Fake Hacked Account Emails

I’ve seen a few of these recently. It’s an email from someone claiming to be a hacker and claiming to have hacked your accounts. And of course they ask for money.

The email is generic, they send the same email to millions of people hoping to catch someone gullable. And in an interesting twist, sometimes they show you your password in the email. What they’ve done is find a dump of real hacked accounts (from another hacker) and send everyone on the list an email asking for money.

Here’s one such email:

Good Day,
Your system was compromised! To show you i have FULL access to your device i sent you this message from YOUR own account (___). You need to read this COMPLETE email to find out how this happened and what to do about it.
You visit xxx sites fairly often, one of these websites was inserted by my computer virus. This virus installed onto your system, granting me FULL access to your device. I download all your email and social media contacts and all your data to my server.
Also, from time to time i activated your camera and recorded some nice videos of you while you “pleased” yourself watching xxx sites. You are probably thinking “what now?”…. read on i will let you know what to do.
I could forward all the nasty videos i have of you to all your email and social media contacts but i guess you don’t want that. This would have a very negative impact on your social life and on your relationship with your loved ones.
Below you will find my bitcoin address (copy the whole address without spaces), if you pay me $620 USD i will delete all the content i have on you from my server, close the virus backdoor on your computer and you will never hear from me again, this is the only option you have if you want to keep living your life without the disgrace of all your contacts and loved ones watching the dirty videos i have recorded.
When you opened this email my system activated a timer, from now you have just 8 hours to perform this transaction, do NOT think you will be granted more time… 8 hours is 8 hours so you better do it right now.
If you don’t know how to purchase bitcoins, use any search engine, it is very easy.
My bitcoin address:
Your time is counting!

As with most scams, the email is full of gramatical errors. Just delete the email if you come across one of these.

And if you see the version with your real password shown, it means you need to change your passwords now. And also delete the email, never reply to it.

Update: Here’s another variation of the same scam. Again, nothing in this email is true, delete the email if you receive one.

Hello!
This is important information for you!
Some months ago I hacked your system and got full access to your acc
On day of hack your acc has password:
So, you can change the password, yes.. Or already changed… But my bad soft intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability. I used it…
If you interested you can read about it: CVE-2019-1670 – a vulnerability in the web-based management interface of the Cisco routers. I just hacked this router and placed my bad soft on it. When you went online, my trojan was installed on the OS of your system.
After that, I made a full backup of your computer (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your computer and ask for a not big amount of btc to unlock.But I looked at the web-history that you regularly visit, and I was shocked by what I saw!!! I’m talk you about web-sites for adults.
I want to say – you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea…. I made a screenshot of the adult web-page where you have fun (do you understand what it is about, huh?))). After that, I made a screenshot of your joys (using the camera of your computer) and glued them together. Turned out amazing! You are so spectacular!
I’m know that you would not like to show these screenshots to your friends, relatives or colleagues. I think $528 is a very, very small amount for our secret. Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins! My btc wallet:
You do not know how to use bitcoins? Enter a query in any search platform: “how to replenish btc wallet”. It’s extremely easy
For this payment I give you two days (48 hours). As soon as this letter is opened, the timer will work.
After payment, my malware and dirty screenshots with your enjoys will be self-destruct automatically. If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.
I hope you understand your situation.
Do not try to find and destroy my malware! (All your data, files and screenshots is already uploaded to a remote server)
Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)
Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment! This is the word of honor hacker Do not hold evil! I just good do my job. Good luck.

Bitcoin Malware

Bitcoin, and other crypto-currencies, seem to be the way technology is heading. It’s changing fast. And of course this has spawned a new breed of malware from people wanting to steal from you.

There’s some malware called CryptoShuffler that gets installed on your computer. Then it sits there monitoring your computer’s clipboard.

One day when you want to transfer Bitcoin (e.g. to make a purchase), you might copy and paste an address. The CryptoShuffler malware detects a Bitcoin address in your clipboard, then it gets to work.

The destination address is silently changed to the address of the hackers running CryptoShuffler.

When you paste the address in your transaction, you’re pasting the wrong address. Most people won’t realise this. The transaction goes ahead, and the hackers get your money. You won’t realise until you start to question why your transaction didn’t go as planned, but then it’s too late.

More details can be found here, https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/

Fake Bank SMS

Below is an SMS that pretends to be from a bank. It’s a scam, and here’s how you can tell:

ANZ scam

  1. I don’t have an account with ANZ. So it’s obviously a scam.
  2. I didn’t request any accounts to be deactivated. They wouldn’t normally do this without you requesting it.
  3. If a bank really did deactivate my account they would send me a letter in the mail, on official letterhead, in a branded envelope. They wouldn’t use SMS or email.
  4. This is the most important clue: the URL at the end is from “is.gd” – this doesn’t sound like anz.com.au, it’s completely different.

So what is a “is.gd” domain?

Firstly, .gd is the top level domain of the country Grenada. Not something an Australian bank would use to communicate with their customer. But apart from Grenadian businesses it’s commonly used as a novelty domain because it sounds like “good”.

Next, “is.gd” is a URL shortening service. I’ve written about URL shorteners before. What you need to know is that it’s used to shorten (or hide) the real URL. So by looking at it you can’t know where the URL goes. You might be tempted to click on it to find out, but I wouldn’t recommend that. Clicking on untrusted URLs is one way to get malware.

So what about this is.gd domain that has the word ANZ at the end? There’s a safe way to find out what it points to – use a service called http://wheredoesthislinkgo.com. You put in the short (untrusted) URL and it expands it. So in this case, it expands to:

So not the ANZ bank’s website. We can stop here, we don’t need to click on the link. We already know it’s not really from the bank, they already lied in the original SMS so their motives are probably malicious.

What about the sender’s phone number? Can it be identified? No. SMS allows senders to change the “from” address or phone number. You need special software to do it but it’s not hard. So In this case the sender is “Message”, which is also suspicious. But really, anyone can put anything in the sender’s phone number. Just like with email.

Delete the SMS, no harm done at this point. And if you tell your friends and family about it (maybe show them the SMS before you delete it), you’ll be raising awareness of the scam. This is the best way to fight back, reduce the chance of others falling for it.

If you receive a similar SMS (with different wording) you can share it here in the comments.

Apple $100 Reward Scam

Some people have received an email that looks like it came from Apple. The email promises a $100 reward card. All you have to do is give the scammers your name, address, date of birth, driver’s license, mother’s maiden name and your credit card details, then pay them $9.

It’s a scam. It’s easy for scammers to fake an email, complete with Apple’s logo and their email address. If you hand over any details your credit card will highly likely be sold off and used for fraudulent transactions. And that $9 – you’ll never see it again.

The email looks like:

Dear Apple Customer,Apple is rewarding its long-term customers.

Your loyalty for our products made you eligible for buying an Apple Discount Card.

With this only 9 AU$ Discount Card you will have 100 AU$ credit at any Australian Apple Store or on http://www.apple.com/au/ .

To acquire your Apple Discount Card please download and complete the attached form.100 AU$ Credit Bonus

(You will receive your Apple Discount Card via e-mail in the following 24 hours after your payment has been made.)

Once again, this email does not come from Apple – it’s a scam. You should never trust unsolicited emails (or phone calls or door knockers).

How could anyone fall for this?

Sadly, there are people who think “what if it’s true, I don’t want to miss out”. The same scam would work with any high profile company or product. Be wary and let others know.

 

Photographer Scam

A recent scam targets photographers, asking them for money. Here’s a quick summary of how the scam works:

  • The scammer places an ad on Craiglist, looking for a photographer to photograph an event. The ad is appealing, offering an easy job and high pay.
  • A real photographer responds and they engage in a quick negotiation and get things going.
  • The scammer sends the photographer a cheque as pre-payment. The cheque is for more than the agreed value (overpay). The cheque is counterfeit.
  • The photographer banks the cheque.
  • The photographer makes out a new cheque to return the balance and posts the new cheque to the scammer.
  • The bank tells the photographer that the cheque bounced. By then it’s too late.

Below is an example email of this scam:

Hello ,

Thanks for the quick response and I’m sorry if my message came in late , i have been busy with other arrangements and i hope you understand .Its really nice reading from you and im glad to hear that you are available for my wedding .

I want you to know that this is a inside wedding and the order of events will mail to you a week before the wedding day but the order events is likely to be pictures first, then the wedding ceremony , and then the reception but let me discuss this with my lady because is our wedding so our two has to make the decision together . I hope you understand my point of view.

I want you to know that we will be taking formal pictures so i will like you to recommend 45minutes or an hour set aside for taking formal pictures because we have large family from both my side and the bride side and friends /co-workers we will want to take pictures with . So it will be easier if we can take the pictures before the ceremony because it will be more relaxed with fewer time constraints and would like you to set up a great “first look” shot of me looking at my bride for the first time on the wedding day.

the wedding date is ##th of sept 2012

Basically we need your service starting from 12pm to 6pm .

We are expecting 250 guests i.e 200 adults and 50 children .

And also there will be a table place set for you at the reception , so you don’t need to bring your own food but it will be nice if you can just give me an hint of what kind of food you want us to arrange for you i.e if you are vegetarian or eat all kind of foods .

Further more , there will be special important parts/people at the ceremony or reception that i would want you to take a picture of .I will send the list of the important parts/people to you a week before the wedding day and i want you to know that my wedding is a sleek modern wedding .

I need you to get back to me with your charges and i will be paying you upfront , I just called my uncle who will be in charge of your service fees he told me that your payment will be paid to you via certified check so he has asked me to ask for your full name and physical address with zip code that you want the payment to be send to so as for me to secure your service for my wedding party.

I’m currently on working on off shore and im using impaired device ,so therefore i can only send message via internet or send you an sms from my pinger ..

I will send you the venue address once you agree to everything i stated above and also waiting for the details to issue on the check…

Will be expecting to read back from you with the details I have asked for thanks so much and God bless.

Regards,
CENSORED NAME

And here’s a photo of the the actual counterfeit cheque:

Counterfeit cheque used in phtographer scam

What can we learn from this? Maybe not to return any money until the cheque clears. And to be vigilant of similar scams. If you know any event photographers you might want to let them know about the scam. There’s more information here.

Melbourne Myki System

Melbourne (Australia) has a transport ticket system called Myki. If you use it there’s currently a security risk you should be aware of.

If you purchase a ticket using their ticket vending machines and pay by credit card, the machine issues a receipt. The receipt shows the credit card owner’s full name, the card’s expiry date, and more than the last 4 digits of the card. All of these things are considered security risk. Anyone finding the receipt can use the information on it to commit credit card fraud.

If this applies to you, don’t use a credit card to purchase tickets until the issue is resolved. I can’t verify it but apparently you can’t avoid printing a receipt. Hopefully all of these issues will be resolved soon.

And for everyone, it’s worth highlighting that you should always pay attention to credit card receipts. They should never show your name, your card’s expiry date, or more than the last 4 digits of the card. You can’t assume that the payment terminal you use is perfect, as shown above.

And you should be careful how you dispose of credit card receipts. Recently there’s been a lot of publicity over a hacked iCloud account –  the hackers used the owner’s last four digits of his credit card to gain access to various accounts.

If you use Melbourne’s Myki system and pay with a credit card or have ideas on credit card receipts please leave a comment below, I’d like to hear more.

Dating Scams

Police in Burwood, Sydney, Australia, are investigating recent fraud cases whereby local women were targeted in online dating sites. The women are lured into an online relationship, complete with emails and phone calls, and once they gain their trust they ask for money. The con artists in these cases are based in Singapore and Malaysia.

In one case a lady sent over $100,000. And in nearby Erskineville a woman was tricked into sending $275,000 to a con artist in England.

The scam begins with an ad on an online dating website, targeting asian women in Sydney. They describe themselves as wealthy bankers or businessmen. They send photos, stolen from other websites on the internet. They lure their victim along for up to six months, gaining their trust, and eventually start asking for money.

These scams happen all over the world. Please help raise awareness by talking about this issue with people you know.

Note: because I used the words “online dating”, Google has placed ads on this page with links to online dating websites. Some people who post ads on these sites are not genuine, use your own judgement here.

New Scam Email Promises $16m

Here is a new scam email. It scams begin with a confusing story about millions of dollars and some official sounding name dropping (the FBI).

If you look closely you’ll see many spelling and grammatical errors. Also, the email was not sent from the FBI – you can see this in your inbox if you place the mouse pointer over the sender.

The emails is:

FBI Headquarters
935 Pennsylvania Avenue, NW
Washington, D.C. 20535-0001
(202) 324-3000

Sir,

We the Federal Bureau of Investigations (FBI) Washington, DC in conjunction with some other relevant Investigation Agencies in the United states of America and right now in West Africa, headed by Wayne Mitchell (RPO), we understand that your fund has not yet been transferred to you do to an Outrageous Conduct.

We have to let you know the truth because we know that you have gone far in trying to get this fund and you must have paid some amounts of monies to persons you are not supposed to give out a dime to. Through our Global Networking Investigation, we discover that your fund (Sixteen Million United States Dollars $16,000,000.00 including the accrued interest is among the funds ON HOLD in West Africa (Ghana) do to one or two reasons which you have not been told.

As the Executive Director, Federal Bureau of Investigation FBI and a Principal Officer, We strongly know that the people you have been dealing with are not going to tell you the truth because they are all Criminals. You are hereby advised to stop every communication with any Office and feel free to explain to this Bureau why your fund is not yet released to you.

As a matter of fact, we do not have enough time to waste since we have consumed much time in going through your Payment files to ensure that these Funds are genuine and legit. On this Effect, this instruction requires urgent attention because the release of your fund is due.

We awaiting for your urgent response,

Sincerely,

Robert Muller III
FBI Director Headquarters

If you reply to the email they’ll make their story even more complicated and start asking for your bank account details. Their reply is:

FBI Headquarters
935 Pennsylvania Avenue, NW
Washington, D.C. 20535-0001
(202) 324-3000

Kind Attn:

This is to bring to your notice that we have received your mail today.

We understand that your fund has not yet been transferred to you do to an Outrageous Government Conduct which you have not been told. What a mess? though the FBI expertise and the investigation teams has officially instructed the holding bank to release your long awaited fund valued the sum of Sixteen Million United States Dollars $16,000,000.00 to you with immediate and effect.

The financial expertise and the investigation team has resolved to the fact that the fund is genuine therefore you have to stop every communication with any Office and feel free to contact the holding/ paying bank with your banking details through the below contacts information for your fund to be release to you:

MERCHANT BANK GHANA LTD
Contact Person: Managing Director
Email: merban@accountant.com
Phone: +233-247630112
Fax: +233-303403381

Do this and let us know if there’s anything you do not understood so that we can give you further instructions to back you up for this claim.

Sincerely,

Mr. Robert Muller III.

If you see this email, mark it as spam, or delete it.

 

Hotel “Wrong Transaction” Spam

Lately there have been some spam emails claiming to have details about an incorrect hotel transaction. The email is a ploy to install malware on your computer. Here’s how it works,

  • You receive an email telling you that a hotel has incorrectly charged your credit card
  • The email also says that you should fill out an attached form for a refund (i.e. open an attachment and get some money)
  • The attachment installs a fake antivirus program
  • The fake antivirus program asks you to pay money to clean your PC (even though there’s really nothing wrong with it)
This spam email has many variants but they all seem to be based on a hotel transaction. Below are some example subject lines
Hotel Renaissance Chicago made wrong transaction
Hotel Westin St. Francis made wrong transaction
Wrong transaction from your credit card in Woodrun V Townhomes
If you see an email like these just delete it, or mark it as spam. Don’t open the attachment.