Category Archives: Phishing

Fake Hacked Account Emails

I’ve seen a few of these recently. It’s an email from someone claiming to be a hacker and claiming to have hacked your accounts. And of course they ask for money.

The email is generic, they send the same email to millions of people hoping to catch someone gullable. And in an interesting twist, sometimes they show you your password in the email. What they’ve done is find a dump of real hacked accounts (from another hacker) and send everyone on the list an email asking for money.

Here’s one such email:

Good Day,
Your system was compromised! To show you i have FULL access to your device i sent you this message from YOUR own account (___). You need to read this COMPLETE email to find out how this happened and what to do about it.
You visit xxx sites fairly often, one of these websites was inserted by my computer virus. This virus installed onto your system, granting me FULL access to your device. I download all your email and social media contacts and all your data to my server.
Also, from time to time i activated your camera and recorded some nice videos of you while you “pleased” yourself watching xxx sites. You are probably thinking “what now?”…. read on i will let you know what to do.
I could forward all the nasty videos i have of you to all your email and social media contacts but i guess you don’t want that. This would have a very negative impact on your social life and on your relationship with your loved ones.
Below you will find my bitcoin address (copy the whole address without spaces), if you pay me $620 USD i will delete all the content i have on you from my server, close the virus backdoor on your computer and you will never hear from me again, this is the only option you have if you want to keep living your life without the disgrace of all your contacts and loved ones watching the dirty videos i have recorded.
When you opened this email my system activated a timer, from now you have just 8 hours to perform this transaction, do NOT think you will be granted more time… 8 hours is 8 hours so you better do it right now.
If you don’t know how to purchase bitcoins, use any search engine, it is very easy.
My bitcoin address:
Your time is counting!

As with most scams, the email is full of gramatical errors. Just delete the email if you come across one of these.

And if you see the version with your real password shown, it means you need to change your passwords now. And also delete the email, never reply to it.

Update: Here’s another variation of the same scam. Again, nothing in this email is true, delete the email if you receive one.

Hello!
This is important information for you!
Some months ago I hacked your system and got full access to your acc
On day of hack your acc has password:
So, you can change the password, yes.. Or already changed… But my bad soft intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability. I used it…
If you interested you can read about it: CVE-2019-1670 – a vulnerability in the web-based management interface of the Cisco routers. I just hacked this router and placed my bad soft on it. When you went online, my trojan was installed on the OS of your system.
After that, I made a full backup of your computer (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your computer and ask for a not big amount of btc to unlock.But I looked at the web-history that you regularly visit, and I was shocked by what I saw!!! I’m talk you about web-sites for adults.
I want to say – you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea…. I made a screenshot of the adult web-page where you have fun (do you understand what it is about, huh?))). After that, I made a screenshot of your joys (using the camera of your computer) and glued them together. Turned out amazing! You are so spectacular!
I’m know that you would not like to show these screenshots to your friends, relatives or colleagues. I think $528 is a very, very small amount for our secret. Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins! My btc wallet:
You do not know how to use bitcoins? Enter a query in any search platform: “how to replenish btc wallet”. It’s extremely easy
For this payment I give you two days (48 hours). As soon as this letter is opened, the timer will work.
After payment, my malware and dirty screenshots with your enjoys will be self-destruct automatically. If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.
I hope you understand your situation.
Do not try to find and destroy my malware! (All your data, files and screenshots is already uploaded to a remote server)
Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)
Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment! This is the word of honor hacker Do not hold evil! I just good do my job. Good luck.

Fake Bank SMS

Below is an SMS that pretends to be from a bank. It’s a scam, and here’s how you can tell:

ANZ scam

  1. I don’t have an account with ANZ. So it’s obviously a scam.
  2. I didn’t request any accounts to be deactivated. They wouldn’t normally do this without you requesting it.
  3. If a bank really did deactivate my account they would send me a letter in the mail, on official letterhead, in a branded envelope. They wouldn’t use SMS or email.
  4. This is the most important clue: the URL at the end is from “is.gd” – this doesn’t sound like anz.com.au, it’s completely different.

So what is a “is.gd” domain?

Firstly, .gd is the top level domain of the country Grenada. Not something an Australian bank would use to communicate with their customer. But apart from Grenadian businesses it’s commonly used as a novelty domain because it sounds like “good”.

Next, “is.gd” is a URL shortening service. I’ve written about URL shorteners before. What you need to know is that it’s used to shorten (or hide) the real URL. So by looking at it you can’t know where the URL goes. You might be tempted to click on it to find out, but I wouldn’t recommend that. Clicking on untrusted URLs is one way to get malware.

So what about this is.gd domain that has the word ANZ at the end? There’s a safe way to find out what it points to – use a service called http://wheredoesthislinkgo.com. You put in the short (untrusted) URL and it expands it. So in this case, it expands to:

So not the ANZ bank’s website. We can stop here, we don’t need to click on the link. We already know it’s not really from the bank, they already lied in the original SMS so their motives are probably malicious.

What about the sender’s phone number? Can it be identified? No. SMS allows senders to change the “from” address or phone number. You need special software to do it but it’s not hard. So In this case the sender is “Message”, which is also suspicious. But really, anyone can put anything in the sender’s phone number. Just like with email.

Delete the SMS, no harm done at this point. And if you tell your friends and family about it (maybe show them the SMS before you delete it), you’ll be raising awareness of the scam. This is the best way to fight back, reduce the chance of others falling for it.

If you receive a similar SMS (with different wording) you can share it here in the comments.

SMS Photo Scam

Below is an SMS scam. It’s personalised, which means the person running the scam has a list of names and phone numbers. The idea is that you’re being tricked into clicking the link, which takes you to a website. In some cases the website is a fake store telling you you have $500 credit. It then asks you to download an app. You should never install apps on your phone from random scammers.

If you see this SMS delete it. It’s a scam.

The sender’s phone number is most probably fake, which isn’t hard to do with SMS messages. The link shown at the end will probably be different each time. The country code shown in this SMS (+855) is from Cambodia.

smsscam1

The message says:

Chris, you received (1) new photo message: http://sn.im/<characters removed>

The sender’s phone number here is:

+855 1207355146

 

Notice to appear in court

The following email is part of a scam, it includes an attachment that most likely contains a virus, you should not open. Delete the email if you see it.

Notice to Appear in Court,

This is to advise that you are required to attend
the court of Los Angeles in January 8, 2014 for the hearing of your case.

Please, kindly prepare and bring the documents related to this case to Court on the date mentioned above.
Attendance is compulsory.

The copy of the court notice is attached to this letter, please, download and read it thoroughly.

WILKINS ALSTON
Clerk to the Court.

Fake Skype Email

This email claims to be from Skype, offering a new version to download. It’s fake, the link has nothing to do with Skype.

Remember, Skype does not email you and me with links to download. Skype will update itself.

NEW VERSION OF SKYPE 2011 IS RELEASED

Dear Skype Users,

To start New Year 2011 with new features, options and improvements, we’ve just released the new version of Skype Software.

<link removed for security reasons>

New in this version :

* Up to 5-way group video call.
* Redesigned calling experience.
* Improved video snapshots gallery.
* Improved browser plugins performance on some websites.
* Reduced false positives on browser plugin phone number recognition.
* New presence icons.
* Improved handling of calling attempts made when the user has run out of credit.
* Improved access to sharing functionality  

To check and download the latest version , go to :

<link removed for security reasons>

Start downloading the update right now and let us know what you think about it.

We’re working on making Skype better all the time !

Talk soon,

The people at Skype

====================== PROTECT YOUR PASSWORD ===========================
Skype or Skype Staff will NEVER ask you for your password via email. The only place you are asked for your password is when you sign in to the Skype application or our website.

If you see the above email, delete it or mark it as spam.

Fake Acrobat Reader 2011 Emails

The following email claims to be from Adobe and suggests to install a new version of Adobe Acrobat Reader. It’s fake. Adobe does not email people asking them to download and install new versions.

The email says:

ADOBE ACROBAT READER 2011 UPDATE NOTIFICATION

This is to remind that a new version of Adobe Acrobat Reader 2011 with enhanced features for viewing, creating, editing, printing and internet-sharing PDF documents has been released.

To check and download the latest version , go to :

<link removed for security reasons>

Start downloading the update right now and let us know what you think about it.

We’re working on making Adobe Acrobat Reader better all the time !

Thanks and best regards,

Adobe Support

© 2011 Adobe Systems Incorporated. All rights reserved.
Adobe Systems Incorporated |343 Preston Street | Ottawa | ON | K1S 1N4 | Canada |

Remember, if you see this email just delete it, or mark it as spam.

Update: There’s now another version of this email, it too is a scam. The email looks like:

Adobe is pleased to announce that a new version of Acrobat PDF Reader was released today with new features, options and improvements.
<link removed for security>
What’s new in this version :
* Read, search, and share PDF files. * Convert to PDF. * Export and edit PDF files * Add rich media to PDF files * Combine files from multiple applications * Increase productivity and process consistency * Streamline document reviews * Collect data with fillable PDF forms * Protect PDF files and content * Comply with PDF and accessibility standards
To get more and upgrade to this version, go to  :
<link removed for security>
Start downloading the update right now and let us know what you think about it.
We’re working on making Adobe Acrobat Reader better all the time !
Talk soon,
The people at Adobe
Copyright © 2011 Adobe Systems Incorporated. All rights reserved.

Phishing emails from Skype

Phishing emails are emails that appear to be from a legitimate company and ask you for your username and password. It’s a simple trick to get your account details.

Recently (22 April 2010) several phishing emails were sent “appearing” to be sent from Skype. The emails have a link to a web page asking you for your Skype username and password. These details are then collected by hackers and used for malicious purposes.

The general rule is, if you receive any emails from legitimate companies asking you to log onto your accout, don’t click on the links. Open a new browser and go to the company’s web site yourself. This way you can be sure you’re on the real web page, and not be tricked into going to a fake copy of the page.

Fake CUA Email

The following email is a phishing scam. It tries to trick people into handing over some account details. The usual trick for phishing scams is to make the email sound important, and there’s a link in the email to make it easier to get to the scammer’s web site.

The phishing email says:

Dear member:

We have recently updated our Online system to include new layer secure authentication. This is intended to provide you with the best security possible when accessing your account.
You will need to update your account in order to continue using your card.

CUA Update

Your ticket code is L690545X.
We apologize for any inconvenience this may cause and appreciate your patience and understanding.
Member ID 690545

The domain name they use is cua-members-australia (.com). After doing some simple research, CUA is a credit union in Australia. Their real address is www.cua.com.au so the one provided is obviously fake, even though it might sound real. Further research shows that the fake address was registered in USA (even though these details could also be fake).

Below is a screenshot of the phishing scam site:

cua

They get straight to business asking for a card number and a PIN. Very private information that no one should ask you.

Fake ATO Emails

More fake ATO emails are being sent in Australia. If you receive an email about your “taxe refund” keep in mind that it’s a scam. The real ATO would never misspell tax.

Clicking on the link in the email takes the reader to an exact copy of the real ATO website. The address is clearly wrong,

  • Fake address: www.a-imbn . org
  • Real address: ato.gov.au  (all Australian government web sites must end with .gov.au)

If you’re in Australia please let others know of this scam.