New Phishing Campaign Using Breach Data

Posted on July 12th, 2018

I woke up today to find five emails from concerned clients. They all referenced the exact same phishing email that is making the rounds heavily today. First, here is the verbatim message to all five recipients that contacted me:

I do know, REDACTED (a real, accurate password), is your pass word. You do not know me and you’re most likely thinking why you are getting this e-mail, correct?

In fact, I actually setup a malware on the adult vids (porno) web site and you know what, you visited this site to experience fun (you know what I mean). While you were watching video clips, your web browser initiated functioning as a RDP (Remote Desktop) with a keylogger which gave me access to your display screen and cam. Just after that, my software gathered all of your contacts from your Messenger, FB, as well as email.

What did I do?

I made a double-screen video. 1st part shows the video you were watching (you have a nice taste rofl), and 2nd part shows the recording of your web cam.

exactly what should you do?

Well, in my opinion, $2900 is a reasonable price for our little secret. You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address: 1PLrSKJmzww51A178UgGukF8bXood9ivaQ
(It is cAsE sensitive, so copy and paste it)

You now have one day to make the payment. (I’ve a special pixel in this message, and right now I know that you have read this message). If I do not get the BitCoins, I will definately send out your video recording to all of your contacts including relatives, colleagues, and many others. However, if I do get paid, I’ll destroy the video immidiately. If you really want proof, reply with “Yes!” and I will send out your video to your 8 friends. It’s a non-negotiable offer, therefore please do not waste my personal time and yours by responding to this email.

First, the emails did include accurate passwords for the recipients, but the passwords were old and no longer used for the majority. I assume that a leaked combo list was used to generate these messages. That is the last accurate piece of information in this entire message. The rest is scare tactic and never happened. The sender(s) likely hope for 1% of the recipients to pay the ransom, worried that their porn habits could be shared with their contact list.

A search of that Bitcoin address revealed no transactions and no history. A second address of 1BKo4NWp2a96QLZ7wCzdwbTaoofi2e4a94 also revealed nothing. Numerous addresses will likely be used, and I will keep watching for any payments.

Searching the wording within this message also revealed no results. This is a new variant of a worn-out phishing email. If you receive one of these, the only move is to delete it, and change any passwords similar to the cited example.

Filed under Hacking, Security |


Recent Posts