June 12, 2019

New spam threats and new protection

Learn how to spot a spam email and how to protect yourself from threats

Spam emails, Malware emails, Extortion emails: there are thousands of new attempts on your security every year. Some succeed in their malicious design, some are more obvious and easily dismissed.

Below is a new spam email attempting to extort money from you. The difference with this new type of threat is that they may succeed in a very personal way.

Network hardware is only one step in the attack against these malicious doers and we can help. We offer Enterprise level equipment and hardware security at below average prices!


Good Afternoon – We Have Your Password

One of the latest email scams is set out to extort your hard earned money, and it’s doing a good job. We’ve all heard of the data breaches that happen to large corporations, and when that happens the information is sold to the less scrupulous people of the world.

The latest email attempt involves this sold data and your real passwords. There’s a new Bitcoin blackmail scam circulating — this time based on passwords from website breaches. This extortion email is likely to be far more effective because it contains sensitive data that only you would know, which will cause an expected level of concern when the email is opened.

Below is an example of one of these emails. Note that the XXXXXXX marks a real password that the recipient has used at some point in their history.


From: Bevin Vasi <msxnicolsl@outlook.com

To: augie@ [redacted]

Subject: Augie – XXXXXXX

I do know, XXXXXXX, is your password. You do not know me and you’re most likely wondering why you are getting this email, right?

In fact, I actually placed a malware on the adult vids (porno) website and guess what, you visited this site to experience fun (you know what I mean). While you were watching videos, your browser began operating as a RDP (Remote control Desktop) having a key logger which provided me access to your display screen and also cam. Immediately after that, my software gathered all your contacts from your Messenger, FB, as well as email.

What did I do?

I created a double-screen video. 1st part displays the video you were viewing (you’ve got a nice taste rofl), and second part shows the recording of your cam.

Exactly what should you do?

Well, I believe, $2900 is a reasonable price for our little secret. You will make the payment via Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 12xeEyz3AAnhXnAT98xorPMJHNHmxA2pmM

(It is cAsE sensitive, so copy and paste it)

Note:

You now have one day in order to make the payment. (I’ve a special pixel within this email, and at this moment I know that you have read this mail). If I don’t get the BitCoins, I will definitely send out your video recording to all of your contacts including family members, coworkers, and so on. Nevertheless, if I receive the payment, I’ll erase the video immediately. If you want to have proof, reply with “Yes!” and I definitely will send your video to your 11 contacts. It is a non-negotiable offer, so please do not waste my time and yours by responding to this mail.

Of course, the key to the response here is that the email and its subject line include an actual password you used in the past. (Some data breaches have included user emails and plain text password lists; those lists are obviously for sale by unscrupulous individuals, which makes it easy to generate emails like this.) Since many people unwisely use the same password on multiple sites, this ploy immediately gets your attention.

There are a couple of things to do if you receive this email:

1) Run a virus scan, I know that above I mentioned these passwords are highly likely to be received from a security breach on a website you’ve used in the past, but running a virus scan never hurts prior to resetting passwords.

2) Try to recall anywhere that you’ve used the listed password and reset it on those websites and services.

3) Visit https://haveibeenpwned.com/ and type in items such as your email addresses and it will find if there are any public security breaches that have involved your email. If so, change those passwords.

While this email is among thousands of other phishing schemes, it seems far more real since they send you a real password you’ve used. Not to worry though, there’s no need to pay the ransom that they’re asking. Just make sure to follow the steps above and you should be well taken care of!

Security You Can Count On

Your firewall is your first defense from outside invasion into your company, and it’s not the place to cut corners.

Using the latest technology to secure your network we offer comprehensive enterprise level hardware, without the enterprise level cost.

Let us help you stay safe from the outside world, contact us today for more information and see how we can help your data stay safe!

We want to help your business succeed as your trusted IT partner.

Schedule your free consultation