Ai primit cumva un mail, aparent de pe adresa ta, cu subiectul:
In care pretinsul hacker sustine ca ti-a spart adresa cu mai mult timp in urma, ca a instalat malware pe “calculator” sau pe “router” si ca a strans date compromitatoare pe care le va distribui la toti cunoscutii tai daca nu ii trimiti o suma de $350 – $1200 in bitcoin ?
Hi, victim! I'm a member of an international hacker group. As you could probably have guessed, your account <redacted> was hacked, because I sent message you from it. Now I have access to you accounts! For example, your password for <redacted> is <redacted> Within a period from July 17, 2018 to October 3, 2018, you were infected by the virus we've created, through an adult website you've visited. So far, we have access to your messages, social media accounts, and messengers. Moreover, we've gotten full damps of these data. We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know.. But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched! I think you are not interested show this video to your friends, relatives, and your intimate one... Transfer $800 to our Bitcoin wallet: <redacted> If you don't know about Bitcoin please input in Google "buy BTC". It's really easy. I guarantee that after that, we'll erase all your "data" :) A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount. Your data will be erased once the money are transferred.If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection. You should always think about your security. We hope this case will teach you to keep secrets. Take care of yourself.
Ce se intampla ?
Nu este cazul sa iti faci griji, contul de mail nu a fost spart iar amenintarile sunt gratuite. In ultimele luni s-a intensificat pe internet o campanie de santaj (in genul celei de mai sus) trimisa prin servere de SPAM. Mai precis, daca pina acum spammerii se limitau sa trimita doar mailuri prin care sa vanda diverse produse, (lucru care a devenit din ce in ce mai putin rentabil pt. ei), acum se intrec intre ei incercand sa speculeze diverse emotii pentru a li se trimite direct banii. Evident, cine trimite mai repede si mai multe mailuri are cel mai mult de castigat: daca un spammer trimite la 100 milioane de adrese si doar 1 din 10.000 de oameni plateste $500, rezulta un profit de 5 milioane dolari !! Mailul in sine nu este virusat, nu contine malware si are sute de variatii ( vezi mai jos mai multe exemple ) pentru a nu fi detectat de filtrele antivirus/antispam.
De ce tocmai mie ?
Dupa cum spuneam, spammerul (aka hacker/programator) nu te cunoaste si nu are nimic cu tine. Adresa ta de mail este doar o mica inregistrare intr-o imensa baza de date de SPAM. Baza ce contine la gramada si adrese impersonale de genul email@example.com, firstname.lastname@example.org, email@example.com sau chiar spamtrap-uri.
O adresa de e-mail, cu cat este mai veche si mai folosita cu atat are mai mari sanse sa fie colectata de spammeri. Un caz aparte este colectarea din dump-urile cu password leaks – site-uri pe care te-ai inregistrat cu adresa respectiva, iar site-ul a fost compromis intre timp (de exemplu LinkedIn).
Ce trebuie sa fac ?
1. Nu intra in legatura cu ei (raspuns la mail, etc)
2. Nu le plati nici o suma de bani
3. Verifica pe haveibeenpwned.com de unde a fost furata adresa respectiva si ce alte date mai au despre tine
4. Raporteaza mailul ca spam la spamcop.net
5. Raporteaza mailul ca cybercrime autoritatilor
6. Raporteaza adresa de bitcoin a spammerului la bitcoinabuse.com
7. Marcheaza mailul ca SPAM sau sterge-l
8. Ca masura de siguranta, daca mailul continea o parola, schimba acea parola pe toate site-urile pe care este ea folosita. Ai grija sa folosesti parole diferite la servicii diferite.
Dintre toate, doar primele si ultimele puncte sunt importante, restul sunt optionale. In plus, noi iti recomandam, sa folosesti doar software cu licenta, sa faci update zilnic la sistemul de operare, antivirus si aplicatiile folosite, sa ai instalat un anti-malware, sa folosesti un manager de parole si sa nu faci click pe atasamente sau linkuri dubioase din email. Lasa-ti mailul pe maini bune si te vom rasfata cu un suport exceptional!
Daca ti-a placut articolul, lasa-ne un comentariu si o sa ne incurajezi sa facem o miniserie. Daca ti-a folosit, da-l mai departe !
Alte exemple de santaj prin SPAM:
Hi, victim. I know your password - <redacted> That is my last warning. I write you inasmuch as I put a trojan on the net page with pornography which you have visited. My spyware grabbed all your individual information and switched on your webcam which captured the procedure of one's masturbation. Soon after that trojan saved your contact list. I'll remove the compromising movie and data if you pay me 600 USD in bitcoin. This is wallet address for payment : <redacted> (you can google on "how to buy bitcoin") I give you twenty four hours once you see my message to make the payment. The moment you see the email I'll know it right away. It is not essential to share with me that you've delivered BTC to me. That address is linked to you, my script will eliminate every thing immediately after transfer confirmation. You are able to go to the police but no-one can't help you. In the event that you try to cheat me, I'll notice it instantly! I do not live in your country. So nobody can not monitor my area even for 9 months. Don't forget about the disgrace. Your life could be ruined.
I'm a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it. Your password from <victim_email> on moment of crack: <redacted>. Of course you can will change your password, or already made it. But it doesn't matter, my rat software update it every time. Please don't try to contact me or find me, it is impossible, since I sent you an email from your email account. Through your e-mail, I uploaded malicious code to your Operation System. I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources. Also I installed a rat software on your device and long tome spying for you. You are not my only victim, I usually lock devices and ask for a ransom. But I was struck by the sites of intimate content that you very often visit. I am in shock of your reach fantasies! Wow! I've never seen anything like this! I did not even know that SUCH content could be so exciting! So, when you had fun on intime sites (you know what I mean!) I made screenshot with using my program from your camera of yours device. After that, I jointed them to the content of the currently viewed site. Will be funny when I send these photos to your contacts! And if your relatives see it? BUT I'm sure you don't want it. I definitely would not want to ... I will not do this if you pay me a little amount. I think $795 is a nice price for it! I accept only Bitcoins. My BTC wallet: <redacted> If you have difficulty with this - Ask Google "how to make a payment on a bitcoin wallet". It's easy. After receiving the above amount, all your data will be immediately removed automatically. My virus will also will be destroy itself from your operating system. My Trojan have auto alert, after this email is looked, I will be know it! You have 2 days (48 hours) for make a payment. If this does not happen - all your contacts will get crazy shots with your dirty life! And so that you do not obstruct me, your device will be locked (also after 48 hours). Do not take this frivolously! This is the last warning! Various security services or antiviruses won't help you for sure (I have already collected all your data). Here are the recommendations of a professional: Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites! I hope you will be prudent. Bye.
I greet you! I have bad news for you. 11/08/2018 - on this day I hacked your operating system and got full access to your account <redacted>. It is useless to change the password, my malware intercepts it every time. How it was: In the software of the router to which you were connected that day, there was a vulnerability. I first hacked this router and placed my malicious code on it. When you entered in the Internet, my trojan was installed on the operating system of your device. After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts). A month ago, I wanted to lock your device and ask for a small amount of money to unlock. But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources. I'm talking about sites for adults. I want to say - you are a big pervert. You have unbridled fantasy! After that, an idea came to my mind. I made a screenshot of the intimate website where you have fun (you know what it is about, right?). After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate. I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues. I think $840 is a very small amount for my silence. Besides, I spent a lot of time on you! I accept money only in Bitcoins. My BTC wallet: <redacted> You do not know how to replenish a Bitcoin wallet? In any search engine write "how to send money to btc wallet". It's easier than send money to a credit card! For payment you have a little more than two days (exactly 50 hours). Do not worry, the timer will start at the moment when you open this letter. Yes, yes .. it has already started! After payment, my virus and dirty photos with you self-destruct automatically. Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your "joys". I want you to be prudent. - Do not try to find and destroy my virus! (All your data is already uploaded to a remote server) - Do not try to contact me (this is not feasible, I sent you an email from your account) - Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server. P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim. This is a hacker code of honor. From now on, I advise you to use good antiviruses and update them regularly (several times a day)! Don't be mad at me, everyone has their own work. Farewell.
Hello! I'm a hacker who cracked your email and device a few months ago. You entered a password on one of the sites you visited, and I intercepted it. Of course you can will change it, or already changed it. But it doesn't matter, my malware updated it every time. Do not try to contact me or find me, it is impossible, since I sent you an email from your account. Through your email, I uploaded malicious code to your Operation System. I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources. Also I installed a Trojan on your device and long tome spying for you. You are not my only victim, I usually lock computers and ask for a ransom. But I was struck by the sites of intimate content that you often visit. I am in shock of your fantasies! I've never seen anything like this! So, when you had fun on piquant sites (you know what I mean!) I made screenshot with using my program from your camera of yours device. After that, I combined them to the content of the currently viewed site. There will be laughter when I send these photos to your contacts! BUT I'm sure you don't want it. Therefore, I expect payment from you for my silence. I think $889 is an acceptable price for it! Pay with Bitcoin. My BTC wallet: <redacted>. If you do not know how to do this - enter into Google "how to transfer money to a bitcoin wallet". It is not difficult. After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system. My Trojan have auto alert, after this email is read, I will be know it! I give you 2 days (48 hours) to make a payment. If this does not happen - all your contacts will get crazy shots from your dark secret life! And so that you do not obstruct, your device will be blocked (also after 48 hours) Do not be silly! Police or friends won't help you for sure ... p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites. I hope for your prudence. Farewell.
Hi, my prey. THIS IS MY LAST WARNING! I write you since I attached a virus on the web site with pornography which you have viewed. My malware grabbed all your personal information and turned on your camera which captured the process of your onanism. Just after that the soft saved your contact list. I will erase the compromising video and data if you send me 500 USD in bitcoin. This is wallet address for payment: <redacted>. I give you 30 hours after you open my report for making the transaction. As soon as you read the message I'll know it right away. It is not necessary to tell me that you have sent money to me. This wallet address is connected to you, my system will delete everything automatically after transfer confirmation. If you need 50h just Open the calculator on your desktop and press +++ If you don't pay, I'll send dirt to all your contacts. Let me remind you-I see what you're doing! You can visit the police station but nobody can't help you. If you try to cheat me , I'll know it right away! I don't live in your country. So anyone can not find my location even for 9 months. bye. Don't forget about the disgrace and to ignore, Your life can be ruined.
Hello! My nickname in darknet is des53. I hacked this mailbox more than six months ago. Through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time. Even if you changed the password after that – it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me. I have access to all your accounts, social networks, email, browsing history. Accordingly, I have the data of all your contacts, files from your computer, photos and videos. I was most struck by the adult sites that you occasionally visit. You have a very wild imagination, I tell you! During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching. Oh my god! You were so funny and excited! I think that you do not want all your contacts to get these files, right? If you are of the same opinion, then I think that $880 is quite a fair price to destroy the dirt I created. Send the above amount to my Bitcoin wallet: <redacted> As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it. Otherwise, these files and history of visiting sites will get all your contacts from your device. Also, I’ll send to everyone your contact access to your email and access logs, which I have carefully saved. Since reading this letter you have 48 hours! After your reading this message, I’ll receive an automatic notification that you have seen the letter. I hope I taught you a good lesson. Visit safe websites only, and don’t enter your passwords anywhere! Good luck!
Dear user of <redacted>! I am a spyware software developer. Your account has been hacked by me in the summer of 2018. I understand that it is hard to believe, but here is my evidence (I sent you this email from your account). The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296). I went around the security system in the router, installed an exploit there. When you went online, my exploit downloaded my malicious code (rootkit) to your device. This is driver software, I constantly updated it, so your antivirus is silent all time. Since then I have been following you (I can connect to your device via the VNC protocol). That is, I can see absolutely everything that you do, view and download your files and any data to yourself. I also have access to the camera on your device, and I periodically take photos and videos with you. At the moment, I have harvested a solid dirt... on you... I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit. I note that it is useless to change the passwords. My malware update passwords from your accounts every times. I know what you like hard funs (adult sites). Oh, yes .. I'm know your secret life, which you are hiding from everyone. Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... :) I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera. Believe it turned out very high quality! So, to the business! I'm sure you don't want to show these files and visiting history to all your contacts. Transfer $840 to my Bitcoin cryptocurrency wallet: <redacted> Just copy and paste the wallet number when transferring. If you do not know how to do this - ask Google. My system automatically recognizes the translation. As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system. Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position. You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it. Since opening this letter you have 48 hours. If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material. I advise you to remain prudent and not engage in nonsense (all files on my server). Good luck!