Monday, July 16, 2018

It looks like that season for ransomware- this one uses your very own weak, old passwords to blackmail you


The email follows.  By the way, none of the allegations are true. 
This is a summary from Silicon Republic:

Email scam aims to frighten users into paying a digital ransom

A new twist on an old email scam is doing the rounds, according to Infosecurity Magazine. The basic skeleton of this email sextortion campaign has been around for years: the sender of the email claims to have webcam footage of the recipient watching pornography and demands a bitcoin ransom (of course, the footage claim is a social engineering tactic – one that works).
The twist here, though, is the email includes a password the recipient may have used for an online account. Luckily, the passwords sent so far are all close to 10 years old, according to people who received the email threat, which points to the information coming from a past data breach dating back a long while.
This scam could end up becoming more refined and convincing as time goes on, so it is still worth keeping an eye on your inbox.

I'm going to cut to the chase. I am aware xxxxxxxx is your password. More importantly, I know your secret and I've proof of this. You don't know me and no one employed me to investigate you. 

It's just your misfortune that I discovered your misadventures. Well, I installed a malware on the adult vids (porn) and you visited this web site to have fun (you know what I mean). When you were busy watching video clips, your browser started out functioning as a Rdp (Remote desktop) with a keylogger which provided me with accessibility to your display and also web cam. Right after that, my software program gathered your entire contacts from your social networks, as well as e-mail. 

Next, I put in more hours than I probably should've investigating into your life and generated a two view video. 1st part shows the video you had been watching and next part shows the recording of your web camera (its you doing dirty things). 

Frankly, I'm ready to forget details about you and let you move on with your life. And I am about to provide you two options that will achieve that. The above option is with the idea to ignore this letter, or perhaps pay me $2900. Let’s examine those 2 options in more detail. 

Option One is to ignore this e-mail. You should know what will happen if you opt this option. I definitely will send your video to your contacts including friends and family, coworkers, and so forth. It won't help you avoid the humiliation you and your family will face when relatives and buddies discover your unpleasant videos from me. 

Other Option is to send me $2900. We’ll call this my “confidentiality charges”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I'll delete the recording immediately. You go on with your routine life as if nothing ever happened. 

At this point you may be thinking, “Let me call cops”. Let me tell you, I've covered my steps in order that this mail can't be traced back to me and yes it won't stay away from the evidence from destroying your lifetime. I am not planning to steal all your savings. I am just looking to get paid for my time I put in investigating you. Let's hope you've decided to make this all disappear completely and pay me my confidentiality fee. You'll make the payment by Bitcoins (if you don't know how, search "how to buy bitcoins" on google) 

Amount to be sent: $2900 
Bitcoin Address to Send to: 1KBVnnJCPMDai81kMq2sUMFPKejAo7svE9 
(It's case sensitive, so copy and paste it carefully) 

Tell no one what you should be transferring the bitcoin for or they will often not sell it to you. The method to get bitcoins may take a couple of days so do not put it off.
I've a special pixel in this mail, and right now I know that you have read through this message. You have 1 day in order to make the payment. If I do not get the Bitcoins, I will, no doubt send your video recording to your entire contacts including relatives, co-workers, and so forth. You better come up with an excuse for friends and family before they find out. Nonetheless, if I receive the payment, I'll destroy the video immediately. It is a non-negotiable one time offer, thus please do not waste my time & yours. Time is running out.

Sunday, July 15, 2018

Fake call (scam): To Dell owners- caller knows tag and service code and insist on fixing problem

This is hitting hard around here:  tech call says you are having a problem with your Dell computer and wants to fix it for you.  To prove they are the real thing, they read off your service tag and your express service code.  You drop your skepticism and let them on your computer, where they show you the event log, telling you that your computer has all these errors and must be fixed.  It is a standard scam from that point.  If the call is from "Dell" hang up.

As for reporting this, Dell is apparently asking you to send a private message to them.  However, since this has been going on for at least 3 years, Dell obviously considers it a problem they can't handle. 

Clearly and obviously, someone has hacked into Dell and may still be hacking into Dell and stealing the user information.  It might be an inside job, since so much of what goes on at any support center today is overseas where they are lax and may be on the take.  It would be nice if the white hatters out there would trace these crooks down and hack their systems to determine the sources.  Dell, why aren't you in the forefront? 

References:

https://www.dell.com/community/Customer-Care/SCAM-Tech-Support-Call/td-p/5134886

Printfriendly

Print Friendly and PDF