?Social Engineering - What to look out for

  • 16 October 2018
  • 31 replies
  • 184 views

Userlevel 7
Badge +36
We recently received an email from a friendly "hacker" attempting to scam us. Posting it here to share what these look like, and to inform you that this is a real method criminals use day to day.
 
Hello!

My nickname in darknet is eugene56.
I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

If you don't belive me please check 'from address' in your header, you will see that I sent you an email from your mailbox.

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $500 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 50 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!

31 replies

Userlevel 7
Badge +24
Man this is great! :D
 
As funny as this is, this is legitimately making money for this scammer. 
 
https://www.blockchain.com/btc/address/19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB
$2600 already. 
 
This type of scam definitely been going around lately
https://www.bleepingcomputer.com/news/security/new-sextortion-scam-pretends-to-come-from-your-hacked-email-account/
 
 
Userlevel 7
Excellent Information! 

Thank you.
Userlevel 7
Badge +54
Great articles, thank you.
Userlevel 3
I haven't seen this one yet.  And I didn’t know there was such a thing as a ‘friendly hacker’. 
Most of the recent crud sent to me online via email involves bogus bank accounts and credit cards alerts (that I do not use) asking me to update my personal information. If I open any of the 'suspect' emails, its always on my iPhone to send them a 'greeting' in my best King's English. If the reply cannot be sent, then it confirms my suspicions regarding the nefarious intent.
 
Telephone scams are another matter entirely. It seems whenever I contact Microsoft for technical support regarding my Office or Outlook programs, within a week or so, I suddenly get an uptick of unsolicited telephone visits from 'off-shore' call centers telling me they are with 'Microsoft Security' saying there is something wrong with my computer. If I have the time, I love to jerk their chains to see how long I can keep them on the horn before they give up.  Nevertheless, I've discussed this issue with Microsoft in my feedback surveys at length to no avail.
 
I never like to keep my credit card information on file for a vendor.  Since my credit card was hacked twice in the last three years, if I need to purchase something and it requires keeping my credit card on their ‘secured’ server, then I take my business elsewhere.
 
BTW, although my monitor doesn't have a built-in camera, I'd never think of adding one.
 
Also, I've recently heard an advertisement on my Sirius Satellite Radio for Express VPS.com. It supposed to add protection from hacking and surveillance.  Is anyone familiar with this program?
 
https://www.expressvpn.com/
Userlevel 7
Badge +36
@ wrote:
I haven't seen this one yet.  And I didn’t know there was such a thing as a ‘friendly hacker’. 
Most of the recent crud sent to me online via email involves bogus bank accounts and credit cards alerts (that I do not use) asking me to update my personal information. If I open any of the 'suspect' emails, its always on my iPhone to send them a 'greeting' in my best King's English. If the reply cannot be sent, then it confirms my suspicions regarding the nefarious intent.
 
Telephone scams are another matter entirely. It seems whenever I contact Microsoft for technical support regarding my Office or Outlook programs, within a week or so, I suddenly get an uptick of unsolicited telephone visits from 'off-shore' call centers telling me they are with 'Microsoft Security' saying there is something wrong with my computer. If I have the time, I love to jerk their chains to see how long I can keep them on the horn before they give up.  Nevertheless, I've discussed this issue with Microsoft in my feedback surveys at length to no avail.
 
I never like to keep my credit card information on file for a vendor.  Since my credit card was hacked twice in the last three years, if I need to purchase something and it requires keeping my credit card on their ‘secured’ server, then I take my business elsewhere.
 
BTW, although my monitor doesn't have a built-in camera, I'd never think of adding one.
 
Also, I've recently heard an advertisement on my Sirius Satellite Radio for Express VPS.com. It supposed to add protection from hacking and surveillance.  Is anyone familiar with this program?
 
https://www.expressvpn.com/
This is the first I've heard of them, although we do have our own VPN product on the market.
 
You've been hacked twice in the last 3 years? That's rough. Recently I saw Frank Abagnale speak about the benefit of using a credit card since they pay all of the stolen funds back to you. Hopefully that's the case for you and you didn't lose the funds altogether!
Userlevel 3
I was lucky that my credit card accounts were put on hold both times, instantaneously, the moment the cards were hacked. Most of these credit card companies now use algorithms to track your purchase habits so they can easily tell immediately if someone is trying to hack your card. Then they will contact you by telephone via voicemail of the suspicious activity. The only down side was that I'm retired and it's the only credit card I use and it took about seven days to get a new one.  But the interest rate can't be beat @ 9.5%.  It was 7.9% when I joined my credit union in 1990 and stayed the way for many years but then the interest rate started to slowly go up since 2016. Still a good deal so I encourage anyone to check out a credit union, especially if they have access to one where they work.
 
And thanks for the tip on Webroot's VPN product. I'll be sure to check it out. I know that I'm really happy with Webroot's Secure Anywhere AVP since I have it on both wife's laptop and my desktop!  😉
Userlevel 7
Badge +36
@ wrote:
I was lucky that my credit card accounts were put on hold both times, instantaneously, the moment the cards were hacked. Most of these credit card companies now use algorithms to track your purchase habits so they can easily tell immediately if someone is trying to hack your card. Then they will contact you by telephone via voicemail of the suspicious activity. The only down side was that I'm retired and it's the only credit card I use and it took about seven days to get a new one.  But the interest rate can't be beat @ 9.5%.  It was 7.9% when I joined my credit union in 1990 and stayed the way for many years but then the interest rate started to slowly go up since 2016. Still a good deal so I encourage anyone to check out a credit union, especially if they have access to one where they work.
 
And thanks for the tip on Webroot's VPN product. I'll be sure to check it out. I know that I'm really happy with Webroot's Secure Anywhere AVP since I have it on both wife's laptop and my desktop!  ;)
I had no idea they tracked purchasing patterns but it does make sense. If you ever have questions on the new VPN, we're actually going to have a product manager in the Community to answer questions so be sure to stop by. We'll have more info up on that here soon.
Userlevel 7
Badge +24
https://www.blockchain.com/btc/address/19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB
 
Wow its up to $4400 already. I can't believe how many people are falling for and paying this scammer
Userlevel 7
Badge +36
@ wrote:
https://www.blockchain.com/btc/address/19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB
 
Wow its up to $4400 already. I can't believe how many people are falling for and paying this scammer
That's insane, all the more reason to get the word out about these.
Userlevel 3
 
@ wrote:
https://www.blockchain.com/btc/address/19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB
 
Wow its up to $4400 already. I can't believe how many people are falling for and paying this scammer
So sad. And unfortunately, the elderly seem to be the prime target for these
cons! 😞
Userlevel 4
Badge +8
A couple of my customers received a very similar email.  The only difference was that the subject contained a valid password that they used to use. Although they knew what the guy was saying is rubbish, it concerned them that their password was showing. I checked their email on the haveibeenpwned.com website and it showed that their email was part of a data breach a coupe a years ago. I got them to change any accounts that might still be using that password. 
 
In one way, it's not so strange to see to see how many people would fall for this as many people do look at pornography and other inappropriate websites. Off course an email like this would scare them especially if a password they use appear in the subject line. Another good reason to use Webroot 's DNS Protection : )!
Userlevel 7
Badge +25
My wife received a similar email telling her many of the same things, but also included that she had been infected by going to porn sites. She does not go to porn sites, so we knew it was total crap. But she has received the same of similar message over 15 times now. I finally had to write an email message to just delete the message with certain keywords in it so she was ot bothered by them anymore. 
 
But this would be a great product: an email scanner that simply deletes scam emails that have already been discovered, and allow the user to send you an email they think is a scam for checking and adding to the database. There is a free idea for you!  🙂
Userlevel 7
Badge +25
@ wrote:
Man this is great! :D
 
As funny as this is, this is legitimately making money for this scammer. 
 
https://www.blockchain.com/btc/address/19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB
$2600 already. 
 
 
 
Just looked today, just a few days later: 0.68020119 = $4,350.76
 
Sure wish we could teach people to stop paying these idiots. 
Userlevel 7
Badge +25
@ wrote:
I had no idea they tracked purchasing patterns but it does make sense. If you ever have questions on the new VPN, we're actually going to have a product manager in the Community to answer questions so be sure to stop by. We'll have more info up on that here soon.
Tracking is big these days to cut down on fraud. One of the best at this is CapitalOne. You might find it annoying at first as they will text and email you to confirm a purchase if outside the norm or a new company or product you do not mormally buy, and block it if you do not respond in a timely manner. 
 
And it works. They have an alert system as well, so every charge on my card sends an alert to my cell phone. If I see a charge I or my wife did not make, I press a button and my card is locked down immediately. And you will get a phone call after that from Capital One and they send you out a new card ASAP.
 
Now what we really need is an app that will move all my auto payments over to the new crard. That is a total pain in the butt, because you will for sure miss one or two if you do that a lot. 
Userlevel 4
Badge +3
Hi tyler
 
Whats really amazing is that gullible people know how to make bitcoin wallets and payments.
 
Maybe they "invest" in bitcoin as well.
 
 
Userlevel 7
Badge +36
@ wrote:
A couple of my customers received a very similar email.  The only difference was that the subject contained a valid password that they used to use. Although they knew what the guy was saying is rubbish, it concerned them that their password was showing. I checked their email on the haveibeenpwned.com website and it showed that their email was part of a data breach a coupe a years ago. I got them to change any accounts that might still be using that password. 
 
In one way, it's not so strange to see to see how many people would fall for this as many people do look at pornography and other inappropriate websites. Off course an email like this would scare them especially if a password they use appear in the subject line. Another good reason to use Webroot 's DNS Protection : )!
That's a very good point! Also a good call to check and see if their information was sold on the dark web with the site you mentioned, in fact I've used it a few times myself.
Userlevel 7
Badge +36
@ wrote:
My wife received a similar email telling her many of the same things, but also included that she had been infected by going to porn sites. She does not go to porn sites, so we knew it was total crap. But she has received the same of similar message over 15 times now. I finally had to write an email message to just delete the message with certain keywords in it so she was ot bothered by them anymore. 
 
But this would be a great product: an email scanner that simply deletes scam emails that have already been discovered, and allow the user to send you an email they think is a scam for checking and adding to the database. There is a free idea for you!  :-)
This is a great idea, only hesitation would be that customers tend to dislike a product that reads through their emails.I know the notion of email scanning has been tossed around before though.
Userlevel 7
Badge +25
@ wrote:
This is a great idea, only hesitation would be that customers tend to dislike a product that reads through their emails.I know the notion of email scanning has been tossed around before though.
While II agree that users hate their email scanned for when used for advertising, but if the scanning was local and the tool simply looked for defintions, I think people would mind a lot less. Especially of the scannig could stay local to the user's device. 
 
But even so, people who care basically need to trust that WebRoot will not misues their info. I would venture a guess that if they trust you enough to add a program that scans every file on their system, they could easily accept a tool that scans their email for non-commerical advertising purpose. I would.
Userlevel 7
Badge +36
@ wrote:
@ wrote:
This is a great idea, only hesitation would be that customers tend to dislike a product that reads through their emails.I know the notion of email scanning has been tossed around before though.
While II agree that users hate their email scanned for when used for advertising, but if the scanning was local and the tool simply looked for defintions, I think people would mind a lot less. Especially of the scannig could stay local to the user's device. 
 
But even so, people who care basically need to trust that WebRoot will not misues their info. I would venture a guess that if they trust you enough to add a program that scans every file on their system, they could easily accept a tool that scans their email for non-commerical advertising purpose. I would.
True, certainly a valid point.
Userlevel 4
Badge +8
Regarding @MajorHavoc suggestion, another way around the privacy issue is to have an audit system where the user can check what words/definitions have been picked on and captured. If there are any private info that they are concerned about, then they can report it. Maybe Webroot can try and implement a Trust System to prevent privacy concerns.
 
It would actually be really good if there was a similar system to BrighCloud Threat Intelligence but for the purpose of email scams. A system that learns from everyone's email mailboxes to build a massive database of scam emails and also provide the user the ability to submit scam emails to the database. If a lot of people start using this, then it will start working similar to BrightCloud's system to protect our mailboxes. It could then start learning the patterns of scam emails and become smarter to protect our mailboxes.
 
Any thoughts on this?
Userlevel 7
Badge +36
@ wrote:
Regarding @MajorHavoc suggestion, another way around the privacy issue is to have an audit system where the user can check what words/definitions have been picked on and captured. If there are any private info that they are concerned about, then they can report it. Maybe Webroot can try and implement a Trust System to prevent privacy concerns.
 
It would actually be really good if there was a similar system to BrighCloud Threat Intelligence but for the purpose of email scams. A system that learns from everyone's email mailboxes to build a massive database of scam emails and also provide the user the ability to submit scam emails to the database. If a lot of people start using this, then it will start working similar to BrightCloud's system to protect our mailboxes. It could then start learning the patterns of scam emails and become smarter to protect our mailboxes.
 
Any thoughts on this?
I can mention this idea to the product team and see what their thoughts are, certainly.
Userlevel 7
Badge +25
I agree, a good idea.
 
On a seperate note, because I cannot find a place to report this, the Kudos buttons are not working for me. I tried on my Mac and my Windows machine. I am (obviously) logged in, but when I press the Thumbs Up button, it turns dark, but the count does not increase. I leave the page and come back, the thumbs buttons I checked  are "off" again. 
 
So curious, where exactly should I be reporting this error to. I went to support, it tells me I already have a conversation started, and "if I want to continue the conversation" (I don't) enter the conversation password. There is no option to start a new conversation, and leaving the password blank just sticks one on that page. I also cannot find a place on the forum to report forum bugs. And no where in Contacts to report that either. 
 
Seems this may have bene over looked? 
 
thanks
Userlevel 7
Badge +36
@ wrote:
I agree, a good idea.
 
On a seperate note, because I cannot find a place to report this, the Kudos buttons are not working for me. I tried on my Mac and my Windows machine. I am (obviously) logged in, but when I press the Thumbs Up button, it turns dark, but the count does not increase. I leave the page and come back, the thumbs buttons I checked  are "off" again. 
 
So curious, where exactly should I be reporting this error to. I went to support, it tells me I already have a conversation started, and "if I want to continue the conversation" (I don't) enter the conversation password. There is no option to start a new conversation, and leaving the password blank just sticks one on that page. I also cannot find a place on the forum to report forum bugs. And no where in Contacts to report that either. 
 
Seems this may have bene over looked? 
 
thanks
I tried replicating this and I'm not seeing this issue. Is anyone else?
Userlevel 7
@ if you're running an AdBlocker, try turning it off for the Webroot Forum. See if you can give Kudo's after turning it off.
Userlevel 7
Badge +25
@ wrote:
@if you're running an AdBlocker, try turning it off for the Webroot Forum. See if you can give Kudo's after turning it off.
Ok, how did you know that and why should that be having that effect? Yes, I turned off  ABP on this site, and the Kudos work again. How odd. 

Reply