I got an email this morning. Nothing unusual about that, I get lots, but this one stuck out. It was in my spam folder and the subject line was: "Security Warning."
"Got to take that seriously" I thought to myself. So I opened it. Here's the text:
"Hi, dear user of harryadney.com
We have installed one RAT software into you device.
For this moment your email account is hacked (see on <from address>, I messaged you from your account).
Your password for firstname.lastname@example.org: redacted
I have downloaded all confidential information from your system and I got some more evidence.
The most interesting moment that I have discovered are videos records where you masturbating.
I posted my virus on porn site, and then you installed it on your operation system.
When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device.
After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose.
For the moment, the software has collected all your contact information from social networks and email addresses.
If you need to erase all of your collected data, send me $800 in BTC (crypto currency).
This is my Bitcoin wallet: 1PuYAe7BLxNE6F6zE2PeVthfXCeYH88PmQ
You have 48 hours after reading this letter.
After your transaction I will erase all your data.
Otherwise, I will send video with your pranks to all your colleagues and friends!!!
And henceforth be more careful!
Please visit only secure sites!
So after I stopped laughing I thought I'd do some checking. First I went to my usual search engine and typed in "We have installed one RAT software into you device" as it's quite specific; notice the misuse of the word "you" instead of "your". I put it in quotation marks so that Google returned results with exactly that sentence. The search results were interesting, though not too surprising and a bit sad really, when you think about it.
Ten results dating from the first of October this year. Hmmm.
Next, lets check the bitcoin address: aha! seven results this time, all of them from either reporting websites, such as the bitcoin abuse database, or from people who were asking for help. Next I went to blockchain.com, which records transactions to and from bitcoin addresses. Now, it doesn't tell you who has access to those addresses, just that transactions have taken place, and how much. At the time of writing, 3 people had made transactions of between $721 and $798, (£556 and £615) with a current total of over $2,315 (£1,784).
So, if you get one of these emails, you know what to do and not do:
DO: check to see if it's a phishing attempt;
DON'T: pay. It just encourages them, it's probably fake and there's no guarantee that if it isn't fake, that you'll get your video/images/documents etc back anyway.
As the "phisherman" wrote: be more careful, and only visit secure sites.
Tuesday, October 2, 2018
Powered by WHMCompleteSolution