Kitz Forum

Computer Software => Security => Topic started by: roseway on March 30, 2018, 07:29:36 AM

Title: Nasty scam
Post by: roseway on March 30, 2018, 07:29:36 AM
I received this lovely message this morning, sent to my normal email address. The bit about switching on the webcam is nonsense because I don't have one, and I don't use a laptop. (Also I don't do what they say they caught me doing.)

I'm not personally concerned, but I'm not sure where to report this. Presumably millions of these have been sent out. Any ideas?

Quote
Hi my friend. I m a member of the group of web criminals in Korea. We use your working email cause we think that you will check it. Last month my team infected web-site with porn and just as you pressed on a play your appliance started recording your screen and switching on cam to capture you self-abusing.As a result I reckon you understand which compromising evidence Ive got. In addition, my soft force your device act as remote desktop with many abilities as keylogger,parser etc. Finally, my soft picked all evidence,especially all your contacts from messengers,e-mails,social networks. To safe your reputation you must send 500 united states dollars in bitcoins. We are sure that you have this sum. Use this Bitcoin address to pay - [Deleted] You must use it as usual credit card number. If you send bitcoins We will delete everything about you. Use internet to understand how to buy bitcoins. For example you can buy them at localbitoins. com. If you have a problem with this, try to find the nearest BTC ATM at coin atm radar. You have no more than 24 hours since you open this letter to finish a transaction.You can complain cops, but they can not find us I write you through our bot network, also I do not live in your country.If you want us to show proofs we can send it to 5 your contacts then we will share their links. If you want you will ask them if they have received something or not.For some questions just reply. Think better.
Title: Re: Nasty scam
Post by: Ronski on March 30, 2018, 07:36:38 AM
I'm sure someone else posted recently with a very similar email, they'll try anything to frighten people into sending money.
Title: Re: Nasty scam
Post by: roseway on March 30, 2018, 07:55:11 AM
I've forwarded it to NFIB Phishing and reported it to Action Fraud.
Title: Re: Nasty scam
Post by: burakkucat on March 30, 2018, 04:39:11 PM
Yes, that is the best course of action.
Title: Re: Nasty scam
Post by: kitz on March 31, 2018, 11:30:09 AM
I've had a couple of these over the past week or so.  Like Eric I dont have a cam, nvm a front camera.. nor do I visit porn sites.  I got one last week which I binned without further ado.   This one came today.

Quote
Тickеt#434173610: <myemailaddress> 29.03.2018 04:40:06 Compromative evidence


Hello...

Dont pay attention on my grammar, I am from Belgium.We put the malicious program onto your OS.After that I stole all individual info from your OS. Additionally I obtained slightly more evidence.The most entertaining evidence that I received- its a videotape with your w**king.I installed virus on a porn page and then you downloaded it. The moment you picked the video and tapped on a play, my software instantly adjusted on your device.

After downloading, your front-camera made the videotape with you self-abusing,  additionally malware captured exactly the porn video you masturbated on. In next week my virus grabbed all your social media and work contacts.

If you need to erase the records- transfer me 480 euro in Bitcoins.
Its my Bitcoin wallet address - 176X1axgckKMmBDfbLomNcdLTVpK7quKko 

You have 20 h. to go from this moment. As soon as I get transfer I will erase the evidence evermore. Other way I will send the record to all your colleagues and friends.

According to this (https://nexusconsultancy.co.uk/blog/good-luck-solving-problems-email-scam/) it appears to be doing the rounds atm and they are chancing their luck in the hope that someone is naive enough to pay up.   Extortion phishing is the new spam :(
Title: Re: Nasty scam
Post by: Bowdon on October 18, 2018, 10:54:47 AM
I finally got one of these types of email. It came to an old pipex address I still keep going with the subject telling me the email address is hacked.

This is the body of the text;

Quote
Hello!

My nickname in darknet is dominique30.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

If you don't belive me please check 'from address' in your header, you will see that I sent you an email from your mailbox.

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $506 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1DBMVxzSPZ95FDyZfopwHgxncFEsp89uuS
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 50 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!

It's interesting that the emails are slightly different but along the same theme. I'm surpised they have the intelligence to make their own emails instead of just copying a template lol
Title: Re: Nasty scam
Post by: sevenlayermuddle on October 18, 2018, 02:04:26 PM
I was feeling left out as I’d not had one of these. :(

But then I checked my spam folder, and there it was.   Google had caught it. :)
Title: Re: Nasty scam
Post by: j0hn on October 18, 2018, 02:11:59 PM
https://bitref.com/1DBMVxzSPZ95FDyZfopwHgxncFEsp89uuS

someone has fallen for it.
over £1500 in the last couple days.
Title: Re: Nasty scam
Post by: Black Sheep on October 18, 2018, 02:30:29 PM
Just last week I visited the premises of an elderly couple, who had been scammed for £6,000 the day before !!!

They had reported a broadband problem with their ISP (I wish I could name them, but I can't) .... then within the next hour they received a phone call from 'BT' explaining that they were now in possession of their broadband fault and could they blah-de-blah <scam ensues>.

As I listened in horror at the couple revealing the scam, my only thought was how did the scammers know so quickly that a fault had been raised for us to visit the premises ???
I can only assume there is inside information being given out, probably from the ISP ?? Scary stuff. 
Title: Re: Nasty scam
Post by: sevenlayermuddle on October 18, 2018, 04:39:18 PM
I’d say just co-incidence, BS.   I get scam calls like these most days, often several times a day.

Trouble with BT among others, imho, is that they really do outsource the call centres to other countries, with accents and language traits that are indistinguishable from the scammers.  So when people get a call from a scammer, it sounds exactly like the last person they spoke to in a BT call centre.   Hardly surprising that they sometimes fall for it, should it happen to co-incide with an expected call.

I think BT may have promised to stop outsourcing, but I got a genuine unsolicited call from such a BT call centre quite recently. :(
Title: Re: Nasty scam
Post by: chenks on October 19, 2018, 08:20:26 AM
I think BT may have promised to stop outsourcing, but I got a genuine unsolicited call from such a BT call centre quite recently. :(

they can stop outsourcing, but that doesn't necessarily mean that you won't be speaking to someone with a "foreign" accent.
unless they also plan to only hire people that speak the "queens english".

of course, the upshot of not outsourcing is an increase in costs,  which will be passed on to the customer no doubt.
Title: Re: Nasty scam
Post by: Weaver on October 19, 2018, 08:31:05 AM
I received my second scam of the this-is-your-password type this week.
Title: Re: Nasty scam
Post by: sevenlayermuddle on October 19, 2018, 09:32:10 AM
I received my second scam of the this-is-your-password type this week.

That’s the one I think people will be most likely to fall for. :(
Title: Re: Nasty scam
Post by: kitz on October 24, 2018, 10:33:56 PM
I got this one today sent to an unused alias at my ISP mail

Quote
Hello!

I'm a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from unused@removed.plus.com on moment of hack: nx955187d

Of course you can will change it, or already changed it.
But it doesn't matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I've never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!) I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!
BUT I'm sure you don't want it.

Therefore, I expect payment from you for my silence.
I think $899 is an acceptable price for it!

Pay with Bitcoin.
My BTC wallet: 1JTtwbvmM7ymByxPYCByVYCwasjH49J3Vj

If you do not know how to do this - enter into Google "how to transfer money to a bitcoin wallet". It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.
If this does not happen - all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)

Do not be silly!
Police or friends won't help you for sure ...

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.
Farewell.

Whilst I know its a con :

1) the email & password have never been used
2) I can see from the headers that the email address has been spoofed from 1.136.110.65 (https://whatismyipaddress.com/ip/1.136.110.65) which is probably a proxy or infected PC
3) I don't have a web cam
4) I don't visit porn sites
5) My system is clean

Unfortunately many people have fallen for it already - Within a short space of time 23 people have paid up and the bitcoin account (https://bitref.com/1JTtwbvmM7ymByxPYCByVYCwasjH49J3Vj) has a balance in excess of £10.6k  :(

Title: Re: Nasty scam
Post by: banger on October 25, 2018, 05:36:18 AM
Kitz I have had the same email as above only with details of a throwaway email I used to sign up to Malwarebytes and their forum password. Otherwise the email is exactly the same. The MBAM site was hacked in 2014 according to Firefox Monitor but the email may have been sitting in my inbox for months as PlusNet failed to let me know they had changed there IMAP servers.
Title: Re: Nasty scam
Post by: Chrysalis on October 25, 2018, 09:27:01 AM
yeah i had a few of those emails is funny
Title: Re: Nasty scam
Post by: Bowdon on November 09, 2018, 06:16:34 PM
I got the scam email with the password included, it was even listed in the subject header.

The strange part of this is that the email in question isn't on any of the pwned sites, which I find interesting as its my oldest email account which I got with pipex.

The password isn't one I've used to login anywhere in the recent years so it must be a small password leak from some place.
Title: Re: Nasty scam
Post by: kitz on November 10, 2018, 11:17:37 PM
Yes I notice that they have now started to include the password in the subject header.

One of the places that I can trace this back to is the Medion (Aldi) forums, which I have not used for >7yrs.  Therefore I suspect they are obtaining details of hacked databases from long ago in an attempt to scare people.

I've also just realised within the past few days, that one of the other addresses relates to an email address that I set up for a very close friend of mine who died in Nov 2003, so they are using some very old databases.
Title: Re: Nasty scam
Post by: sevenlayermuddle on November 11, 2018, 12:16:27 AM
Also the problem that as recently as 7 or 8 years ago, folks who really should have known better, were handling, storing and sharing passwords, unencrypted and in plain text.

Dredging through my inbox, searching for occurrences of “password” I find an email from PC World, 2011, after I’d followed their “forgotten password” procedure.   Their email confirms I have changed my password, and states the new password, in plain text, in an unencrypted email.  ::)

Another problem is (or might be) that people don’t properly destroy disk drives, before dumping them.   An HDD is a treasure trove of cached browser passwords, which are always unencrypted despite appearance of asterisks blanking (unless the disk itself is encrypted).   Further, there is the contents of any swap partition, deleted files, etc.     This is one reason I prefer magnetic disks over solid state, the former are so much easier to convincingly trash with a great big hammer and nail, after zero filling. ::)
Title: Re: Nasty scam
Post by: Weaver on November 11, 2018, 02:17:30 AM
I also burn stuff that needs to be disposed of. Things go straight into the big stove.
Title: Re: Nasty scam
Post by: 4candles on November 11, 2018, 12:03:06 PM
One of the places that I can trace this back to is the Medion (Aldi) forums, which I have not used for >7yrs.  Therefore I suspect they are obtaining details of hacked databases from long ago in an attempt to scare people.

I've also just realised within the past few days, that one of the other addresses relates to an email address that I set up for a very close friend of mine who died in Nov 2003, so they are using some very old databases.
I've had five or six of these in the past week, all addressed to a Plusnet alias I used only once, with a unique password, to order some plants from Urban Jungle - in 2010.
Title: Re: Nasty scam
Post by: Bowdon on November 11, 2018, 02:44:10 PM
I'm not that educated about bitcoin wallets. But is it possible to trace the bitcoin code that these emails give out to a bitcoin account?

I'm thinking that even if we never found out the identity of the person('s) it might be possible to make it as inconvinient as possible for them by keep closing their bitcoin accounts down?
Title: Re: Nasty scam
Post by: 4candles on December 04, 2018, 11:20:08 PM
 :hmm: All quiet since I deleted the Plusnet alias mentioned on 11/11, but a variant received today - with increased demand.
No mention of passwords this time, but slightly concerning as it's addressed to an alias which has never been spammed before, and is used solely for the Kitz forum.  ???
Title: Re: Nasty scam
Post by: kitz on December 13, 2018, 05:47:52 PM
No mention of passwords this time, but slightly concerning as it's addressed to an alias which has never been spammed before, and is used solely for the Kitz forum.  ???

When you say alias do you mean addressed to your username here?   
Title: Re: Nasty scam
Post by: 4candles on December 13, 2018, 08:53:46 PM
Not username. Addressed to the Plusnet alias email address which has only ever been used to receive notifications from the Kitz forum.Lots more identical ones in the last few days, but no problem now as I've deleted the alias and changed my Kitz contact email.
Title: Re: Nasty scam
Post by: kitz on December 13, 2018, 11:53:54 PM
Thanks :)


Not sure how long you have been with PN, but years ago their email system was hacked and 100's of 1000's of their email addresses got leaked into the public domain.    I get occasional spam to some of my PN email aliases which I assume related to that issue despite the fact it was so long ago.  In fact within the past month I have gotten several of these bitcoin blackmail mails to 3 PN aliases which I don't think I've used anywhere which has been compromised.  It's a loooong time since I've used PN mail for anything other than mail directly to Plusnet about my account and the last time I used my ISP mail services outside of PN correspondence would date back to the days before I moved to BE*.

I strongly suspect they are just using this particular scam on any email lists they can get their hands on.   :(
Title: Re: Nasty scam
Post by: Chrysalis on December 14, 2018, 05:57:23 AM
Yes I dont want to attack plusnet and as such will keep this as passive as possible, but some of us remember they had not even implemented encryption on their email servers and this was several years after it was common place elsewhere, so if you consider the approach to security on that side of things its plausible there was security holes that allowed the list to get leaked.  I dont know if they have implemented encryption now as I have long lost interest in their email servers.
Title: Re: Nasty scam
Post by: jelv on December 14, 2018, 04:56:39 PM
Sometimes scam emails are so well crafted you have to think about it before you realise what they are.

Other times...

Quote
Subject: Your building is under my control 14-12-2018 05:32:44

I host a forum in the darkweb, I sell all kinds of services - above all it is damage to property and injury. Basically, all but the shooting. Often main reasons are rejected love or competition at bussiness. This week he contacted me and gave me the order of empty sourness in your face. Default order - quickly, painfully, for life. Without too much fuss. I get receive only after completing the order. Therefore, now I offer you send money to me to be inactive, I suggest this to almost all the victims. If I do not receive money from you, then my man will fulfill the task. If you send me money, besides to my inaction, I will provide you the info that I have about the client. After completing the order, I often waist the performer, so I have an option, to get $1900 from you for info about the customer and my inaction, or to receive $ 4000 from the customer, but with a high probability of spending the performer.

I’m getting payments in BTC, here’s my bitcoin address - 11B68RbmyxQys2CXXbAZxcwVXnaWCNBbw

The summary I indicated above.

One day to decide and pay.
Title: Re: Nasty scam
Post by: Chrysalis on December 14, 2018, 06:03:42 PM
Apparently my router (pfsense unit, closed off to WAN on services) has been hacked and they will tell all my family of my porn viewing habits if I dont pay up within 48 hours, what should I do?
Title: Re: Nasty scam
Post by: sevenlayermuddle on December 14, 2018, 10:28:46 PM
I know nothing at all about bitcoin.   But I do believe, the best way to beat scammers in general is not to ignore them, or to swear at them, it is to waste their time.   For to them, time is of value, and if you waste that time it does impact their business model.

Hence I wonder... would it be possible to respond to these ransoms by paying a tiny, tiny, tiny. fraction of a penny?   It must be so tiny that, even multiplied by millions upon millions, it is still nearly nothing, ie reward for sending 500 billion emails == 1 bag cheese&onion crisps.   

If that were possible, the logistical overheads for the scammer would presumable become very unpleasant, plus law enforcement would have better chance of tracing by brute-forcing analysis of the millions upon millions of infinitesimal payments?
Title: Re: Nasty scam
Post by: d2d4j on December 14, 2018, 10:49:54 PM
Hi

@7LM - if only that was true.

Unfortunately they use hacked systems so they don’t pay as we do

I actually stopped a full blown scam including PayPal and the email addresses amounted to over 800,000 complete with username passwords and I can see exactly how they were wanting to manipulate systems by introducing virtual pc.

All they need is a foothold on a pc/server, from windows, Linux and apple.

I still have it all

It is frightening and worst is, you would not believe the passwords used by users.

I could take a snapshot of the actual software (not installed but was going to be), and the brute force dictionary attack to compromise

Many thanks

John
Title: Re: Nasty scam
Post by: Chrysalis on December 15, 2018, 12:51:05 AM
heh damn I already paid O_o sevenlayer

They must have somehow hacked my router even tho there is a firewall denying all packets WAN side, and I must have believed them.
Title: Re: Nasty scam
Post by: Ronski on December 17, 2018, 03:38:07 PM
https://www.zdnet.com/article/bomb-threat-scammers-are-now-threatening-to-throw-acid-on-victims

Title: Re: Nasty scam
Post by: kitz on December 23, 2018, 10:29:30 PM
 :o
Title: Re: Nasty scam
Post by: g3uiss on January 09, 2019, 04:56:19 PM
I got the scam email with the password included, it was even listed in the subject header.

The strange part of this is that the email in question isn't on any of the pwned sites, which I find interesting as its my oldest email account which I got with pipex.

The password isn't one I've used to login anywhere in the recent years so it must be a small password leak from some place.

I got one today, in my Hotmail account which I use for one off visits to sites that require a Login. I also had an OLD password in the header, I suspect its not been used for a few years. I get a lot of Spam in my Hotmail account, but its also my Microsoft registered email address so I cant easily dump it.

No web cam, clean PC and no I don't !