Example phishing attempt - bogus try at grabbing $10,000 in BTC

By: (plus.google.com) +David Herron; Date: July 20, 2018

Tags: Phishing » Cyber Security » Security

In the interest of exposing scammers let me share a phishing attempt I just recieved. The email includes a lot of technological-sounding phrases that are a threat to reveal compromising information. The supposed kompromat would be deleted if one sent some BTC to a named address, otherwise it'll be shared to all my friends.

What is Phishing? It's an attempt usually using e-mail to snag cash out of someone. Or, according to (en.wikipedia.org) Wikipedia,

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim.

Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site, the only difference being the URL of the website in concern.[6] Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that distribute malware.

The idea then is that a Phisher is sending bogus messages that appear to be real, hoping that a few people will respond. Phishers will send out large quantities of these messages. With only a few responses one can still make a lot of money.

All bulk advertising - whether fraudulent like phishing or legitimate like your local grocery - is based on the same model. Only a few people will respond to an untargeted ad, but by sending out a large enough number of advertisements the advertiser makes enough sales to justify the effort. Or in the case of a Phisher, they get enough rubes to pay up to justify the effort.

Spearphishing is different in that it's targeted. In a Spearphishing attack, the message will be customized for the recipient and perhaps will have a higher response rate, meaning the target is more likely to respond to a targeted spearphishing attempt. For example the whole attack by Russian agents to steal e-mails from the Democratic National Committee was due to targeted spearphishing e-mails sent to specific DNC members.

The email below had this e-mail address in the From header: Hewitt Holcombe <kjushantalj@outlook.com>

It did show one of my e-mail addresses in the To header.

So... how do I know this is fake?

The email claims to have caught me visiting a pornographic website. However, I do not visit such websites. Therefore, this cannot have caught be doing what it says. Let's take a look at the claims.

It claims to have installed malware on the xxx vids website. Yes, there are known flaws in certain web browsers where malware on a website can infiltrate stuff into the browser. If you, like I do, use only modern web browsers you'll be fairly safe from this as the list of exploits is smaller than for the older browsers.

It goes on to suggest that your browser initiated working as a RDP with a keylogger which provided me with accessibility to your display and web camera. RDP means Remote Desktop, meaning the miscreant supposedly could make a video of what happened on the computer, plus a keylogger supposedly sent keystrokes, and then by accessing the web camera the miscreant has another video stream to capture.

All of that is somewhat possible - but here are a few gotchas the miscreant would have to get past:

  • Security policies generally require approval before granting access to the desktop, keyboard or webcam
  • Capturing video from desktop and webcam is compute intensive. Enough that the user of the computer would likely have noticed "hey, my computer is running slow"
  • Sending two video streams over the Internet would take a lot of bandwidth, which might be noticed ("hey, the internet is running slow")

The threat of capturing contacts from Messenger, Facebook and e-mail -- that's another piece of complexity. How would the miscreants software know whether to check a desktop e-mail client, or an open browser tab into GMAIL or another service? It's not impossible but has a measure of difficulty.

In other words this email throws out a bunch of technobabble that has some plausibility but to implement everything would require quite a degree of sophistication. That's a clue that this is bogus.

Another clue is that doing a web search using phrases from the e-mail results in lots of search hits for similar e-mails as an example of e-mail phishing scams.

As for the Bitcoin part. It's nice and helpful that the miscreant explains to the target how to buy Bitcoin, since so few people know how to buy Bitcoin.

Since Bitcoin transactions are semi-public it's possible to go to the blockchain.info website and search for transactions on any Bitcoin address. (www.blockchain.com) In this case there are no transactions on the given address, which probably means the scammer set up this Bitcoin address just for this phishing attempt.

Lets get straight to the purpose. You may not know me and you're most likely thinking why you are getting this email? Absolutely no one has paid me to check about you.

Well, I placed a malware on the xxx vids (pornographic material) website and there's more, you visited this website to have fun (you know what I mean). While you were watching video clips, your browser initiated working as a RDP with a keylogger which provided me with accessibility to your display and web camera. Just after that, my software gathered all your contacts from your Messenger, FB, as well as e-mailaccount. And then I created a video. 1st part shows the video you were viewing (you have a nice taste hahah), and next part shows the recording of your webcam, & its u.

You actually have a pair of possibilities. We should check out the choices in particulars:

Very first choice is to neglect this e mail. In this instance, I will send your very own video clip to almost all of your personal contacts and then just think regarding the shame you feel. Not to forget should you be in a loving relationship, exactly how it can affect?

Number 2 alternative would be to pay me $10,000. I will regard it as a donation. In this situation, I most certainly will straightaway delete your videotape. You will keep going your life like this never occurred and you are never going to hear back again from me.

You will make the payment by Bitcoin (if you don't know this, search for "how to buy bitcoin" in Google search engine).

BTC Address: 1MKpddcHyZ4hgkZ7Yjn887e7QymgKNTnkP [CASE SENSITIVE copy and paste it]

If you are thinking about going to the authorities, very well, this email message cannot be traced back to me. I have covered my actions. I am just not trying to ask you for money very much, I just like to be paid for. I have a unique pixel within this e-mail, and right now I know that you have read through this email. You have one day to make the payment. If I do not receive the BitCoins, I will send out your video recording to all of your contacts including members of your family, coworkers, and so on. Nevertheless, if I receive the payment, I will destroy the recording right away. This is a nonnegotiable offer, therefore please don't waste my time & yours by responding to this e-mail. If you really want proof, reply Yes then I will certainly send out your video recording to your 8 contacts.

« Getting started with Vue.js application development Second trailer to Doctor Who 2018 season, first step beyond 'Brilliant' »
2016 Election 2018 Elections Acer C720 Ad block Affiliate marketing Air Filters Air Quality Air Quality Monitoring AkashaCMS Amazon Amazon Kindle Amazon Web Services America Amiga and Jon Pertwee Android Anti-Fascism AntiVirus Software Apple Apple Flexgate Apple Hardware History Apple Hardware Mistakes Apple iPhone Apple iPhone Hardware April 1st Arduino ARM Compilation Artificial Intelligence Astronomy Astrophotography Asynchronous Programming Authoritarianism Automated Social Posting AWS DynamoDB AWS Lambda Ayo.JS Bells Law Big Brother Big Data Big Finish Big Science Bitcoin Mining Black Holes Blade Runner Blockchain Blogger Blogging Books Botnets Cassette Tapes Cellphones China China Manufacturing Christopher Eccleston Chrome Chrome Apps Chromebook Chromebox ChromeOS CIA CitiCards Citizen Journalism Civil Liberties Climate Change Clinton Cluster Computing Command Line Tools Comment Systems Computer Accessories Computer Hardware Computer Repair Computers Conservatives Cross Compilation Crouton Cryptocurrency Curiosity Rover Currencies Cyber Security Cybermen Cybersecurity Daleks Darth Vader Data backup Data Formats Data Storage Database Database Backup Databases David Tenant DDoS Botnet Department of Defense Department of Justice Detect Adblocker Developers Editors Digital audio Digital Nomad Digital Photography Diskless Booting Disqus DIY DIY Repair DNP3 Do it yourself Docker Docker MAMP Docker Swarm Doctor Who Doctor Who Paradox Doctor Who Review Drobo Drupal Drupal Themes DVD E-Books E-Readers Early Computers eGPU Election Hacks Electric Bicycles Electric Vehicles Electron Eliminating Jobs for Human Emdebian Encabulators Energy Efficiency Enterprise Node EPUB ESP8266 Ethical Curation Eurovision Event Driven Asynchronous Express Face Recognition Facebook Fake Advertising Fake News Fedora VirtualBox Fifth Doctor File transfer without iTunes FireFly Flash Flickr Fraud Freedom of Speech Front-end Development G Suite Gallifrey Gig Economy git Github GitKraken Gitlab GMAIL Google Google Chrome Google Gnome Google+ Government Spying Great Britain Green Transportation Hate Speech Heat Loss Hibernate High Technology Hoax Science Home Automation HTTP Security HTTPS Human ID I2C Protocol Image Analysis Image Conversion Image Processing ImageMagick In-memory Computing InfluxDB Infrared Thermometers Insulation Internet Internet Advertising Internet Law Internet of Things Internet Policy Internet Privacy iOS iOS Devices iPad iPhone iPhone hacking Iron Man iShowU Audio Capture iTunes Janet Fielding Java JavaFX JavaScript JavaScript Injection JDBC John Simms Journalism Joyent Kaspersky Labs Kext Kindle Kindle Marketplace Large Hadron Collider Lets Encrypt LibreOffice Linux Linux Hints Linux Single Board Computers Logging Mac Mini Mac OS Mac OS X MacBook Pro Machine Learning Machine Readable ID Macintosh macOS macOS High Sierra macOS Kext MacOS X setup Make Money Online Make Money with Gigs March For Our Lives MariaDB Mars Mass Violence Matt Lucas MEADS Anti-Missile Mercurial MERN Stack Michele Gomez Micro Apartments Microsoft Military AI Military Hardware Minification Minimized CSS Minimized HTML Minimized JavaScript Missy Mobile Applications Mobile Computers MODBUS Mondas Monetary System MongoDB Mongoose Monty Python MQTT Music Player Music Streaming MySQL NanoPi Nardole NASA Net Neutrality Network Attached Storage Node Web Development Node.js Node.js Database Node.js Performance Node.js Testing Node.JS Web Development Node.x North Korea npm NVIDIA NY Times Online advertising Online Community Online Fraud Online Journalism Online News Online Photography Online Video Open Media Vault Open Source Open Source and Patents Open Source Governance Open Source Licenses Open Source Software OpenAPI OpenJDK OpenVPN Palmtop PDA Patrick Troughton PayPal Paywalls Personal Flight Peter Capaldi Peter Davison Phishing Photography PHP Plex Plex Media Server Political Protest Politics Postal Service Power Control President Trump Privacy Private E-mail server Production use Public Violence Raspberry Pi Raspberry Pi 3 Raspberry Pi Zero ReactJS Recaptcha Recycling Refurbished Computers Remote Desktop Removable Storage Renewable Energy Republicans Retro Computing Retro-Technology Reviews RFID Rich Internet Applications Right to Repair River Song Robotics Robots Rocket Ships RSS News Readers rsync Russia Russia Troll Factory Russian Hacking Rust SCADA Scheme Science Fiction SD Cards Search Engine Ranking Season 1 Season 10 Season 11 Security Security Cameras Server-side JavaScript Serverless Framework Servers Shell Scripts Silence Simsimi Skype SmugMug Social Media Social Media Networks Social Media Warfare Social Network Management Social Networks Software Development Software Patents Space Flight Space Ship Reuse Space Ships SpaceX Spear Phishing Spring Spring Boot Spy Satellites SQLite3 SSD Drives SSD upgrade SSH SSH Key SSL Stand For Truth Strange Parts Swagger Synchronizing Files Tegan Jovanka Telescopes Terrorism The Cybermen The Daleks The Master Time-Series Database Tom Baker Torchwood Total Information Awareness Trump Trump Administration Trump Campaign Twitter Ubuntu Udemy UDOO US Department of Defense Video editing Virtual Private Networks VirtualBox VLC VNC VOIP Vue.js Walmart Weapons Systems Web Applications Web Developer Resources Web Development Web Development Tools Web Marketing Webpack Website Advertising Website Business Models Weeping Angels WhatsApp William Hartnell Window Insulation Windows Windows Alternatives Wordpress World Wide Web Yahoo YouTube YouTube Monetization