While spam is always a constant pain in the you know what, a recent trend has grabbed a certain amount of attention and a fair number of our clients have been in touch with concerns that they’ve been hacked and asking for our assistance.
An excerpt of this email has been posted below, and word for word is what everyone is receiving. What is grabbing people’s attention with this email is that they are claiming that they’ve caught you visiting adult orientated websites and they’ve captured a video of you enjoying yourself. Of course, they promise that should you pay them within 50 hours that the problem will go away.
They’re also spoofing your email address to look like it’s coming from yourself. This adds more weight to looking like you may have been compromised, but it’s a simple and easy practice that spammers use to look like an email is coming from a legitimate source.
What should I do?
As with any spam message, do not engage the spammer. It’s slightly difficult in this one to contact them as they have spoofed your own email address, but any email that you get that looks like spam, they pretend to know more than they do to get you to be concerned and feel you need to act. This email is no different.
How do they know my email address and password?
If you have received this email, unfortunately it’s very likely that they’ve sourced your information from a previous hack where your email address and the password in the email were used.
A great tool for you to check if you’ve been hacked is https://haveibeenpwned.com/
These databases are a treasure trove of information that are then used for lots of unscrupulous purposes and there are some very simple ways to combat that your information is out there.
- Passwords should be unique and changed frequently. If you are using the same password for many things, if you are hacked you can assume that they have access to anywhere that password has been used.
- Use a password manager. There are many out there to simplify your life.
Spam email excerpt
I greet you!
I have bad news for you.
07/08/2018 – on this day I hacked your operating system and got full access to your account (YOUR EMAIL ADDRESS)
On that day your account (YOUR EMAIL ADDRESS) password was: (PASSWORD)
It is useless to change the password, my malware intercepts it every time.
How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.
I’m talking about sites for adults.