We’re not even past the first week of December and I’ve got another nasty example for you, this time courtesy of APE teacher Tara McCarthy.
Sent: Monday, December 3, 2018 5:21 AM
To: Tara McCarthy
Subject: Security Alert. email@example.com was compromised. Password must be changed.
I have very bad news for you.
09/08/2018 – on this day I hacked your OS and got full access to your account firstname.lastname@example.org
So, you can change the password, yes… But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I’m talk you about sites for adults.
I want to say – you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea….
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!
I’m know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $785 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 182PJESsEWbuJ8PEgfM58p64jbok3i1gNU
You do not know how to use bitcoins?
Enter a query in any search engine: “how to replenish btc wallet”.
It’s extremely easy
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.
After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.
I hope you understand your situation.
– Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
– Do not try to contact me (this is not feasible, I sent you an email from your account)
– Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just do my job.
Wow. This email is unusual and that makes it pretty scary. I’ve never even gotten a message like this before. Now let’s get this out of the way: the message is fake, and Tara wasn’t actually hacked. Let’s note some details that make this attack so insidious.
- The email appears to be sent by the victim. The message even brags about this fact: “Do not try to contact me (this is not feasible, I sent you an email from your account).” This lends credibility to the attack message.
- The email contains the victim’s email address in the message body itself. That by itself means that the attacker spent a little bit of time customizing the message, again making the attack seem more believable.
- The email goes into great detail about how the attack happened… and it’s actually a pretty accurate description of a possible attack. Home routers are notoriously insecure.
- The message preys upon a victim’s guilty conscience. It’s not polite to say, but porn isn’t exactly a rare activity. If by a chance a victim indulged in that pastime, they might have even more reason to panic and pay the ransom.
If you’re confronted with an email like this, there’s some basic things you can do to confirm whether or not you should be worried.
- Google part of the message. Usually you’ll be able to find dozens of people who have received the same exact message. Some websites will give you the full scoop on what kind of attack it is, how dangerous it is, and what you should do about it. In this case, I found Tara’s email on techlicious.com (lots of ads – sorry – but good info).
- Check the message header. If you’re worried that someone hacked your email account and sent the message as you, you can probably relax. Much more common is “spoofing” the sender’s email address, i.e., disguising it as a different one. To verify that, in Outlook Web, click on the arrow next to the “Reply” button and select “View Message Details.” You will see a lot of gobbledegook, but buried in there is some important info.
See how it says, “Received-SPF: Fail?” Our “casedupage.com” domain keeps track of who is and who isn’t permitted to send messages using its name. Also see the IP address: 184.108.40.206? The header reveals where the message is really from (maybe, maybe not). In this case, plugging in that address into https://www.iplocation.net/ reveals that it comes from the Philippines.
- Ask me. I can give you a good idea of whether it’s time to change your account password or anything else.
- As always, check your security practices. It might not be a bad idea to review my Security Awareness Best Practices video: https://youtu.be/daAhLG4VlJA