The latest hacker / email scam has been roaming the internet for a few months now. This one is pretty ingenious because it is more of a social email hack playing on your fears rather than an actual attack on your computer.
How does it play out?
An email arrives from you, yes your own email address. The subject of the email will be related to “Account Issue” , “Security Warning” or some variation. The email will further explain that you were hacked by an International Hacker Group and demand you pay $800 USD in bit coin in 48 hours or they will release video of you in a compromising position while watching porn! The hacker further tries to prove his legitimacy by providing you with your password.
The first time I saw this attack I was taken back for a moment because the password in the email was REAL. It was actually one of my “throwaway” passwords and kind of freaked me out.
Lets break the email down and see exactly what they did
- First off they try to prove a breach into your workstation by attempting to show you the email originated on your computer because it was sent to you by you.
If you spent a few seconds researching you would know that anyone can easily spoof your email address. In fact I could send you an email right now that appears it came from Donald.Trump@Whitehouse.gov. This is simply the reply address and it can be anything you want. If you take a moment to look at the email header (a hidden part of all email messages) it would show you the message originated on the internet most likely over seas. (I will explain this later)
- They further try to prove a breach by providing your password. Which by the way is a real password.
This is where the hacker creativity comes into play. Over the years there have been significant breaches among very large corporations. Hackers have harvested millions and millions of email addresses and passwords from MySpace, Facebook, Equifax and so many others. To simply pair an email address and a harvested password together into a scam email is actually quite brilliant!
- Finally they prey on your fear by saying they have access to ALL your accounts and contacts.
Fear of the unknown! Do they have access to all your accounts? Is the hacker watching you right now. Did you really do something naughty and could it have been caught on camera? Could they send that image to my contact list?
Fear factor is key. The average user may not be able to tell if this is true or a bluff and may not want to take the risk. What if my wife/husband sees these “images”. What if my employer gets a copy? Some may feel compelled to pay the Bit Coin to save their ass.
How can I protect myself?
You can easily protect yourself by NOT USING THE SAME PASSWORD ON EVERY WEBSITE. I know, every site wants you to login and passwords are hard. Use a program like LAST PASS or KeePass as a vault to protect your passwords.
Check if you had an account that was compromised in a data breach. This site is great for keeping track of the hackers ‘:–have i: been pwned? Simply enter your email address and it will spit out a list of databases you were on when an attack took place.
The site even provides a list of passwords that have also been breached. Check your password against the list (its safe i promise) and if you find your password on the list, DON’T USE IT ANYMORE.
Summary
- The international hacker group did not infiltrate your computer, its a scam
- The hackers did however get your email and password from a previous data breach at some other company / website.
- Change your passwords now! Use unique passwords for every site you visit
- Use Last Pass or Key Pass or similar to keep track of all the new unique passwords you will be using
- Don’t send any money to the hackers, they don’t really have video of you… or do they? hmm LOL
- Check haveibeenpwned.com to see if your password is blown
NOTES:
Here is an actual copy of the message:
8Hello! I'm a member of an international hacker group. As you could probably have guessed, your account joe@jxxxx.com was hacked, because I sent message you from your account. Now I have access to all your accounts! For example, your password for joe@jxxxx.com : mypassword Within a period from July 30, 2018 to October 9, 2018, you were infected by the virus we've created, through an adult website you've visited. So far, we have access to your messages, social media accounts, and messengers. Moreover, we've gotten full damps of these data. We are aware of your little and big secrets... yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know.. But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched! I think you are not interested show this video to your friends, relatives, and your intimate one... Transfer $800 to our Bitcoin wallet: 1GdegtNpYcvoCPsMmyiSkZARDd If you don't know about Bitcoin please input in Google "buy BTC". It's really easy. I guarantee that after that, we'll erase all your "data" :) A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount. Your data will be erased once the money are transferred. If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection. You should always think about your security. We hope this case will teach you to keep secrets. Take care of yourself.
MESSAGE HEADERS:
After examining the message header I could see the sending server IP
Received: from 179.6.203.211 ([179.6.203.211])
A brief IP lookup revealed
Continent: | South America |
---|---|
Country: | Peru |
State/Region: | Lima |
City: | Lima |
Like I said earlier, this message surely did not originate on my workstation.
Remember to practice safe computing!
Thank you for reading my blog,
Joe