If the headline above frightened or at least alarmed you, that means you really can fall prey of this cybercrime. Because it is a bit different from others. While the perpetrators usually aim at a vulnerability of your PC, this attack targets vulnerabilities of your mind. Throughout the crooks use no malware, it lets them empty pockets of thousands victims. Many users have already fallen prey of this cybercrime combined of scam, porn, blackmail and cyber technologies.
Here the freshest example.
Comodo specialists detected 9382 malicious emails sent to potential victims. The crooks used the impressive amount of 8590 IPs for spreading the emails – the eloquent fact sharply demonstrating the massive scope of the attack.
What were inside these criminal emails?
Just message. But this message made thousands of people to open their wallets in benefit of the crooks.
The message begins with the stunning statement (spelling is kept):
“I do know hafizah is your passphrase. Lets get right to the point. You do not know me and you are most likely thinking why you are getting this e-mail? Not one person has compensated me to investigate about you.
actually, I setup a malware on the xxx videos (sex sites) site and do you know what, you visited this website to experience fun (you know what I mean). When you were watching video clips, your internet browser started out functioning as a RDP that has a key logger which gave me access to your screen and web camera. Immediately after that, my software obtained your complete contacts from your Messenger, Facebook, as well as emailaccount. After that I created a double video. 1st part shows the video you were watching (you have a good taste haha . . .), and 2nd part displays the recording of yourweb cam, & it is you.
You got two alternatives. Lets study these options in details:
Very first solution is to ignore this email message. In that case, I most certainly will send out your actual tape to almost all of your contacts and also visualize regarding the awkwardness you will get. Not to mention if you are in an affair, just how it will certainly affect?
Next choice would be to pay me $4000. Lets think of it as a donation. Then, I most certainly will straightaway delete your video footage. You could continue your life like this never took place and you never will hear back again from me.
You’ll make the payment through Bitcoin (if you do not know this, search for “how to buy bitcoin” in Google).
BTC Address: 13JtJDtepN4MARpKbDrWADpd592seKW1kj
[CASE SENSITIVE copy & paste it]
In case you are thinking about going to the cops, okay, this email cannot be traced back to me. I have taken care of my actions. I am also not attempting to ask you for much, I simply prefer to be paid.
You now have one day to make the payment. I’ve a specific pixel within this mail, and at this moment I know that you have read through this email message. If I don’t get the BitCoins, I will definately send your video recording to all of your contacts including family members, coworkers, and many others. However, if I receive the payment, I’ll destroy the video immediately. If you want proof, reply Yea! then I will certainly send out your video to your 11 friends. This is a nonnegotiable offer, and thus do not waste my personal time & yours by responding to this email message”.
Looks frightening, doesn’t it? And it’s not surprising: they call your real password right from the beginning, so they must had been really hacked you, right? More of that, they described how exactly they hacked you in details. They “setup a malware on the xxx videos (sex sites)” and turned your internet browser “in an RDP that has a key logger which gave me access to your screen and web camera”. And they even have all “contacts from your Messenger, Facebook, as well as email account”.
So it seems it’s not a hoax. They can really send this terrible video to all your friends… your coworkers… your boss … your friends … your lover… You’re breaking into cold sweet, your heart starts racing, you’re short of breath. You feverishly effort to prevent this horror, and the only reason to get rid of all that is to pay the attacker. So you rush to google how to make a payment in Bitcoins and …
Stop! You can relax. All this is nonsense. Nobody has implanted a malware in “xxx videos”. Your browser has never turned into “RDP that has a keylogger” (by the way, what a rubbish!). And nobody has stolen your contacts.
But… what about the password? How did they know it if they didn’t hack you?
Most likely, they found it in a database dump bought in Darknet. There are plenty of such dumps derived from databases hacked by cybercriminals. For example, in the past you could use the password for signing in to an online shop. After that, the shop’s database was hacked and sold via Darknet.
So aren’t you under threat?
No way. All you should do is just deleting the email and change the burned password if you still use it. Ah… also, you can laugh at your worries.
This email is just a scam that tries to exploits your emotions. Manipulating the feelings of guilty, shame and fear, it makes victims open their wallets. The text includes professional psychological tricks to manipulate the readers, so it’s hard for many people to resist its influence. That’s why, throughout it’s definitely a soap-bubble from technical point of view, it should be taken as a serious threat. And no doubt, many cybercriminals will use it in the nearest future.
What’s interesting, the scam emails intercepted by Comodo technologies were sent from different domains. The first was yahoo.jp and the others were from the range formed by the pattern “smith + numbers iterating from 1 to 999” + .edu”. The similar pattern was used in the email addresses with domain yahoo.jp. Actually, it’s much easier to understand by seeing than reading, so just have a look at the picture below:
Throughout all the emails include “Aaron Smith” name, the content of the emails is a bit different sometimes. Here are two other examples of the emails.
As you can see, the discrepancies are not significant and relate to some words and phrases changing. For example, “if you are making plans for going to the police” is changed for “in case you are thinking about going to the cops” etc. These changes do not alternate the sense of the message and, obviously, are created to bypass security filters. Another distinction is different Bitcoin wallets addresses. The aim is obviously the same – avoid putting all eggs in one basket. If one wallet is blocked, the others will continue gaining criminal profit. And it’s one more evidence – along with the crafted text and wide attacking IPs range – that the attack was prepared carefully.
The details of the attack
The attack started on October 09, 2018 at 7:31:36 UTC and ended on October 26, 2018 at 12:09:30 UTC. The emails was send by little chunks from 8590 IPs of 159 countries around the world.
The top 5 countries involved in the attack and the number of the emails sent from each country.
The heatmap of the attack
“This attack sharply indicates that sophistication of cyber fraud grows as well as malware- based cyberattacks”, says Fatih Orhan, the Head of Comodo Threat Research Labs.” “In the past we got used to think that scam in the Internet is something like Nigerian scam easy detectable by any reasonable person and something not to take too seriously. However, this case is much harder. Actually, the criminals’ message can be compared to a trojan for human minds. The scammers play on the people’s fear of cybercriminals — the description of how they “hacked” the victims looks very plausible, because it’s very similar to what people read in media or see on TV about malicious hackers. This plausibility helps to bypass victims’ critical thinking. And like real trojan, this psychological malware takes control on a victim’s mind and make her to pay the crooks. I’m glad that Comodo technologies helped to secure thousands people from this dangerous scam”.
First published at Blog Comodo.