Anatomy of a Scam E-Mail

By Rick
on March 7, 2019

I'm fairly sure that I've been contacted by nearly everyone I've ever worked for about this scam e-mail that's been doing the rounds. Here's what it looks like:

Example:

This account was hacked! Change your password right now! 
You do not know me me and you may be definitely surprised why you are getting this e-mail, right? 
I am ahacker who openedyour emailand all devicessome time ago. 
Don't try out to communicate with me or look for me, in fact it's impossible, considering that I sent you this message from YOUR account that I've hacked. 
I set up virus to the adult vids (porno) website and guess that you watched this site to have some fun (you understand what I mean). 
While you have been watching these "great" vids, your internet browser began operating as a RDP (Remote Control) that have a keylogger that gave me permission to access your display and web camera. 
Then, my softwarestoleall info. 
You have typed passwords on the online resources you visited, and I already caught all of them. 
Of course, you'll be able to modify them, or possibly already modified them. 
But it really does not matter, my malware updates it every 5 minutes. 
And what did I do? 
I got a backup of every your system. Of all the files and contact lists. 
I formed a dual-screen movie. The first screen shows the video that you were observing (you have got a good taste, ahah...), and the 2nd screen reveals the movie from your own web camera. 
What do you have to do? 
Good, I think, 1000 USD is a inexpensive price for our little riddle. You will make the deposit by bitcoins (if you do not understand this, search “how to purchase bitcoin” in any search engine). 
My bitcoin wallet address: 
XXXXXXXXXXXXXXXXXXXXXXX
(It is cAsE sensitive, so just copy and paste it). 
Important: 
You will have 48 hours to make the payment. (I built in an unique pixel in this email, and right now I know that you've read through this email). 
To trackthe reading of a letterand the activityinside it, I usea Facebook pixel. Thanks to them. (The stuff thatis appliedfor the authorities might actually helpus.) If I do not get bitcoins, I'll immediately transfer your video files to all your contacts, such as relatives, colleagues, and many more? 

Hilarious?

Yes, if you know enough to know it's not true. However, if you have been accessing these kind of sites, even accidentally, it could be very worrying. The even more worrying thing is that it appears to have been sent from your own email address. They did this by spoofing your address, which is very simple to do.

Every email contains a block of code called a header. If you know how to open the e-mail headers you should be able to see a lot of information where it's come from (things like the IP address or the address which routed the email to you). The example above came from an email server in Poland.

True?

No, whilst it's not impossible for someone to have accessed your computer, but it's highly unlikely this is genuine.

What do you need to do?

If you're worried that your computer, e-mail, or other service that you use has been compromised, change your password. Particularly applications that are allowed to access your webcam.

Make sure all passwords are a combination of numbers, non-dictionary words and special characters. Preferably use a password manager such as 1password (my preferred), Dashlane or Lastpass. (Blog about password managers coming up).

What not to do?

Don't reply (you won't be able to anyway) or pay anything.

How to prevent it?

If you're using a personal e-mail provider (like hotmail, gmail or outlook.com) you're at the mercy of the providers spam control software, so the only thing you can do is run 3rd party spam software on your computer which is only possible if you access your mail using an app (like outlook or mac mail). Some antivirus programs have spam protection built in.

More Technical Options

If you do have your own domain you can configure an SPF record (sender policy framework) or DKIM (DomainKeys Identified Mail). If that's beyond your expertise, you can ask your domain provider or systems administrator to do that for you.

Other Tips

Check the actual e-mail address.

A common trick is to change the name that is presented on sent e-mail to match the e-mail address. If you right click the name you should be able to view the address the email was actually sent from.

Check the links

See this screenshot below, you can see the link to what looks like a genuine Netflix website, but if you hover you mouse over the link (don't click) you'll notice it's going... elsewhere.

Hope you found this helpful, feel free to get in touch if you've any other examples or want to send me a message that you're unsure about.

Leave a Reply

ABOUT

Blackdog Media is based in Belfast N. Ireland offering web design and technical support for small to medium size businesses.

BLACKDOG MEDIA

All content (images and written text) on this site is copyright Blackdog Media 2019 and may not be reproduced without prior consent.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram
%d bloggers like this: