Every day our cybersecurity team investigates and fights against a wide variety of phishing emails and spoofing attacks.
An email like this was recently sent to one of our clients, and it is a good example of a malicious email where the hacker is attempting to blackmail the user into paying a ransom by threatening to release information that may hurt the users reputation (in this case it was proof of them visiting certain adult websites.)
Whether or not the person actually has visited these sites is often irrelevant. Hackers will send the same email out to many people - until they identify someone who may have something to hide.
Let's walk through the contents of the email now...
The malicious email that was sent
I have very bad news for you.
I hacked your OS and got full access to your account.
In this style of attack, the hacker is not trying to hide their actions. Their leverage lies in the fact that they have obtained access to the users system. The hacker did spoof their sender and header information - making the email appear to come from the user's own account.
The email continues...
You can change the password, yes... But my malware intercepts it every time.
The hacker is reinforcing the fact that this user has already been compromised, so a simple password change would not work, since this hacker is monitoring every action the user takes.
The hacker goes on to describe in detail how they got to this user. Hackers are usually very proud when one of their attempts pays off - so this hacker was willing to let the user peak behind the curtain of the breach. They tell the user:
- There was a vulnerability in the software router that the user used to go online.
- The hacker placed malicious code on the router.
- The next time the user went online, a trojan was installed on the OS of the user's device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
The hacker wants the user to know the depth of their breach.
The hacker's blackmail attempt
The hacker tells the user that they could have just shut down the user's machine a month ago and asked for a ransom to unlock it.
However, they say they got an idea when reviewing some of the sites that the user visited.
I made a screenshot of the adult sites where you have fun.
Again, the hacker is likely phishing here. They may or may not have screenshots of adult sites the user visited. They may even be spoofing the entire breach!
I know that you would not like to show these screenshots to your friends, relatives or colleagues.
The hacker reminds the user of the damage they could potentially cause to the user's relationships with the release of the information. They request $709 dollars - paid only in Bitcoins, to destroy the screenshots.
The hacker instructs the user how to use Bitcoin pay - in case they are unfamiliar, and sets a payment deadline of 48 hours.
In case the user was thinking of taking another action besides paying, the hacker informs them that the full contents of their device has been uploaded to a remote server. Essentially, anything they do on their end would be useless since the hacker made a backup of their data.
The hacker closes the message by referring to their actions as a "business" saying that they have many victims. Therefore, if payment is quickly received, the user will not have to worry about the hacker targeting them again.
The hacker then ironically advises the user on how to avoid future breaches.
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
And closes with: Have a nice day!
Why this type of malicious email is increasing
This attack is becoming more popular because of how easy it is for hackers to perform. All a hacker needs to carry out this attempt is the ability to spoof an email message. The breach may or may not be real. The information the hacker claims to have often doesn't even exist.
Hackers send these messages out in bulk until they land on someone who actually has something to hide. Instead of just targeting a user's bank account - they use the threat of embarrassment and reputation damage to get users to pay up.
What you should do about it
Report malicious emails like this to your IT helpdesk immediately. Even if you know you're innocent and the hacker is bluffing, a skilled engineer can determine important information about the sender and confirm whether or not your account is secure.
Our cybersecurity team was able to tell that this email originated from a hacker in the country of Columbia, and that it was, in fact, just an elaborate spoof. No user data had been compromised.
Check out our other recent post on hacker behavior, "I Watched A Real Hacker in Action and Here's What I Learned."