Phishing

One of the latest email phishing scams claims that a hacker has cracked your email and device a few months ago. It claims that you entered a password on one of the sites you visited and that they intercepted it. The email message then shows you your password at the moment of the alleged hack.

hacker cracked email scam

If you received an email message that says “I’m a hacker who cracked your email and device a few months ago” and appears to be sent to you from your own email address, ignore it. The message is fraudulent and no one actually hacked your email account and device.

The email message might be frightening because it will appear as if it was sent from your own account and your password (previous password or current password) will be mentioned numerous times.

 

The purpose of the email is to trick you into paying a certain amount of Bitcoin to a BTC wallet (1YnYAxprVrTo1WzPPzMo86ste5Ssp4xsy or other) in order to erase data they claim to have collected about you.

The email says that you have 48 hours to make a payment and if you do not they will send all of your contacts “crazy shows from your dark secret life.” They also claim that your device will be blocked with some sort of ransomware.

Email message campaigns like this have been making circulation following recent breaches that occurred on websites like LinkedIn and Adobe. To see where your email information may have been leaked from check out https://haveibeenpwned.com/. You can input your email address to locate where your information was leaked.

hacker who cracked your email and device email

Here’s what is written in the current email campaign:

Subject: I’m crack [your email address removed], password (password removed) for [your email address removed] is compromised, or Mail delivery failed: returning message to sender
From [your email address removed]
To [your password removed]
Hello!

I’m a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from [removed] on moment of hack: [removed]

Of course you can will change it, or already changed it.
But it doesn’t matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I’ve never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!
BUT I’m sure you don’t want it.

Therefore, I expect payment from you for my silence.
I think $897 is an acceptable price for it!

Pay with Bitcoin.
My BTC wallet: 1YnYAxprVrTo1WzPPzMo86ste5Ssp4xsy

If you do not know how to do this – enter into Google “how to transfer money to a bitcoin wallet”. It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.
If this does not happen – all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)

Do not be silly!
Police or friends won’t help you for sure …

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.
Farewell.

As you can see, the email can appear legitimate to many people. But, the same message has been sent around the internet to many people (word-for word) and there have been many campaigns like it in the past. Even if you have never visited a “piquant” website, you will still receive the same message. Even if your device does not have a camera, they will still claim to have recorded you through your camera.

Do not pay the BTC and do not reply to the scammers. The only thing you need to do is change the password to your email address and other accounts you have for safe measure.

Always Be On Alert For Phishing Attacks

What is phishing?

Phishing is the attempt to obtain sensitive information such as usernames, passwords, social security numbers, and financial information, often for malicious reasons.   These attacks are often initiated by organized cyber-crime groups that will impersonate a trustworthy entity in an electronic communication.  The attempts have become more sophisticated, and they are capable of achieving high levels of apparent credibility by leveraging public information, such as email addresses.

Our spam mail filters remove many of these messages before they enter inboxes, but it does not eliminate, the threat to our community. 

The community also has a role to play. Education and awareness are the keys to protecting yourself and your private information.

 

How to detect a phishing message

To identify a phishing attack, look out for these red flags:

  • Links in the email. Beware of links contained within the message. These links can direct you to spoofed web pages or download harmful files on your system. Try resting your mouse over the link before you click on it to ensure that the address matches the link that was typed. You can always check the legitimacy of a message by going directly to the company or organization website or contacting them via phone.
  • Attachments. Hovering over an attachment usually produces additional information about what it is.  A document that looks like it has a name “something.pdf” might actually be a file “something.exe.”  An .exe extension means the attachment is actually a software program that you execute and is extremely dangerous; it can cause computer infection and data loss.
  • Urgent requests. Phishing attacks are meant to induce panic in the receiver. Legitimate companies and organizations would never send these types of alerts through insecure channels like email.
  • Bad spelling or grammar. Phishing messages are notorious for containing misspelled words or poor grammar. Professional companies or organizations most often have staff that will not allow mass emails to go out with these mistakes.
  • Unexpected requests regarding personal information. If the email received is an unexpected request for information, do not respond. In general, you should be extremely wary of following links or answering questions from contacts you did not initiate. Emails regarding password resets, account expirations, or confirmations will always be initiated on the part of the user first.

Always be suspicious of any email with the characteristics listed above.  In general, you should never volunteer confidential or personal information based on any contact that you did not explicitly initiate.