in to email account of yours (EMAIL ADDRESS REDACTED).

A week after that, I have managed to install Trojan virus to Operating Systems of all your devices that are used for email access.
Actually, that was quite simple (because you were clicking the links in inbox emails).
All smart things are quite straightforward. (^-^)

The software of mine allows me to access to all controllers in your devices, such as video camera, microphone and keyboard.
I have managed to download all your personal data, as well as web browsing history and photos to my servers.
I can access all messengers of yours, as well as emails, social networks, contacts list and even chat history.
My virus unceasingly refreshes its signatures (since it is driver-based), and hereby stays invisible for your antivirus.

So, by now you should already understand the reason why I remained unnoticed until this very moment…

While collecting your information, I have found out that you are also a huge fan of websites for adults.
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I have recorded several kinky scenes of yours and montaged some videos, where you reach orgasms while passionately masturbating.

If you still doubt my serious intentions, it only takes couple mouse clicks to share your videos with your friends, relatives and even colleagues.
It is also not a problem for me to allow those vids for access of public as well.
I truly believe, you would not want this to occur, understanding how special are the videos you love watching, (you are clearly aware of that) all that stuff can result in a real disaster for you.

Let’s resolve it like this:
All you need is $1450 USD transfer to my account (bitcoin equivalent based on exchange rate during your transfer), and after the transaction is successful, I will proceed to delete all that kinky stuff without delay.
Afterwards, we can pretend that we have never met before. In addition, I assure you that all the harmful software will be deleted from all your devices. Be sure, I keep my promises.

That is quite a fair deal with a low price, bearing in mind that I have spent a lot of effort to go through your profile and traffic for a long period.
If you are unaware how to buy and send bitcoins – it can be easily fixed by searching all related information online.

Below is bitcoin wallet of mine: [BITCOIN WALLET ADDRESS REDACTED]

You are given not more than 48 hours after you have opened this email (2 days to be precise).

Below is the list of actions that you should not attempt doing:

Do not attempt to reply my email (the email in your inbox was created by me together with return address).
Do not attempt to call police or any other security services. Moreover, don’t even think to share this with friends of yours. Once I find that out (make no doubt about it, I can do that effortlessly, bearing in mind that I have full control over all your systems) – the video of yours will become available to public immediately. 
Do not attempt to search for me – there is completely no point in that. All cryptocurrency transactions remain anonymous at all times.
Do not attempt reinstalling the OS on devices of yours or get rid of them. It is meaningless too, because all your videos are already available at remote servers.

Below is the list of things you don’t need to be concerned about:

That I will not receive the money you transferred.

– Don’t you worry, I can still track it, after the transaction is successfully completed, because I still monitor all your activities (trojan virus of mine includes a remote-control option, just like TeamViewer).

That I still will make your videos available to public after your money transfer is complete.

– Believe me, it is meaningless for me to keep on making your life complicated. If I indeed wanted to make it happen, it would happen long time ago! 

Everything will be carried out based on fairness!

Before I forget…moving forward try not to get involved in this kind of situations anymore!
An advice from me – regularly change all the passwords to your accounts.

If you check out the post that I linked to above, it has very similar hallmarks. The only difference is that the proof that the threat actor is using to get your attention is that they spoofed your email address and reinforced it by including it in the body of the email. The rest of the playbook is exactly the same. And the language used is similar. Which is why I think it’s the same threat actor behind this. Finally, I checked the BitCoin wallet and there’s nothing in it. That implies either this scam isn’t working for the threat actor, or it hasn’t worked yet.

If you see this email hit your inbox, delete and go on with your life.

My Day Would Not Be Complete Without Reporting On An Extortion Phishing #Scam

Posted in Commentary with tags on September 15, 2022 by itnerd

A reader of this blog forwarded me yet another extortion phishing scam. Here’s what the reader got:

I am sorry to inform you but your device was hacked.

That’s what happened. I have used a Zero Click vulnerability with a special code to hack your device through a website.
A complicated software that requires precise skills that I posess.
This exploit works in a chain with a specially crafted unique code and such type of an attack goes undetected.
You only had to visit a website to be infected, and unfortunately for you it’s that simple for me.

You were not targeted, but just became one of the many unlucky people who got hacked through that webpage.
All of this happened in August. So I’ve had enough time to collect the information.

I think you already know what is going to happen next.
For a couple of month my software was quietly collecting information about your habits, websites you visit, websearches, texts you send.
There is more to it, but I have listed just a few reasons for you to understand how serious this is.

To be clear, my software controlled your camera and microphone as well.
It was just about right timing to get you privacy violated. I have made a few pornhub worthy videos with you as a lead actor.

I’ve been waiting enough and have decided that it’s time to put an end to this.
Here is my offer. Let’s name this a “consulting fee” I need to get, so I can delete the media content I have been collecting.
Your privacy stays untouched, if I get the payment.
Otherwise, I will leak the most damaging content to your contacts and post it to a public website for perverts to view.

You and I understand how damaging this will be to you, it’s not that much money to keep your privacy.

I don’t care about you personally, that’s why you can be sure that all files I have and software on your device will be deleted immediately after I receive the transfer.
I only care about getting paid.

My modest consulting fee is 1700 US Dollars to be transferred in Bitcoin. Exchange rate at the time of the transfer.
You need to send that amount to this wallet: [BITCOIN ADDRESS REDACTED]

The fee is non negotiable, to be transferred within 2 business days.

Obviously do not try to ask for help from the law enforcement unless you want your privacy to be violated.
I will monitor your every move until I get paid. If you keep your end of the agreement, you wont hear from me ever again.

Take care and have a good day.

So let’s ignore the questionable English in this email and start with you cannot see. The email address was spoofed so that it seems like it was sent from your account, but it really wasn’t. That’s meant to get your attention. Second, it claims that you were hit with via “zero click vulnerability”. I call BS on that. Basically, they’re trying to take advantage of people’s lack of knowledge of computers by saying that they used some super scary exploit to hack you. To be clear, there are such things as “zero click” vulnerabilities, but they are so valuable that a guy like this wouldn’t have access to them. Or anyone with that level of skill would be working for a nation state trying to do some form of espionage and not trying to extort people.

So as usual, the scumbag claims to have recorded you “pleasuring yourself” so to speak. And they even mention PornHub. That’s pretty ballsy. I’ll dole out my usual advice. If you are worried about some piece of software using your camera to record you without your knowledge, put some tape over your camera.

And judging from the fact that when I checked his Bitcoin wallet, there were no deposits in it, it either means that nobody has fallen for this scam. Or nobody has fallen for it yet. Seeing as you’re reading this, you won’t be falling for this scam.

Finally, the scumbag says to not to go to law enforcement for help. Whatever.

Really, the quality of these extortion phishing email scams is really low. I’ve shown off a few of them in the last couple of weeks and I remain unimpressed. Absolutely nobody should be falling for these because they are so badly done. And I do mean nobody.

Rogers Is The Target Of An Email #Scam…. And It’s Pretty Lame

Posted in Commentary with tags , , on September 14, 2022 by itnerd

I have to say that this phishing email which was brought to my attention by a reader of this blog is one of the worst phishing emails that I have even seen. This specific one is aimed at Rogers customers and here it is (click to enlarge):

Let’s dive in. It’s playing on the fact that Internet Explorer 8, or “the old version (IE) 8” is not supported anymore, and it’s trying to get you to upgrade your browser by logging into their phishing site using your Rogers ID. It tries to get you to do this by saying that you have 48 hours to do so. Otherwise your access to your account will be “restricted”. Creating a sense of urgency is a common tactic in phishing emails of this type.

Where this email falls off the credibility cliff is that it says this:

Protecting your information is important to us and we work continuously to strengthen our security against the threats targeting our Financial Institution.

Umm…. While Rogers does own a bank, this is targeted at their Internet users and not their bank customers. So it’s as if the rocket scientist behind this scam couldn’t decide what they were targeting, or they didn’t sweat the details.

But just for fun, I decided to go down the rabbit hole to see what their phishing website looks like. And here it is:

You’ll note that at the top, the URL or website address doesn’t go to Rogers. It goes to square.site. Which means someone set up a website on the Square platform to pull this scam off. Though the existence of this site may be short lived as I’ve informed Square about this and I suspect that it will be taken down shortly. The next thing that you’ll notice is that I entered some text in the email account and password section. Another hint that this is a scam is that the password is not not masked, as in you can see it in plain text which is not how passwords fields work. I suspect that this is the case because clearly the scammers behind this are too stupid to know how to do that. But just for fun, I pressed next and got this:

At this point you are pwned, and the scammers are going to take over your email along with whatever websites are associated with that email. Be it bank accounts, Amazon, whatever. The thing is, this is one of the most poorly executed phishing scams that I have seen in years. While I am sure that most people would never fall for this, there are some that will. However, the fact that I am publishing this will mean that even less will fall for it. And now that I’ve alerted both Rogers and Square about this, nobody will be falling for this. In the meantime if you get an email like this, delete it and move on with your life.

Hopefully you’ve learned something from this. Even though this scam is pretty lame, dissecting how this scam works will help you to avoid more “interesting” ones.

Oh Look… A Revenue Canada Email #Scam Is Making The Rounds… Let’s Dive In And See What It’s All About

Posted in Commentary with tags on September 13, 2022 by itnerd

I swear, there more scams these days than Elvis impersonators in Vegas. This time it’s Revenue Canada who is being used in a scam. And that scam starts with this email:

Now right off the top, this email caught the attention of Apple Mail that told me that it was from a mailing list. That’s a major red flag as emails from Interac would be directly addressed to you. So I new it was as scam without having to click on anything. But I did my usual due diligence and checked the email address of the person who sent this:

Interac sends transfers from notify@payments.interac.ca. So this further validates that this is a scam. But in the interest of seeing what the scammers were up to, I clicked the “Choose your financial institution” button. Which by the way you should never do after looking at the grammar and spotting the mix of French and English, and the word “october” which doesn’t have a capital. Seriously, scammers really need to use an app like Grammarly if they don’t want their scam emails deleted the second that they hit an inbox because the writing is so poor.

In any case, here’s what I got:

Ahhhh… The old banking credential phishing scam. That involves choosing your bank, typing in your credentials, and getting pwned. Then you bank account empties. And there’s lots of choice here including banks that I don’t normally see as part of this type of scam. Someone has been busy. But they really didn’t put a whole lot of time into this scam based on this:

This isn’t even close to how the actual CIBC web page looks. I’ve seen other scams where the scammer tried way harder than this to replicate the web page to fool the unsuspecting into typing in their card number and password which will allow them pwn you. Thus this will likely tip most people off that this is a scam. And the fact that I am putting this story out there will likely inform the rest to not fall for such a poorly executed scam by someone who clearly has no skills. But they did do something interesting:

The website acts like you’re going get a validation code on your phone. But you’re never going to receive it because you have just been pwned. Interesting.

So what’s the bottom line? I am guessing that because the Federal Government announced a number of new programs today including a GST credit, this scam was timed to take advantage of that. Thus if you get an email like this, delete it and move on with your life.

Sigh…. Another Extortion Phishing #Scam Hits My Inbox

Posted in Commentary with tags on September 12, 2022 by itnerd

I Guess that the scumbags behind extortion phishing emails must really be bored as they are all coming out of the woodwork with new scams to separate you from your money. I have now come across a third variant of this scam thanks to a reader of this blog that I would like to share with you and then tell you why it is a scam:

Greetings!

I have to share bad news with you.
Approximately few months ago I have gained access to your devices, which you use for internet browsing.
After that, I have started tracking your internet activities.

Here is the sequence of events: 
Some time ago I have purchased access to email accounts from hackers (nowadays, it is quite simple to purchase such thing online).
Obviously, I have easily managed to log in to your email account (EMAIL ADDRESS REDACTED).

One week later, I have already installed Trojan virus to Operating Systems of all the devices that you use to access your email.
In fact, it was not really hard at all (since you were following the links from your inbox emails).
All ingenious is simple. 😉

This software provides me with access to all the controllers of your devices (e.g., your microphone, video camera and keyboard).
I have downloaded all your information, data, photos, web browsing history to my servers.
I have access to all your messengers, social networks, emails, chat history and contacts list.
My virus continuously refreshes the signatures (it is driver-based), and hence remains invisible for antivirus software.

Likewise, I guess by now you understand why I have stayed undetected until this letter…

While gathering information about you, I have discovered that you are a big fan of adult websites.
You really love visiting porn websites and watching exciting videos, while enduring an enormous amount of pleasure.
Well, I have managed to record a number of your dirty scenes and montaged a few videos, which show the way you masturbate and reach orgasms.

If you have doubts, I can make a few clicks of my mouse and all your videos will be shared to your friends, colleagues and relatives.
I have also no issue at all to make them available for public access.
I guess, you really don’t want that to happen, considering the specificity of the videos you like to watch, (you perfectly know what I mean) it will cause a true catastrophe for you.

Let’s settle it this way:
You transfer $1650 USD to me (in bitcoin equivalent according to the exchange rate at the moment of funds transfer), and once the transfer is received, I will delete all this dirty stuff right away.
After that we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me, I keep my word.

This is a fair deal and the price is quite low, considering that I have been checking out your profile and traffic for some time by now.
In case, if you don’t know how to purchase and transfer the bitcoins – you can use any modern search engine.

Here is my bitcoin wallet: [BITCOIN WALLET ADDRESS REDACTED]

You have less than 48 hours from the moment you opened this email (precisely 2 days).

Things you need to avoid from doing:
*Do not reply me (I have created this email inside your inbox and generated the return address).
*Do not try to contact police and other security services. In addition, forget about telling this to you friends. If I discover that (as you can see, it is really not so hard, considering that I control all your systems) – your video will be shared to public right away. 
*Don’t try to find me – it is absolutely pointless. All the cryptocurrency transactions are anonymous.
*Don’t try to reinstall the OS on your devices or throw them away. It is pointless as well, since all the videos have already been saved at remote servers.

Things you don’t need to worry about:
*That I won’t be able to receive your funds transfer.
– Don’t worry, I will see it right away, once you complete the transfer, since I continuously track all your activities (my trojan virus has got a remote-control feature, something like TeamViewer).
*That I will share your videos anyway after you complete the funds transfer.
– Trust me, I have no point to continue creating troubles in your life. If I really wanted that, I would do it long time ago! 

Everything will be done in a fair manner!

One more thing… Don’t get caught in similar kind of situations anymore in future!
My advice – keep changing all your passwords on a frequent basis

So let’s unpack this. This guy seems to be less able to execute this scam well as unlike previous variants that I have seen, he has not spoofed your email address to get your attention. He simply pastes it in. Which implies that this is a form letter of some sort with a list of email addresses that just get fed into it hoping that someone who isn’t technically savvy will fall for it.

What a loser.

And judging from the fact that when I checked his Bitcoin wallet, there were no deposits in it, it either means that nobody has fallen for this scam. Or nobody has fallen for it yet. Seeing as you’re reading this, you won’t be falling for this scam.

Other things that I would like to point are the usual items that are part and parcel of these scams:

  • This email also says that the so called hacker installed the “trojan virus” on your computer which is a piece of software that can download your data, log your keystrokes and control your webcam and microphone. Now this software does exist. But if you have up to date and functional anti-virus software, it should be able to deal with it. And if you want a bit of extra security, cover up your webcam with a piece of tape. The scammer’s talk about changing signatures of his software to evade detection is BS by the way. If he could do that, he’d be working for some nation state launching targeted spyware and ransomware attacks rather than doing scams on individuals.
  • The scammer wants you to pay him via Bitcoin and he even says that “All the cryptocurrency transactions are anonymous. Which means that there’s no way for the scammer to know that you’ve paid him which means that there’s no way for him to delete the data that they allegedly have on you.
  • The English used in this phishing email is not that good.
  • It tries to play on your fears of being outed for watching porn and “pleasuring” yourself. In fact, this one really plays heavily on that. Even going as far as not to tell your friends or law enforcement.

The bottom line is that this guy has created a scam that isn’t all that good and is likely to convince few people to hand over their cash. But since the number of people who could fall for this is not zero, I’m putting this out there so that the number gets closer to zero.

Stay safe out there.

Massive Phishing Campaign Targets Filipino Mobile Users

Posted in Commentary with tags on September 9, 2022 by itnerd

Yesterday, the Philippine senate launched an investigation to identify the attackers behind a massive phishing campaign of millions of text messages sent to mobile users in hopes of capturing personal login credentials for fraudulent transactions.

The country’s two biggest telecoms providers have said they blocked more than 1 billion spam and suspicious text messages between them this year. PLDT and Globe have assured their combined 156 million mobile subscribers that cybercriminals have not breached their security systems.

Senator Grace Poe, who heads the senate’s public services committee, called for tighter measures against cybercriminals.

“This is a staggering number of messages that prey upon the vulnerable like those who are unemployed, in need of money or are just unfamiliar with these schemes,” Poe said.

Consumers have reported a surge in phishing attempts during the pandemic as people relied heavily on mobile devices for shopping and food delivery orders and banking.

The scale of this campaign is nuts. And something needs to be done. But apparently an attempt to deal with this was squashed:

Poe said it was time for lawmakers to revive a bill, vetoed last year by then President Rodrigo Duterte, that would require SIM card buyers to register with network providers to prevent scams and misinformation. read more

And Nick Ascoli, VP of Threat Research at PIXM has this to say:

There is a need for regulations that represent a sincere and holistic attempt at taking steps towards curbing cybercrime operations affecting the region. Unfortunately, scammers use many techniques to send luring text messages to victims, few of which involve the actual purchase of a physical phone and SIM card. Most involve the use of internet based SMS Gateways. While the specific proposal would likely not address the issue, it represents a hopeful sentiment that Southeast Asian governments will increase their use of federal resources in stopping cybercrime.

One of the best ways to deal with cybercrime is to go after the threat actors and take away the money gained from these crimes and take away their liberty. The next best thing is to make it harder for cybercriminals to execute their schemes. That’s what the law that was squashed last year would do and hopefully it gets enacted so that this issue is addressed.

Another Extortion Phishing Email #Scam Is Making The Rounds… Let Me Tell You About It

Posted in Commentary with tags on September 8, 2022 by itnerd

I swear, these extortion phishing scams are multiplying like weeds. Hot off of this scam that I brought to your attention a few days ago, another one has been brought to my attention. Before I get to that, let me recap what this scam is all about.

The scammer claims to have recorded you while watching porn and has video proof of that. The scammer then goes on to claim that they will release it to your friends, family and the like if you don’t pay them in Bitcoin which is untraceable. So what the scam is doing is leveraging the fact that watching porn and “pleasuring” yourself to put it kindly is seen as something negative. And having a video of you doing this would be embarrassing. Thus you would be inclined to pay to keep it quiet.

Now over to today’s scam. The email that I got looks like this:

Hello!
Have you recently noticed that I have e-mailed you from your account?
Yes, this simply means that I have total access to your device.

For the last couple of months, I have been watching you.
Still wondering how is that possible? Well, you have been infected with malware originating from an adult website that you visited. You may not be familiar with this, but I will try explaining it to you.

With help of the Trojan Virus, I have complete access to a PC or any other device.
This simply means I can see you at any time I wish to on your screen by simply turning on your camera and microphone, without you even noticing it. In addition, I have also got access to your contacts list and all your correspondence.

You may be asking yourself, “But my PC has an active antivirus, how is this even possible? Why didn’t I receive any notification?” Well, the answer is simple: my malware uses drivers, where I update the signatures every four hours, making it undetectable, and hence keeping your antivirus silent.

I have a video of you wanking on the left screen, and on the right screen – the video you were watching while masturbating.
Wondering how bad could this get? With just a single click of my mouse, this video can be sent to all your social networks, and e-mail contacts.
I can also share access to all your e-mail correspondence and messengers that you use.

All you have to do to prevent this from happening is – transfer bitcoins worth $1450 (USD) to my Bitcoin address (if you have no idea how to do this, you can open your browser and simply search: “Buy Bitcoin”).

My bitcoin address (BTC Wallet) is: [Bitcoin Address Redacted]

After receiving a confirmation of your payment, I will delete the video right away, and that’s it, you will never hear from me again.
You have 2 days (48 hours) to complete this transaction.
Once you open this e-mail, I will receive a notification, and my timer will start ticking.

Any attempt to file a complaint will not result in anything, since this e-mail cannot be traced back, same as my bitcoin id.
I have been working on this for a very long time by now; I do not give any chance for a mistake. 

If, by any chance I find out that you have shared this message with anybody else, I will broadcast your video as mentioned above.

So let’s unpack this:

  • The email appears to have come from your email account. But all that means is that that someone has spoofed your email address. This is surprisingly easy to do. And scammers leverage that to make these scam emails seem more legitimate. But they’re not and the scammer doesn’t have control over anything.
  • This email also says is that the so called hacker installed the “trojan virus” on your computer which is a piece of software that can download your data, log your keystrokes and control your webcam and microphone. Now this software does exist. But if you have up to date and functional anti-virus software, it should be able to deal with it. And if you want a bit of extra security, cover up your webcam with a piece of tape. The scammer’s talk about changing signatures of his software to evade detection is BS by the way. If he could do that, he’d be working for some nation state launching targeted spyware and ransomware attacks rather than doing scams on individuals.
  • The scammer wants you to pay him via Bitcoin as that’s untraceable. But that works both ways. There’s no way for the scammer to know that you’ve paid him which means that there’s no way for him to delete the data that they allegedly have on you. Related to that, I checked the value of the Bitcoin address and it seems that plenty of people have fallen for that scam based on the number of transactions that have been made into this wallet.
  • The email claims to be able to transmit to the scammer when you’ve opened the email. That sounds like the scammer has embedded a tracking pixel into the email. Marketing companies use these to see if you’ve opened an email along with gathering information about you, and Apple for example has countermeasures against all of that. I found no evidence that this email contained anything like this.
  • As usual, the English used in this email is poor. A hallmark of scam emails.

This in short, this is a scam email that you should delete the second it hits your inbox. While scam emails like this don’t have to have a huge number of people falling for it to be successful, you shouldn’t be the person who falls for it. And if you have any concerns about the security of your computer, I would contact a professional who can take a look at your computer to see if there are any issues with it.

 

The Extortion Phishing Email #Scam Is Back… Let Me Tell You About It

Posted in Commentary with tags on September 5, 2022 by itnerd

Recently I was contacted by a couple who was hit with a torrent of emails that claimed that they had been watching porn and “pleasuring” themselves, and that a threat actor had installed remote access software and stolen their data. Right off the top, I was pretty sure that this was an extortion phishing scam. I’ve written about this many, many. times in the past. But I did agree to investigate it.

Let’s start with the email that they received. Which between the two of them they got 116 times over a five hour period:

Hello there!

Unfortunately, there are some bad news for you.

Some time ago your computer was infected with my private trojan, R.A.T (Remote Administration Tool), if you want to find out more about it simply use Google.

My trojan allows me to access all controllers of your computer, such as video camera, microphone and keyboard.

I have managed to download all your personal data, as well as web browsing history and photos to my servers.

That’s why I know your password: [PASSWORD REDACTED]

You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.

I HAVE RECORDED SEVERAL KINKY SCENES OF YOU, WHERE YOU REACH ORGASM WHILE PASSIONATELY MASTURBATING!

If you still doubt my serious intentions, it only takes couple mouse clicks to share the video of you with your friends, relatives, all email contacts and on social networks.

All you need is $1500 USD in bitcoin (BTC) transfer to my account (bitcoin equivalent based on exchange rate during your transfer).

After the transaction is successful, I will proceed to delete everything without delay.

Afterwards, we can pretend that we have never met before.

In addition, I assure you that all the harmful software will be deleted from your computer.

Be sure, I keep my promises.

If you are unaware how to buy and send bitcoin (BTC) – Google: Where to buy bitcoin (BTC), to send and receive bitcoin (BTC), you can register your wallet for example here: www.blockchain.com

Or download: Exodus Wallet, from: www.exodus.com – with the software you can buy and send bitcoin (BTC).

My bitcoin (BTC) address is: [BTC Address Redacted]

Copy and paste my address, it’s (cAsE-sEnSEtiVE).

You are given not more than 48 hours after you have opened this email (2 days to be precise).

Everything will be carried out based on fairness!

Before I forget…moving forward try not to get involved in this kind of situations anymore!

An advice from me – regularly change all the passwords to your accounts and update your computer and browser.

So let’s unpack this scam. Which by the way isn’t new as this specific variant of this scam has been around for a while.

  • The so called hacker has the password of the user. That’s to add some perceived legitimacy to the email. But chances are they don’t know anything more than that. Thus the first thing that you should do if you get one of these emails is to change the password to any email or online service that is associated with that email. And if you’re wondering how they got your email and password, it was likely part of a data breach. You can find out which one by going to haveibeenpwned.com and typing in your email address. It will likely come back with the fact that you’ve been part of a data breach that includes your email address and password.
  • This email is leveraging the fact that watching porn and “pleasuring” yourself is seen as something negative. And having something like this would be embarrassing would it to be made public via a recording. This email also says is that the so called hacker installed RAT software on your computer. RAT stands for Remote Access Trojan. It’s a piece of software that can download your data, log your keystrokes and control your webcam and microphone. Now this software does exist. But if you have up to date and functional anti-virus software, it should be able to deal with it. And if you want a bit of extra security, cover up your webcam with a piece of tape.
  • Thus there’s no way for the scammer to tie you to the money that they could get from you as Bitcoin is anonymous by design. Which means that they have no way to delete the data that they allegedly collected if you pay them. Which by extension means that they’re lying about having data on you.
  • The English used in this email is poor. A hallmark of scam emails.
  • I checked the Bitcoin address that was referenced in this email. It looks like four people have fallen for this scam based on the wallet having $6000 or so in it.

In this case, I did examine both computers in question and found no remote access trojans or anything else. I also ran their email addresses on haveibeenpwned.com and found that they had been part of several data breaches. Including a few that included that included the password that was referenced in the email. Thus I advised that they change their passwords to not only ensure their long term security, but to also ensure that if they get an email like this in the future that they will know it is fake immediately.

Oh yeah, the fact that this email was sent to them over 100 times is just stupid. Either the person behind this is new at this scam, or they are desperate. If you want to make sure that your scam email is ignored, this is a great way to make sure that it is ignored.

The fact is that this email is aimed at getting maybe a handful of people to fall for it. Because a scam doesn’t have to be successful in quantity to be successful. Don’t be that person. If you see an email like this in your inbox, delete it and move on with your life.

Another Text Messaging #Scam For You To Be Aware Of

Posted in Commentary with tags on August 15, 2022 by itnerd

I was alerted to this scam a couple of months ago. But I forgot about it until a reader of this blog alerted me to a version of this scam today. Thus in the interest of making sure that the readers of this blog are aware of new scams that are out there, I’m writing about it today.

I have to admit that on one hand it is kind of lame. But on the other hand I can see how it might be effective as it might tempt you to engage with the threat actor. It starts out with the text message:

Now if it were me, I’d delete this text message. But I can see a scenario where someone might reply and engage with the threat actor. Thus confirming to the threat actor that they have a live person and facilitating the threat actor an opportunity to try and carry out the scam. Here’s another screenshot that was sent to me by a client of mine where they did respond before thinking twice about doing so and emailing me for help:

The next thing that happened is that the initial message was followed up with a link which likely would take you to a phishing site where I am guessing that whomever is behind this scam will try to get you to hand over your banking details. In the case of my client, I didn’t get the link that they were sent. And fortunately for them, they did not click on the link. Which for the record you should never, ever do. Thus I was unable to test the link out and go down the rabbit hole to understand the scam in greater detail like I normally do with scams that are brought to my attention. But that seems like a likely hypothesis.

Based on my research, this scam has been going since April of this year and is still ongoing. Thus I would say that if you get a text that looks like the examples above, your best defence is to not respond to the text and delete it.