Malicious/Spam Emails

We have seen an increase in the amount of malicious emails being received by clients, in which the sender claims to have hacked your email account and placed malicious software on your PC to steal your personal information.

These emails can be fairly convincing, often containing an old password of yours that has been compromised in a data-breach and will use email spoofing to make it appear as though it has been sent from your own email account.

This is almost certainly not the case and is a scare tactic used to convince people into sending them large sums of money.

“How do they have my password?”

With so many different passwords to remember across all of the online services that we rely on daily, many people slip into bad habits and use similar, if not the same password for multiple platforms.

Over the last few years there have been many large-scale data breaches, that have leaked a wide variety of personal information ranging from usernames and passwords to home addresses and dates of birth. Once obtained this information will either be illegally sold or leaked to the masses online via message boards or paste bin sites.

“Has my data been compromised?”

Prior to the GDPR regulations it was not required for a data processor to notify affected users of a data breach and as such a large majority of the people were and still are unaware that their information has been compromised. The most effective way to find out if you have been affected by a data breach is to use a site called haveibeenpwned, simply pop your email address into the homepage to see if your email is attached to any known data breaches. You can also use this site to check how many times your password has featured in a data breach, this does not necessarily mean you have been affected but can be used as a measurement of password strength and security.

Spoofed emails & Common scams

We have seen many different examples of online scams and spam mail. One of the more common ways cyber criminals trick people into paying them is by purchasing domains that are similar to ones used by businesses and then setting up email accounts of employees, usually using information sourced from LinkedIn and company websites.

Recently we had received a report from a company’s accounts department that had been targeted. The scammers had got hold of a domain similar to theirs but with a “1” instead of an “I” in it. They had created an email account mirroring that of the managing director, copying everything including his email signature and email formatting. They had managed to get hold of an old email chain and sent a request for a bank transfer from the company bank account.

Best practice to avoid being caught out by these types of scam is to verify payments made with an authoriser or even the person that has made the request verbally before actioning any transfers. Having a set procedure in place for handling transaction and any deviations from this could be a flag for suspicion.

Dear User,
We have installed one RAT software into your device.
For this moment your email account is hacked (see on “from address”, I messaged you from your account).
Your password for <insert user@domain.com>:<insert a password that you have used>
I have downloaded all confidential information from your system and I got some more evidence.
The most interesting moment that I have discovered are videos records.
I posted my virus on site, and then you installed it on your operation system.
When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device.
After installation, your front camera shoots video every time, in addition, the software is synchronized with the video you choose.
For the moment, the software has collected all your contact information from social networks and email addresses.
If you need to erase all of your collected data, send me $xxxx in BTC (crypto currency).
This is my Bitcoin wallet: <insert bitcoin wallet address>
You have 48 hours after reading this letter.
After your transaction I will erase all your data.
Otherwise, I will send video with your pranks to all your colleagues and friends!!!
And henceforth be more careful!
Please visit only secure sites!
Bye!

“I’ve been compromised what do I do?”

DO NOT give them any money.

If you pay the ransom you are effectively making this method of scamming profitable, encouraging these individuals to continue phishing/scamming.

 

DO NOT respond to the email.

With the nature of this attack/scam, the senders rely on the likelihood that a small amount of the recipients will respond out of the batch of millions.

 

Change your passwords attached to the account.

More information on how to create a secure password can be found here.

 

Delete the email.

The best thing to do with emails like this are permanently delete them from your inbox.

 

Consider setting up 2FA (2 factor authentication).

More information on 2FA and password security can be found here.

 

Purchase spam filtering tools.

This will not completely stop these types of emails, however, it will significantly reduce the amount of these emails that you will receive and filter out any malicious emails of other natures such as Phishing  and Ransomware.