Kitz Forum

Computer Software => Security => Topic started by: roseway on March 30, 2018, 07:29:36 AM

Title: Nasty scam
Post by: roseway on March 30, 2018, 07:29:36 AM
I received this lovely message this morning, sent to my normal email address. The bit about switching on the webcam is nonsense because I don't have one, and I don't use a laptop. (Also I don't do what they say they caught me doing.)

I'm not personally concerned, but I'm not sure where to report this. Presumably millions of these have been sent out. Any ideas?

Quote
Hi my friend. I m a member of the group of web criminals in Korea. We use your working email cause we think that you will check it. Last month my team infected web-site with porn and just as you pressed on a play your appliance started recording your screen and switching on cam to capture you self-abusing.As a result I reckon you understand which compromising evidence Ive got. In addition, my soft force your device act as remote desktop with many abilities as keylogger,parser etc. Finally, my soft picked all evidence,especially all your contacts from messengers,e-mails,social networks. To safe your reputation you must send 500 united states dollars in bitcoins. We are sure that you have this sum. Use this Bitcoin address to pay - [Deleted] You must use it as usual credit card number. If you send bitcoins We will delete everything about you. Use internet to understand how to buy bitcoins. For example you can buy them at localbitoins. com. If you have a problem with this, try to find the nearest BTC ATM at coin atm radar. You have no more than 24 hours since you open this letter to finish a transaction.You can complain cops, but they can not find us I write you through our bot network, also I do not live in your country.If you want us to show proofs we can send it to 5 your contacts then we will share their links. If you want you will ask them if they have received something or not.For some questions just reply. Think better.
Title: Re: Nasty scam
Post by: Ronski on March 30, 2018, 07:36:38 AM
I'm sure someone else posted recently with a very similar email, they'll try anything to frighten people into sending money.
Title: Re: Nasty scam
Post by: roseway on March 30, 2018, 07:55:11 AM
I've forwarded it to NFIB Phishing and reported it to Action Fraud.
Title: Re: Nasty scam
Post by: burakkucat on March 30, 2018, 04:39:11 PM
Yes, that is the best course of action.
Title: Re: Nasty scam
Post by: kitz on March 31, 2018, 11:30:09 AM
I've had a couple of these over the past week or so.  Like Eric I dont have a cam, nvm a front camera.. nor do I visit porn sites.  I got one last week which I binned without further ado.   This one came today.

Quote
Тickеt#434173610: <myemailaddress> 29.03.2018 04:40:06 Compromative evidence


Hello...

Dont pay attention on my grammar, I am from Belgium.We put the malicious program onto your OS.After that I stole all individual info from your OS. Additionally I obtained slightly more evidence.The most entertaining evidence that I received- its a videotape with your w**king.I installed virus on a porn page and then you downloaded it. The moment you picked the video and tapped on a play, my software instantly adjusted on your device.

After downloading, your front-camera made the videotape with you self-abusing,  additionally malware captured exactly the porn video you masturbated on. In next week my virus grabbed all your social media and work contacts.

If you need to erase the records- transfer me 480 euro in Bitcoins.
Its my Bitcoin wallet address - 176X1axgckKMmBDfbLomNcdLTVpK7quKko 

You have 20 h. to go from this moment. As soon as I get transfer I will erase the evidence evermore. Other way I will send the record to all your colleagues and friends.

According to this (https://nexusconsultancy.co.uk/blog/good-luck-solving-problems-email-scam/) it appears to be doing the rounds atm and they are chancing their luck in the hope that someone is naive enough to pay up.   Extortion phishing is the new spam :(
Title: Re: Nasty scam
Post by: Bowdon on October 18, 2018, 10:54:47 AM
I finally got one of these types of email. It came to an old pipex address I still keep going with the subject telling me the email address is hacked.

This is the body of the text;

Quote
Hello!

My nickname in darknet is dominique30.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

If you don't belive me please check 'from address' in your header, you will see that I sent you an email from your mailbox.

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $506 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1DBMVxzSPZ95FDyZfopwHgxncFEsp89uuS
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 50 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!

It's interesting that the emails are slightly different but along the same theme. I'm surpised they have the intelligence to make their own emails instead of just copying a template lol
Title: Re: Nasty scam
Post by: sevenlayermuddle on October 18, 2018, 02:04:26 PM
I was feeling left out as I’d not had one of these. :(

But then I checked my spam folder, and there it was.   Google had caught it. :)
Title: Re: Nasty scam
Post by: j0hn on October 18, 2018, 02:11:59 PM
https://bitref.com/1DBMVxzSPZ95FDyZfopwHgxncFEsp89uuS

someone has fallen for it.
over £1500 in the last couple days.
Title: Re: Nasty scam
Post by: Black Sheep on October 18, 2018, 02:30:29 PM
Just last week I visited the premises of an elderly couple, who had been scammed for £6,000 the day before !!!

They had reported a broadband problem with their ISP (I wish I could name them, but I can't) .... then within the next hour they received a phone call from 'BT' explaining that they were now in possession of their broadband fault and could they blah-de-blah <scam ensues>.

As I listened in horror at the couple revealing the scam, my only thought was how did the scammers know so quickly that a fault had been raised for us to visit the premises ???
I can only assume there is inside information being given out, probably from the ISP ?? Scary stuff. 
Title: Re: Nasty scam
Post by: sevenlayermuddle on October 18, 2018, 04:39:18 PM
I’d say just co-incidence, BS.   I get scam calls like these most days, often several times a day.

Trouble with BT among others, imho, is that they really do outsource the call centres to other countries, with accents and language traits that are indistinguishable from the scammers.  So when people get a call from a scammer, it sounds exactly like the last person they spoke to in a BT call centre.   Hardly surprising that they sometimes fall for it, should it happen to co-incide with an expected call.

I think BT may have promised to stop outsourcing, but I got a genuine unsolicited call from such a BT call centre quite recently. :(
Title: Re: Nasty scam
Post by: chenks on October 19, 2018, 08:20:26 AM
I think BT may have promised to stop outsourcing, but I got a genuine unsolicited call from such a BT call centre quite recently. :(

they can stop outsourcing, but that doesn't necessarily mean that you won't be speaking to someone with a "foreign" accent.
unless they also plan to only hire people that speak the "queens english".

of course, the upshot of not outsourcing is an increase in costs,  which will be passed on to the customer no doubt.
Title: Re: Nasty scam
Post by: Weaver on October 19, 2018, 08:31:05 AM
I received my second scam of the this-is-your-password type this week.
Title: Re: Nasty scam
Post by: sevenlayermuddle on October 19, 2018, 09:32:10 AM
I received my second scam of the this-is-your-password type this week.

That’s the one I think people will be most likely to fall for. :(
Title: Re: Nasty scam
Post by: kitz on October 24, 2018, 10:33:56 PM
I got this one today sent to an unused alias at my ISP mail

Quote
Hello!

I'm a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from unused@removed.plus.com on moment of hack: nx955187d

Of course you can will change it, or already changed it.
But it doesn't matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I've never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!) I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!
BUT I'm sure you don't want it.

Therefore, I expect payment from you for my silence.
I think $899 is an acceptable price for it!

Pay with Bitcoin.
My BTC wallet: 1JTtwbvmM7ymByxPYCByVYCwasjH49J3Vj

If you do not know how to do this - enter into Google "how to transfer money to a bitcoin wallet". It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.
If this does not happen - all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)

Do not be silly!
Police or friends won't help you for sure ...

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.
Farewell.

Whilst I know its a con :

1) the email & password have never been used
2) I can see from the headers that the email address has been spoofed from 1.136.110.65 (https://whatismyipaddress.com/ip/1.136.110.65) which is probably a proxy or infected PC
3) I don't have a web cam
4) I don't visit porn sites
5) My system is clean

Unfortunately many people have fallen for it already - Within a short space of time 23 people have paid up and the bitcoin account (https://bitref.com/1JTtwbvmM7ymByxPYCByVYCwasjH49J3Vj) has a balance in excess of £10.6k  :(

Title: Re: Nasty scam
Post by: banger on October 25, 2018, 05:36:18 AM
Kitz I have had the same email as above only with details of a throwaway email I used to sign up to Malwarebytes and their forum password. Otherwise the email is exactly the same. The MBAM site was hacked in 2014 according to Firefox Monitor but the email may have been sitting in my inbox for months as PlusNet failed to let me know they had changed there IMAP servers.
Title: Re: Nasty scam
Post by: Chrysalis on October 25, 2018, 09:27:01 AM
yeah i had a few of those emails is funny
Title: Re: Nasty scam
Post by: Bowdon on November 09, 2018, 06:16:34 PM
I got the scam email with the password included, it was even listed in the subject header.

The strange part of this is that the email in question isn't on any of the pwned sites, which I find interesting as its my oldest email account which I got with pipex.

The password isn't one I've used to login anywhere in the recent years so it must be a small password leak from some place.
Title: Re: Nasty scam
Post by: kitz on November 10, 2018, 11:17:37 PM
Yes I notice that they have now started to include the password in the subject header.

One of the places that I can trace this back to is the Medion (Aldi) forums, which I have not used for >7yrs.  Therefore I suspect they are obtaining details of hacked databases from long ago in an attempt to scare people.

I've also just realised within the past few days, that one of the other addresses relates to an email address that I set up for a very close friend of mine who died in Nov 2003, so they are using some very old databases.
Title: Re: Nasty scam
Post by: sevenlayermuddle on November 11, 2018, 12:16:27 AM
Also the problem that as recently as 7 or 8 years ago, folks who really should have known better, were handling, storing and sharing passwords, unencrypted and in plain text.

Dredging through my inbox, searching for occurrences of “password” I find an email from PC World, 2011, after I’d followed their “forgotten password” procedure.   Their email confirms I have changed my password, and states the new password, in plain text, in an unencrypted email.  ::)

Another problem is (or might be) that people don’t properly destroy disk drives, before dumping them.   An HDD is a treasure trove of cached browser passwords, which are always unencrypted despite appearance of asterisks blanking (unless the disk itself is encrypted).   Further, there is the contents of any swap partition, deleted files, etc.     This is one reason I prefer magnetic disks over solid state, the former are so much easier to convincingly trash with a great big hammer and nail, after zero filling. ::)
Title: Re: Nasty scam
Post by: Weaver on November 11, 2018, 02:17:30 AM
I also burn stuff that needs to be disposed of. Things go straight into the big stove.
Title: Re: Nasty scam
Post by: 4candles on November 11, 2018, 12:03:06 PM
One of the places that I can trace this back to is the Medion (Aldi) forums, which I have not used for >7yrs.  Therefore I suspect they are obtaining details of hacked databases from long ago in an attempt to scare people.

I've also just realised within the past few days, that one of the other addresses relates to an email address that I set up for a very close friend of mine who died in Nov 2003, so they are using some very old databases.
I've had five or six of these in the past week, all addressed to a Plusnet alias I used only once, with a unique password, to order some plants from Urban Jungle - in 2010.
Title: Re: Nasty scam
Post by: Bowdon on November 11, 2018, 02:44:10 PM
I'm not that educated about bitcoin wallets. But is it possible to trace the bitcoin code that these emails give out to a bitcoin account?

I'm thinking that even if we never found out the identity of the person('s) it might be possible to make it as inconvinient as possible for them by keep closing their bitcoin accounts down?