Email spoofing, also known as spoofing email, involves forging the sender’s email address. Often, the address in the sender’s field is fake; any responses sent to this address will likely reach a third party. The primary goal of this scam is to deceive the user.

Fraudsters deploy a variety of tactics to execute a successful spoofing attack ¹. Below, we explore the most common methods they use.

1. Sharing a Similar Domain

To successfully spoof an email, fraudsters meticulously imitate sender addresses that appear similar to those of well-known organizations or companies. They typically:

• Alter the top-level domain, for example, from support@spotify.com to support@spotify.co
• Change the domain to include a country code, for example, support@spotify.com.ru
• Modify a single character in the domain name, turning support@spotify.com into support@spatify.com
• Use a variant of the domain that still references the brand, such as support@spotifyinfo.com
• Create an email address that incorporates the company’s name, like support.spotify@gmail.com

2. Substituting the Sender’s Name

This tactic involves falsifying the sender’s name, with the “From” and “Reply-To” headers displaying the fraudster’s address instead. This method is particularly prevalent on mobile mail clients, which typically only display the sender’s name. Fraudsters may use:

• Misleading variations of the company’s name.
• Fabricated names paired with deceptive email addresses.

Imagine that you receive an email like this:

Notice that all fields are correct, but the From and Reply-To fields are not. When Dude1 receives this email, he may think it’s from his boss. When he hits “Reply,” all he’ll see in the To: field is the name “BossMan,” but it will actually go back to his friend who spoofed the email, Dude2.

3. Changes the significance of the From and Reply-to fields

Because the SMTP protocol does not authenticate headers, fraudsters can easily forge addresses in the From and Reply fields without being noticed. Thus, they have the privilege of not being caught, as a fake is almost no different from the original.

Protection from Email Spoofing

To effectively guard against email spoofing, it’s essential to configure email security protocols such as SPF, DKIM, and DMARC. Below, you’ll find step-by-step guides on how to set up these protocols for popular email platforms:

1. Setting Up SPF (Sender Policy Framework)

SPF helps to verify that incoming mail from a domain comes from a host authorized by that domain’s administrators.

• Gmail: Go to the Google Admin console, navigate to ‘Domains’, and then ‘Add a domain or a domain alias’. Add the SPF record in your DNS settings: v=spf1 include:_spf.google.com ~all
• Outlook: In the Microsoft 365 admin center, go to ‘Settings’ → ‘Domains’, select your domain, and add the SPF record to your DNS settings: v=spf1 include:spf.protection.outlook.com -all

2. Implementing DKIM (DomainKeys Identified Mail)

DKIM (DomainKeys Identified Mail) adds an encrypted signature to outgoing emails, allowing the receiver to verify that an email was indeed sent and authorized by the owner of the sending domain. Setting up DKIM correctly can help prevent email spoofing by verifying the authenticity of the sender. Here’s how to set up DKIM for Gmail and Outlook:

Implementing DKIM for Gmail:

To configure DKIM for Gmail, use the following steps:

1. Sign in to the Google Admin console.
2. Navigate to Apps → Google Workspace → Gmail → Authenticate email.
3. Select the domain for which you want to set up DKIM and click GENERATE NEW RECORD. You might see this option only if you haven’t already set up DKIM for your domain.
4. Choose a key length of 2048 bits for better security (1024 bits is also available but less secure).
5. After generating the DKIM key, Google will provide you with a TXT record to add to your domain’s DNS. It will look something like this:

   google._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSq...AB"

   This is your public key.

6. Add this record to your DNS settings at your domain host. Keep in mind that DNS propagation can take up to 48 hours.
7. Once the DNS has propagated, return to the Admin console and click START AUTHENTICATION.

When DKIM is set up correctly, Gmail will sign outgoing emails automatically, allowing recipient servers to verify their authenticity.

Implementing DKIM for Outlook:

For users of Microsoft 365 or Outlook, the setup process involves similar steps:

1. Login to the Microsoft 365 Defender portal.
2. Go to Email & collaboration → Policies & rules → Threat policies → DKIM.
3. Choose the domain you wish to enable DKIM for and click Enable.
4. If no DKIM keys exist, Microsoft will prompt you to create them. Click on Create to generate the keys.
5. Microsoft will then provide two CNAME records to add to your domain’s DNS. These records delegate the DKIM signing authority to Microsoft. They typically look like this:
   selector1._domainkey.YOURDOMAIN.com CNAME selector1-YOURDOMAIN-com._domainkey.OURDOMAIN.onmicrosoft.com
selector2._domainkey.YOURDOMAIN.com CNAME selector2-YOURDOMAIN-com._domainkey.OURDOMAIN.onmicrosoft.com
6. Add these CNAME records to your DNS. Again, allow up to 48 hours for DNS changes to take effect.
7. Once DNS propagation is complete, go back to the Defender portal and confirm the DKIM status to ensure it is active.

Implementing DKIM for your domain significantly improves your email security by enabling email authenticity verification at the recipient’s end.

3. Configuring DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication, policy, and reporting protocol. It builds on SPF and DKIM protocols, helping email receivers determine if a given message aligns with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle these discrepancies. Here’s a step-by-step guide to setting up DMARC:

Understanding DMARC Policy:

Before setting up DMARC, you need to understand the policies you can apply:

Steps to Configure DMARC:

1. Create a DMARC record: A DMARC policy is published as a DNS TXT record. The typical format of a DMARC record looks like this:

   v=DMARC1; p=none; rua=mailto:admin@yourdomain.com

   In this example, ‘p=none’ specifies the policy, and ‘rua’ indicates where aggregate reports of DMARC failures will be sent.

2. Choose Your Policy: Decide which policy (none, quarantine, reject) fits your needs based on your security posture and the maturity of your SPF and DKIM setups.
3. Specify Email Reporting: Determine where you want reports of pass/fail to be sent. These reports are crucial for understanding the types of attacks targeting your domain and observing how your emails are being received on the internet. Use ‘rua’ for aggregate reports and ‘ruf’ for forensic reports:

   rua=mailto:aggregate@yourdomain.com; ruf=mailto:forensic@yourdomain.com

4. Publish the DMARC Record: Add the DMARC TXT record to your domain’s DNS. This is similar to adding SPF or DKIM records. You typically enter the record into your DNS management dashboard.
5. Monitor and Adjust: After implementing DMARC, monitor the reports you receive and adjust your policy as needed. Initially starting with a ‘none’ policy and moving to ‘quarantine’ or ‘reject’ as you confirm that legitimate emails are passing SPF and DKIM checks is a common approach.

Additional DMARC Tags:

DMARC records can include several optional tags to refine its operation:

• aspf: Alignment mode for SPF (strict or relaxed).
• adkim: Alignment mode for DKIM (strict or relaxed).
• fo: Forensic options to specify conditions under which forensic reports should be generated.
• rf: The format to be used in forensic reports.
• ri: Reporting interval for how often you want to receive the aggregate reports.

The post How to Prevent Email Spoofing appeared first on Gridinsoft Blog.

Emails are used daily by millions worldwide professionally. Over time, however, this beneficial tool has also become a potential threat. Like anything connected to the internet and technology, email is vulnerable, particularly email attachments seen in most messages. This susceptibility has heightened concerns about email security.

Common Threat Types for Email Security

Before exploring how to protect yourself from the dangers associated with email attachments, it is important to understand the basic types of malicious email threats to which we are all susceptible.

1. Ransomware: Ransomware is a prevalent threat typically delivered through email. In such attacks, the perpetrator hacks the victim’s data and demands a ransom for its return.
2. Phishing: Phishing involves criminals sending emails that appear trustworthy, containing links or attachments that prompt for login details. These credentials are then used for malicious purposes. Many people inadvertently trust and interact with these deceptive emails.
3. Spam: Despite various methods developed to filter out unwanted spam, the issue persists. While some spam is merely bothersome, much of it can carry malware.

Email Safety Tips

The dangers associated with email attachments, as mentioned above, are common challenges faced routinely by users. However, there are numerous ways that your emails could be carrying malware and other threats like ransomware.

To help you stay safe and secure your email communications, we’ve compiled a list of effective email security tactics. These strategies will help you recognize potential dangers and avoid them before they escalate into serious issues. Let’s explore these tips!

1. Check the Sender

Business professionals often receive emails daily from various contacts, necessitating them to open and review each one. However, during a phishing scam, the sender’s name may appear familiar or even if not, the nature of business may compel you to open it regardless. Despite this, there is a precaution you can take: always verify the sender’s email address. Unusual email addresses are a common indicator of scams. Remember, it’s not necessary to open every email. If an email is critical, the sender will likely follow up with a phone call if they don’t receive a response. Trust your instincts; if an email feels suspicious, it’s safer to avoid engaging with it.

2. The Message Inside the Email

Even when you recognize the sender or are anticipating an email, exercise caution before opening it and engaging with its contents. Before clicking on any attachments, consider the following to ensure the email’s legitimacy:

• The subject line of the email is critical. If it lacks a subject line or the subject line is vague, proceed with caution. For example, if the subject mentions an “invoice”, verify your recent purchases. If you haven’t ordered anything that matches the described item, do not open the email and consider marking it as spam.
• Emails that lack detail and use generic greetings like “Hi” are often indicative of phishing attempts. A legitimate email will include specific details about the company and a clear explanation of the email’s purpose. If these elements are missing, it’s best to disregard the email.

3. Digital Signature in Emails

For those engaged in corporate communications, verifying the presence of a digital signature is crucial. Before opening any attachments, check if the email purportedly from a company includes a digital signature at its end. For emails sent through Microsoft Outlook, a digital signature may be indicated by a red ribbon icon within the message, signaling corporate authenticity.

4. Check the Email Links

After confirming the internal contents of the email, including the presence of a digital signature, a relevant subject line, and the company’s logo, you might feel confident about the email’s legitimacy. However, it’s essential to remain vigilant by checking the links as well. Hover your mouse over any link or attachment to preview the destination address. If the address appears suspicious or unrelated to the expected content, it likely indicates a malicious intent such as ransomware or another type of scam. In such cases, it is advisable to delete the email immediately and avoid clicking on any links.

5. Use GridinSoft Anti-Malware for Enhanced Protection

To further secure your email communications from malware and other cyber threats, consider using GridinSoft Anti-Malware. This powerful tool offers robust protection against a wide array of threats, including those commonly disseminated through email, such as ransomware and phishing scams. GridinSoft Anti-Malware provides real-time protection by scanning incoming emails and their attachments for any malicious content before it can harm your system.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Conclusion

Email has undoubtedly simplified and accelerated communication, revolutionizing business operations and opening countless opportunities. However, as technology has advanced, so too has the susceptibility of email to scams and other security threats. Prioritizing email security is essential for both individuals and businesses. By implementing the straightforward security measures discussed above, you can protect yourself and your business data effectively. Paying attention to the finer details and practicing vigilance can take just a minute or two, but these efforts are crucial in safeguarding against potential dangers.

The post How to Stay Safe When Using Email? appeared first on Gridinsoft Blog.

Such scam emails typically straddle users’ unawareness about how malware and the overall cybercrime world normally work. They take the claims about collected personal information for granted and obey any of the further guidelines. However, there are quite a few signs of these messages being complete and utter scams, and I am going to reveal all of them in this post.

Hello Perv Email Scam Overview

Hello Perv is an email scam that circulates for several months already, gaining significant popularity at the end of June 2024. Fraudsters send them to different emails in hundreds, if not thousands, hoping for gullible people to believe the text and follow the instructions. The email contains threats of publishing explicit graphical content that the hacker has allegedly collected using spyware.

The demand of the email, as you can see above, is about sending a sum of money (typically ~€500) in Bitcoin to a cryptocurrency wallet. One outstanding detail here is that the hacker provides the ability to get extra time to pay the ransom. Overall, the email body is built around social engineering tricks, while having a lot of manipulative facts and logical mistakes. Let me explain each one of them, so you will have a better understanding of how con actors manipulate people and how to detect such scam emails in the future.

Revealing Introduction & Malware Description

Hello Perv fraudulent email did not really try to prolong the narrative. From the very beginning, the fraudster talks about infecting the device through a site with adult content. Further, they claim to start recording from the web camera and capturing the process of the victim touching themselves. To make matters worse, the hacker claims manipulated the resulting video to make it look like the user was watching a prohibited category of adult videos.

A thing that scares a lot of people is that they see this email being sent from their own address. This may look like hackery, but is, in fact, a rather easy trick of sender email spoofing. It only requires using a specific email client, that allows tinkering with email metadata. But nonetheless – this makes enough people believe the scam is genuine.

One major fault here is the story about hacking the computer through an infected browser page. Well, this is totally possible – browsers may be vulnerable to code injections and other flaws. But applying such a technique in attacks on individual users is simply unreasonable. Exploiting vulnerabilities is more suitable in attacks on corporations, where potential profits are much higher.

There is also an old-new tactic of hacking the site and putting the “update your browser” banner on top of all the content. Clicking the update button will lead to malware downloading, and the user will likely execute it thinking it is a genuine update. Thing is – all the malware families deployed in such a manner are well-known and do not operate in the way the hacker describes. Doing what spyware operators normally do – collecting credentials and selling them on the Darknet – is more profitable and takes less effort.

Ransom Demands

After the rapid introduction, the “hacker” puts out the demand: pay a ransom to a cryptocurrency wallet and no explicit videos will make it to the public. Typically for this specific email campaign, ransom amounts are around €500, though it may change in future. As I’ve already mentioned, there is a possibility to extend the ransom payment deadline for another 48 hours. One particularly interesting clue here is the Bitcoin wallet: its statistics uncover how “successful” this scam is.

It is possible to see the Bitcoin wallet balance & history using free blockchain explorer tools. A few clicks – and voila, we now can see when and how much was paid to the wallet in the past. Throughout the extensive list of wallets, the majority have just a few transactions, with a total sum of $4-6k. Interestingly, the sum of some of the incoming transactions is twice of what is the current bid of the scammer. This implies that the fraudster either uses the wallet for several scam campaigns, or forces victims into paying more, possibly after extending the deadline.

Threats of Publishing Explicit and Compromising Videos

Strangely, the actual threats go after the ransom demand – not a usual tactic for this kind of scammers. Though, it was rather obvious where all this is going: “hacker” threatens to publish the compromising video to all the victim’s social media pages, so all friends and colleagues will see this abomination. And the forbidden character of the video suggests that this may be the reason for law enforcement to turn their attention.

Obviously, same as pretty much any other email scam, this one ensures the user about watching their computer and user’s actions. Shall the user try to trick the scammer, they will translate their threats into actions. Though, I wonder how the scammer will track a police call from your phone? Or from a friend’s phone? Once again, the email is full of rather obvious logical mistakes, and that’s just another one. Most of them are clearly visible even to people without much knowledge in cybersecurity, it’s merely about cold-minded analysis.

Any chances the computer is infected?

Despite the Hello Perv email being a blatant scam like a Professional Hacker Scam or Pegasus Scam, there is still a possibility that malware once was present in your system. Some variations of such email scams may additionally scare people by showing them their (old) passwords. This pretty much forces users into believing the fairy tales about advanced spyware and all-encompassing tracking. To be sure your system is clean of any spyware, consider scanning it with GridinSoft Anti-Malware: it is capable of finding and eliminating even the most recent spyware samples.

The post Hello Perv appeared first on Gridinsoft Blog.

Internet Is A Dangerous Place Scam Overview

“Internet is a dangerous place”, or “Security status not satisfied” are both names of the same email scam campaign. It falls under the category of sextortion/social engineering frauds, that aim at scaring the victim with the threats of public intimidation and making them send the money.

This scam can take different forms, but its essence remains the same: the so-called hacker claims to have infected the victim’s devices and obtained confidential information. This makes it similar to other email extortion scams. If the victim does not pay the ransom, the hacker will publish this information. Hacker also boasts of infecting the devices of people from victim’s contact list, and collecting similar intimidating information about them as well.

These scam emails are slightly different from each other, but their basic content remains the same. Here is our example:

Let’s get through each element of this scam; I will explain the social engineering tricks that the scammer uses to make the victim believe that all this is for real. Also, I will debunk the mystical AI malware and all the related nonsense, made up entirely for adding mysticality and complexity to the alleged hack.

Fear-inducing Introduction

The message usually begins with an alarming subject line like “Security Status Not Satisfied”. It aims to catch the recipient off-guard, making them more vulnerable to the ensuing threats. The statement “I already know you and all your loved ones very well” is meant to induce fear by suggesting that the sender has intimate knowledge of the recipient’s personal life. It hints at a deep invasion of privacy, which is a potent trigger for anxiety and panic. This is a classic social engineering tactic.

Overall, the header contains vague and general statements that could apply to anyone. There are no specific details that would lend credibility to the sender’s knowledge or threats. Claims about such the ability to infect all contacts and relatives’ devices are hard to prove and are barely realistic. Lastly, the email mentions advanced technologies like artificial intelligence and invulnerable malware. However, it lacks any technical specifics that would make the threats believable.

Collecting Sensitive Information

The scammer continues with claims to have “monitored all your activities” and that “AI-based malware” was used to gather compromising data and record video through the webcam. This is the most intimidating factor of the scam, especially considering the fraudster’s focus on the moment when the user was watching adult content.

One more piece of intimidation is the fact that the user’s supposed recklessness has taken other people’s private life as collateral. Hacker claims that the malware has spread to other devices, including those of the victim’s friends and family. As there’s no way to prove or disprove this, it’s not that hard to take this bait as well. And overall, at this point into the scam, the victim likely believes the text – an ideal point to switch to the main course.

Threats of Publishing Exposing Videos of You & All The Contact Book

The scam reaches its climax with claims that the so-called hacker accessed the device’s webcam and captured video of the victim in a compromising situation. If this were true, the attacker would have attached a short part of this video or a screenshot as proof. This is meant to coerce the victim into paying the ransom to avoid public humiliation.

Perhaps the most desperate move by the fake hacker is the threats to the victim’s relatives and contacts. While this is theoretically possible, in practice, if a hacker did this, they wouldn’t boast about it. Moreover, if the attacker had managed to hack the victim’s contacts, they would at least provide some proof of it.

AI As a Malware

The same applies to the claims about using AI. While it is possible for cybercriminals to use artificial intelligence, they certainly do not use it in the way the so-called hacker describes. A much more prevalent application for this new technology is to write more convincing phishing emails, clone voices, and create deepfake videos.

What the “hacker” supposes is that they used AI to hack into the computer and collect the information. As far as Google knows, there is not a single case of such an application. And believe me, the Web will be set abuzz shall someone pull such a trick.

Ransom Demands

The fraudulent email concludes with a ransom demand, asking for ~$1200-1400 in Bitcoin, with a 48-hour deadline for payment. The scammer threatens to make all collected information and videos public and notify the victim’s contacts, supposedly causing irreparable damage to their reputation.

Cryptocurrency wallet address that the hacker specifies reveals some interesting details about how effective this scam is. Emails are sent in thousands every day, but the wallet has only 2 transactions. One of the previously used addresses is naught on any money transfers whatsoever. Nonetheless, $2800 for effectively doing nothing, except for writing and mass-mailing a scary email like a “Internet Is A Dangerous Place”, is still quite a sum.

Is your system infected?

Of course, there is no reason to believe this email, and we just found out why. Nevertheless, to ensure there are no threats on your system, even if unrelated to this email, I recommend scanning your device for malware. You can use GridinSoft Anti-Malware and follow the instructions below.

The post Internet Is A Dangerous Place appeared first on Gridinsoft Blog.

What Are Geek Squad Email Scams? How Do They Work?

The Geek Squad scam is an imposter scam in which criminals pose as Best Buy Technical Support and offer “help” with devices, accounts, or apps. In reality, these scoundrels are trying to steal your personal information, get you to give them remote access to your devices, or pay for their fraudulent services. Here is the typical procedure of this scam:

• Scammers reach out in any way they can (via email, text messages, phone calls, or fake websites) and pretend to be Best Buy Geek Squad employees.
• They will then claim that your device has been compromised, you owe money for your subscription, or that you need to “prove” your identity by providing confidential information (e.g., credit card numbers, social security number SSN, etc.).
• Sometimes they may even make you download malware or apps to access your device remotely.
• If successful, they trick you into cheating you out of even more money by emptying your accounts, stealing sensitive information on your device, or demanding payment for their services.

Anyone who has dealt with Geek Squad or Best Buy may face a Geek Squad scam. Unfortunately, more than 60% of their victims are over 60.

Geek Squad subscription auto-renewal texts or emails

Perhaps one of the nastiest scams from Geek Squad is that scammers send emails or text messages claiming that you have signed up for the Geek Squad subscription service. You will be billed hundreds of dollars unless you cancel your subscription. The message has a phone number to call if the payment is a “mistake”. However, they will ask for your credit card or other banking information to “get your money back” if you call that phone. Fraudsters use this information to commit financial fraud.

This fraud can often turn into a “refund scam.” This happens when scammers use stolen accounts or credit cards to send you extra money and ask you to “reimburse” the difference. Unfortunately, when the original account holder reports the fraud, you will lose the entire amount and everything you sent to the fraudster.

Identifying a scam:

• You receive an invoice or automatic renewal notice for Geek Squad services you did not request.
• The message is not from a BestBuy.com email address, contains spelling or grammatical errors, and does not use the correct Geek Squad logo.
• The number listed in the message is not the official Best Buy number.

Emails pressuring to download fake antivirus software

In this scam, fraudsters pass themselves off as Geek Squad technicians and tell you that your device is infected with malware. So they force you to download the “antivirus software” or give them remote access to your device. In both cases, you give the hackers full access to your device and your sensitive information, photos, or videos. The “antivirus software” hides malware that allows hackers to spy on you and your computer. Giving hackers remote access means they can do whatever they want with your device.

How to identify a scam:

• You receive an unwanted phone call or e-mail claiming that your device is infected with a virus. No one can tell you if your computer has been hacked without access.
• Fraudsters request remote access to your device to “fix” the problem. Always be careful if someone asks you to download software or wants access to your computer.

Tech support phone call scams

Unfortunately, these nasty guys often annoy their victims over the phone. If you are on the phone, the scammers force you to send them money for their services or make you download malware onto your devices.

Here are the two main ways phone scammers call you:

1. Scammers call you, claiming that your device is infected with malware or that you owe money for services.
2. Scammers create fake Web sites that provide fraudulent phone numbers for Geek Squad. Then, when you call, they route the calls to their phones and start the scam.

Detecting the fraud:

• You receive an unsolicited phone call from Geek Squad or another tech support group. These companies will rarely contact you directly. So be careful of anyone who calls you unsolicited.
• Once you get on the phone, the scammer won’t let you get off. Instead, they will do and say anything to keep you talking.

Browser pop-ups with alerts that your device is infected

Sometimes scammers use pop-ups on websites (often adult websites and illegal streaming platforms) and claim that your device is infected and requires immediate action. If you click on the pop-up, you will automatically download what looks like antivirus but is malware, adware, keylogger, or ransomware.

Spotting the fraud:

• No browser plug-in can check your device for viruses. So if you get a message that your device is infected, it’s a scam.
• Beware of device cleaner apps, as they often contain malware. If you are unsure about an app or software, google its name + “scam” or “safe”. If you have an installation file, you can check it here.

BestBuy.com password reset scam

Scammers send emails purporting to be from Best Buy, claiming that your “password reset didn’t work. The email will appear genuine and contain a link to update your account, even if you don’t have one. If you click on the link, it will take you to a site identical to the “BestBuy.com” login page. It’s a phishing site whose purpose is to steal your personal information. So, if you enter your real username and password for your “BestBuy.com” account, fraudsters will get that information and use it to make fraudulent purchases, buy untraceable gift cards, or steal your financial information.

How to detect this scam:

• You get an email to reset the password for an account you don’t have.
• When you click on the link, you are taken to a site that is not secure or not in the official “BestBuy.com” domain.

Accidental refund or overpayment scams

Scammers send you more stolen money than you expected, then ask you to “refund” the extra amount. If you call support, they will ask you to complete a form to proceed with a refund. But the form doesn’t work, so the support agent will ask for remote access to your desktop to help you complete the refund. As a result, you will lose the entire amount of money – the supposed refund and the “accidental” extra money.

Detecting this trick:

• Fraudsters ask to access your computer remotely to facilitate a refund.
• You have been told about a “refund” for more than the amount on your bill. If this happens, do not send the money. Instead, wait a few days for the funds to be transferred, or contact your bank and let them know what happened.

Fake Offers: Protection Service Plan

Although not as dangerous as other Geek Squad scams, this useless protection plan can still cause damage. In this scheme, scammers posing as specialists contact you by phone or e-mail to sell you protection services, such as antivirus. But these “tools” either do nothing or contain malware.

How to understand this is a scam:

• The tool has no online reviews or is not listed on popular review sites.
• Scammers contact you to try to sell you digital security services. An unsolicited email or phone call indicates that you are dealing with a scammer.

What to do when you become the victim of the Geek Squad email scam

If you have been the victim of a Geek Squad email scam, here’s what you should do:

• Never do anything you are told if you have been in contact with scammers.
• Block the number you just dialed so that scammers won’t contact you again.
• If you have provided personal information, such as credit card information, contact your bank immediately and have your funds blocked.
• Immediately change your login information if you signed up through a link that scammers sent you from your email address. You should not use the same login information for multiple accounts, but unfortunately, many people do it anyway.
• If you’ve downloaded software or any files from email, delete them. Check your computer for viruses!

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

How to Avoid This Scam?

When you receive an email from Geek Squad and fear it may be a scam, you’ve done half the work of preventing it. Never send personal information by email or any other method. Likewise, don’t reply to the email or call the number listed. It would help if you remember some rules to avoid falling for scammers’ tricks: avoid clicking on links and do not download attachments. It’s better to delete the letter altogether, as well as to block the sender. To summarize, it can be said that ignoring a fraudulent Geek Squad email and blocking the sender is the best way to avoid many problems.

The post Geek Squad Email Scam appeared first on Gridinsoft Blog.

Email scams have become an increasingly popular attack on individuals, bearing on users’ unawareness about how malware works. “Have you heard of Pegasus” does exactly this: scares the user with the name of a well-known spyware, making them believe the threats are real. In this post, I will explain every single element of this scam, so next time you will recognize it immediately.

What is “Have you heard of Pegasus” Email Scam?

Have you heard of Pegasus? scam is a common name for email messages that contain text with claims of possessing compromising photos and videos of the user. The text of the message may differ, but it always contains mentions of Pegasus spyware. One of the latest text variants (as of early June 2024) is the following:

The text goes under a rather strict pattern: beginning, where the scammer introduces himself as a pro hacker. They claim to have explicit photos or videos of you watching adult content, and threaten to publish it to all of the contacts you have in your phone book. Having such comprehensive access is explained by installing Pegasus spyware into all the user devices.

In certain cases, the author adds a password or two that you could really have used in the past. This, although is a pure manipulation, makes the email much more convincing. After that, the fraudster switches to the main course of the scam: demand to send money (usually around $1000-$1500) to a specified BTC address.

Cyber Criminal Cryptowallets

1JVMTup4zuS1JMGXAYYRgvyr2PUmNnY6g2
12PY3MibuWtNHjszG4YMSaSEFf6Y8P2zcN
1AXNYLDEG5YEzc2eyUh7SUYYKeRUaRwseu
17KHqeibF7TWfb9dvPRrbRhvwpkYPd8R3R
ltc1q2yd2s2nq8vgw3swqfhudztarrfwakj96tk7s82
ltc1qughecqtek6x5mfjrhwf0wvg8cqgdehmhyxkluw
ltc1qpj5nfh4j6p7fnn5zwt8jsukz6fum2uj4use6e5
1Dz3tE5mspT4fk9fxkfZk6fBcgav28XxRd
ltc1qjpua6w4zqvhdwlt7hdesshu9fgjfl0525lxvew
1P1muuaa35mkDDxaKZcvTSUqPAtMo1j8nr
ltc1qpyvf4vkw8xg775jduf4uwyecesgd93g579skm7
bc1q34vjur6yxxra3mjktr2qu5wrkvelgrw47wf93k
ltc1q33rqzm8ry5q3y7nv7m8degk9smp6aqxd0lt9z4


As I’ve mentioned at the beginning, all the claims are lies and manipulation, called to scare the user and make them believe the attack is real. This fear, in turn, makes the victim obedient and forces to follow the guidance to pay the ransom. However, a closer look at pretty much every element, especially for a tech-savvy user, reveals that the message is full of questionable claims. Let’s get through this scam, top to bottom, to see what exactly is wrong.

“Have you heard of Pegasus” Analysis

We begin with the introduction, where the alleged hacker calls the victim a pervert and claims “a very bad situation” for the victim. Then they immediately claim using Pegasus spyware on all the victim’s devices, saying that “It works well on Android, iOS, and Windows”. And that is where the first issue comes into view.

Pegasus is a real spyware, a military-grade one, developed by Israeli-based NSO Group. It is a really powerful tool, but the thing is – it works only on iOS and Android, and has stability issues with the latter. Windows was never in scope of this malware, and was in fact never targeted by NSO products.

One more thing is that Pegasus is not for sale to everyone. The developer markets its solution only to governments, and only after quite long haggling regarding areas of use. There were – and are – quite a few offers of Pegasus for sale on the Darknet, but every single one of them to date appears to be a fake.

Questionable Infection Way & Timing

Email body continues with the claim about spying on the victim for a few months, and all the infection was happening through shady links on the Internet. That is just a double load of nonsense. Spying on a specific person for quite some time – well, people know this as stalking, but no one does this on an industrial scale. Considering the number of these emails, they should be attacking thousands of people, but earning money in the way they do is simply counterproductive. By selling just the credentials, without having to collect explicit graphic materials for months, they could get more money and much faster.

Aside from the time-wasting strategy, the infection vector is also really strange. By the “links on the Internet” the hacker most likely meant deploying malware through exploiting web browser vulnerabilities. And while it is a real thing, it is once again counterproductive to infect single users in such a tricky way. Creating an exploit code usually supposes targeting it on a specific victim (or a small group), and is time- or money-consuming regardless. Once again, the number of “victims” they mail means wasting too much time and effort into creating the exploits. And considering that the majority of web browsers these days have auto-updates, it is hard to find a victim with an unpatched vulnerability.

Overall, both elements seem unreasonably complicated, and are just not how malware attacks usually work.

Blind Claims & Threats

The message further takes us to the part where the hacker claims possessing the recordings of the victim in some truly embarrassing circumstances, specifically while watching adult videos. What’s worse, at least if we believe in what the letter says, the genre of the said adult videos is compromising and says about the victim’s perversion on the topic. And here is a sign of a scam: there is not even a single mention of anything specific. Threat actors write the text in order to target a wide audience. Having no specific information about the victim, they try to make the message body suitable for any possible case.

The key threat here is to send the said compromising materials to all the contacts in the phone book, in all the ways possible. Well, there’s nothing impossible about that, but all these compromising materials are nowadays too easy to refute by saying it is an AI-generated fake. Sure, it is still less than pleasant that you have to make excuses to all of your friends and colleagues, but that’s not even close to a doomsday promised by the “hacker”.

Trick With Your Password

Above I’ve mentioned that the scammer who sends the message may occasionally add a password that the victim really used with one of the accounts. This has an exceptionally frightening effect, making the letter look genuine in the eyes of the user. However, there’s no reason to panic.

You see, it is not hard to get someone’s old password. Credential leaks happen pretty often, usually after a company, website or organization is hacked. Huge dumps of collected credentials are then sold on the Darknet, with free test samples having hundreds of entries. If the fraudulent actor is serious about the scam, they may get hold of a paid database that will cover many more potential victims.

If you read the news about the latest hacks, or just follow the basic cybersecurity rules and change your passwords once every 2-3 months, then these leaks pose no threat to you. By the time all the data is aggregated, sold, and the con actor sends a scam email, that leaked password gets irrelevant.

Ransom Demand & Warnings

As this part is a culmination of a scam, there is not a lot going on, and thus it is hard for a scammer to make a mistake. They demand paying anywhere from $1000 to $1500 to prevent the leak of all the aforementioned explicit content, specifying a Bitcoin address as a payment method. Also, there is typically a deadline of 48 hours, which counts from the moment when the email is opened. Obviously, for such a use case, they register a disposable BTC wallet, so the law enforcement won’t have a persistent clue.

Typically for any scam, frauds ensure you against any off-the-road steps, like contacting the police, resetting devices or reaching them back. While the latter two being more or less understandable, the first one is yet another sign of a “Have you heard of Pegasus” scam. The “hacker” tries to cut any connections to the scam as soon as the victim receives the message. No payment confirmation, no afterword – just vanish. If they’re so confident about their anonymity, why can’t they contact them to confirm that the deal is done? One more point of uncertainty here.

How Scam Works?

The key to how this scam works is social engineering. The number of technical mistakes and logic inconsistency works because of folks’ lack of knowledge on how malware works. Nevertheless, the points to push on are picked rather professionally. Here are the methods of social engineering that fraudsters use in “Have you heard of Pegasus” scam.

Pretending to Compromise the Privacy

One of the biggest fears of any human being is that their secrets will be revealed. Regardless whether it is about which plushie they prefer to sleep with or what category of adult videos they prefer, this always infuses a feel of insecurity or even vulnerability. This, in turn, makes the victim obedient to any of the further instructions, ransom payment in particular.

Appealing to Professionalism

One more step in making the victim believe what’s said in the email is real is the appeals to a worldwide-known spyware. Pegasus got rather ill fame amongst people, despite being rarely used and inaccessible to black hat hackers. The latter two facts, nonetheless, are not really known to a wide audience, hence the “I’m using Pegasus” trope appears true.

Threats of Humiliation

The key thing that the hacker does is threats of public humiliation – a possibility that, in fact, makes the privacy compromise such a scary occasion. This eventually pushes the victim to an obvious step – paying the ransom. That’s exactly what the scammer wants, and a scared person is haste to obey.

Scan your computer for malware

Even though the described email is a complete scam, there’s still a possibility that something is present in the system. Not something related to the scammer, but possibly a thing that has leaked your password before. For that reason, I recommend scanning the system with GridinSoft Anti-Malware. Its multi-component detection system will find and remove any malicious programs present on the computer.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post Have you heard of Pegasus? Scam appeared first on Gridinsoft Blog.

Since many of us are still isolated at home, losing access to Netflix is almost as unpleasant as shutting down the Internet. Thus, any email from Netflix claiming that your payment details didn’t go through can get your attention and encourage you to act hastily. Below, we explain how the Netflix trap works and how to recognize a Netflix scam email.

How to Spot Netflix Scam Email?

At first glance, the fraudulent letter looks pretty convincing. It begins with the Netflix logo and the phrase “Something went wrong,” which may seem familiar to those whose streaming show is interrupted at the most critical moment of the show. However, a closer look reveals clear signs that email has nothing to do with Netflix.

Signs of The Netflix Email Scam:

• The sender’s email address has a different domain and is different from the original Netflix.
• A generic address is used instead of your name, which signifies that fraudsters sent this email bulk to thousands of accounts.
• The email contains elements of urgency designed to create panic so that users act quickly. For example, losing access to Netflix could be a threat if you don’t update your payment details immediately.

Sometimes scammers make a decent attempt to mimic genuine Netflix messages, and they almost succeed. But, as with most fraudulent emails, one or two details are usually missing that show it’s not a genuine email. So let’s go over everything you need to know about Netflix scam text 2022, shall we?

How the Netflix Scam Email Works

There are several common scenarios, but it’s worth mentioning a few red flags, to begin with, that suggest how it works.

1. Netflix Payment / Subscription Issues

The email says you need to update your account status by clicking on the attached Netflix phishing email link. The link will take you to a fake Netflix login page, asking you to log in and provide your credit card information. This way, scammers get the credentials and can use them to hijack your account. You can also hover over the link (without clicking) to see the actual destination URL. Still, it may be hidden behind a short link, that says nothing about its content. That is not a common practice in machine-generated notifications, so you should not follow that link either. In some cases, an attachment is pinned to an email. Opening or downloading it can install malware on your computer. This could potentially be ransomware that can lock your device and encrypt files.

2. Netflix Reward / Gift Online Survey

Sometimes the message promises you an exclusive reward, but you must take an online survey to get it. This is how scammers lure you into clicking on a built-in button that takes you to a fake Netflix survey page. It goes on to say that you can win a free one-year Netflix subscription or other “exclusive reward” by taking a simple online survey. Sounds tempting. However, there is, of course, no gift. The ultimate goal of scammers is to elicit your personal information! They will record everything you enter on these fake pages and use it to do their dirty deeds. Don’t fall for this – NEVER share your credit card or other personal information online unless you are 100% sure the website is legitimate!

What Happens if You Click on the Email Scam Link?

First, an important note – do not try to do this from a work computer that has access to your company network and data. Such security mistakes, which are easy to avoid, usually cost companies dearly. The link from the fraudulent Netflix email leads to a landing page that looks very similar to the real one. Next, you are asked to log in with your login and password.

If you’ve entered your genuine credentials, the scammer will have everything they need to log into your account and take advantage of your personal information. This may not be critical for Netflix, but given how many of us are used to reusing the same old passwords repeatedly, it won’t take long for a scammer to try to log into more sensitive accounts. To prevent this from happening, we highly recommend using a password manager.

To ensure you are on a phishing page, you can do a simple trick – enter a non-existent username and password. The original site will give you an error that the account does not exist. In this case, even after entering random credentials, the website prompts you to update your payment details. However, nothing will change – all you typed or will type in the fields on that fraudulent page will be simply transferred to hackers.

What to Do If I Receive a Fraudulent Netflix Email Scam?

Fraudulent emails are an integral part of online life. Although the quality of spam email filters continues to improve, even with services like Gmail, Outlook, and sometimes it’s hard to stay ahead of every threat. However, a few simple actions can keep you safe.

Delete or report

The easiest thing to do is delete obvious fraudulent emails. However, if you feel like a good digital citizen, you can report them first. For example, you can use an exclamation mark icon or flag spam emails. You can also forward the email to the appropriate services, such as phishing@netflix.com. Finally, notify your IT administrator if you encounter fraudulent emails on your work email account.

Do not click the suspicious links

Never click on any of the links in a potentially fraudulent email. Instead, if you want to verify your account information, open a new window or tab and go to the actual website regardless of the links in the email. Clicking the scam message will notify the crooks that your account is active – and you will be spammed even more. Moreover, some tricky techniques include token stealing. If you go by a specifically designed link while being logged into your account on the device, crooks will intercept the token and will be free to manage your account.

Avoid attachments

It’s important to say that users are getting hooked on Netflix by phishing email, as sad as it sounds. Attachments are a clever way to disguise malware and spread threats. If you see an unusual attachment in an email that you don’t expect, never open it. Those are usually MS Office files that contain macros. They only contain a Netflix text scam that asks you to activate macros execution, which is disabled by default. Macros, in its turn, connect to the command and control server, and download malicious payload to your PC. Due to the vulnerability of macros execution mechanism, it easily circumvents the security solution.

Don’t update your payment information

Never update your financial or payment information when asked to do it in an email. Most companies warn you against this. For example, Netflix says: “We will never ask for your personal information in Netflix scam text 2022 messages or emails. This includes bank account details, credit or debit card numbers or Netflix passwords“. Services rarely break their own rules, so only these rows are enough to spot a scam.

Don’t reuse the same passwords

If you use the same password to log in to multiple accounts, attackers only need to crack one of your accounts to access all the others. The effective way is to use a password manager. All you need to remember is one master password. Then the password manager will store and enter complex passwords for you. It’s a simple, inexpensive, and secure way to manage multiple logins.

The post Trending Netflix Scam Email You Should Know appeared first on Gridinsoft Blog.

What is Sextortion?

The term “Sextortion” is rather self-explanatory, aside from the fact that this practice has been in use for a pretty long time. That is a type of email scams that aim at money extortion through the threats of publishing explicit visual content with the victim. To look more authoritative, the scammer may claim to have access to the target’s social media accounts.

Contrary to more classic email phishing scams, the attacker will never ask the victim about an action other than sending a sum of money. The reason for such a generous act is, as the villain assures, its possession over some compromising materials about you. Email text often discloses the way these photos and videos were obtained – from a webcam while you were browsing through adult sites, leaked from the hacked phone, or the like.

All this boils down to a simple demand: send the money or I will leak all these nude videos and pics to the public. Some definitely not exaggerating mates say they will post it from your profile, as they have access to it as well. Though ones who try to look more realistic simply promise to tag your entire friends list on a specific social media.

Are Sextortion Threats Real?

99.5% of the time, they are not. Even though some people can have someone’s nude photos on hand, the number of scam emails exceeds the number of these people by orders of magnitude. And since such graphic materials rarely end up in the hands of a stranger, it will be particularly easy to identify the extortionist. This adds up to the generic message text and absence of any proof – some definite signs of a scam. By the way, let’s have a more detailed look at them.

How to detect a Sextortion Scam Email?

Same as any email scam, sextortion bears on 3 psychological tricks: calling for a shock, forcing the feel of vulnerability and feeling of urgency. This leaves its footprint in the text, and eventually makes it somewhat templated in all the scam cases. Let’s review the most popular of them.

Typical Sextortion Email Patterns in Text

With time, there were dozens and hundreds of different text patterns for extortion emails. Most of them, however, are created with the intention of being suitable to any victim. It would be rather uncomfortable for a scammer to adjust the text whenever they target a new group of people. Thus, utterly generic and abstract text with absolutely no personalization is what you would expect from sextortion scams.

The sense of shock appears as the stranger says it has your nude photos. Moreover, this guy tries to pose as a “professional hacker”. They boasts of having access to all the browsing history, webcams, online wallets and the like. Why would they do nothing about this info – hijacking accounts, stealing all the money from online wallets? The question is rhetorical.

Urgency to the situation appears due to the “deadline” you should pay the ransom before. As the hacker says, any negotiations and stuff are not possible, and failing the payment date will end up with publishing all the materials. Some crooks also say things like “this is not my email so I will stop using it shortly after”. This creates even bigger concerns about the inability to avoid public shame.

Sure enough, the same methods may be used by someone whose threats are real. But they never follow the pattern, at least not that straightforward. This distinguishes a letter written by a real human from a tool of scammers, designed to fit any circumstances.

Check For A Re-Used Crypto Wallet

As sextortion scams are running in “waves”, you are most likely not the only person who got such an email. Frauds often stick to the exact same text, changing only the crypto wallet they ask to send the ransom to. A simple Google search of the wallet may reveal not just one, but several text patterns used in the same scam wave.

Two sextortion emails from 2019 and 2023 using the same text

Two sextortion emails from 2019 and 2023 using the same text

Obviously, when the con actor is real in its threats and is not running this as a business, it will never use someone else’s crypto wallet or the one used in a scam before. Even when a real hacker does something like this (such an occasion happens once in a while) it will never use the same wallet twice. Moreover, “real hackers” rarely opt for Bitcoin as a payment method, preferring cryptos like Monero or DarkCoin. The latter have the anonymizing infrastructure that is so heavily demanded when you are going outlaw.

AI-fueled Sextortion Scams Incoming

All in all, sextortion is a rather old scam that was not really effective over the last few years. People are aware about it, and there is almost no way this is real after all. This is true, but over the last few years, there is a huge risk of sextortion scams being resurfaced with a force yet unseen. Let me explain.

The current AI development is exciting. But what is more mind-boggling is the number of malignant implementations for this potential. In particular, we are talking about their photo editing capabilities. There are quite a few AI services even these days that will edit the clothing out of the picture of a person you’ve uploaded. Combine this ability with sextortion scams and the fact that most people share their normal photos without any doubt – and you receive fuel for a new, unpredictably powerful scam wave.

Scammers who stand behind sextortion emails will finally stop extorting money for nothing. This time, they may get not only a manipulative text, but things to prove their claims with. And, if you ignore the demand, they will post them somewhere. There’s still no reason to believe in their tails about access to all your accounts, but dumping the photos while tagging all your friends list may still be effective.

Sure, it is rather easy to prove the AI origin of images and videos. But the very fact of these images’ existence may throw people into panic. This will eventually force them to pay the ransom – which still does not guarantee that the scammer will not publish these fake photos. And even when you remain calm and ignore all the threats, it may be bothersome to prove that these nude photos of yours are just a hallucination of a vicious neural network.

How to protect yourself from email scams?

Well, that is not an easy question to answer. As I’ve just explained, things are getting complicated, and there is no well-rounded advice for the most modern cases. However, I took my time to think through the possible mitigation options for the majority of situations.

Control sharing your personal email address. While benign services try to keep their customers’ info private, there are enough services that do not care. Some shady forums, torrent tracking sites, websites with cracked software – they will gladly sell databases of their users’ emails to someone. Then, these databases are used to spam people and spread scams, including sextortion. Avoid leaving any personal info in such places, or at least do not use your personal email for authorization purposes.

Keep your head cold. A thing all extortionists rely on is your panic actions upon realization that someone may publish inappropriate graphic content with you online. You, in turn, should not do any emotional acts – that will save you both money and gray hair.

Change all your passwords. This is mostly for good measure, as only a few cases out of thousands of sextortion scams could really boast having your passwords leaked. Though, the very habit of updating your login credentials is a great enhancement to your personal cybersecurity.

Warn your friends, colleagues and relatives about a fake video. By announcing preventively that a provocative video can appear, you minimize the initial shock it may create. After that, all the fake video will do is call friendly laughs, avoiding shame or arguments. Even if the scammer is kidding and there is no graphic material in its possession, even a fake one, this will uplift the awareness of such cases.

The post What is Sextortion? Explanation, Signs & Ways to Avoid appeared first on Gridinsoft Blog.

Professional Hacker Email Scam Overview

Despite being a distinctive kind of email spam, “Professional Hacker” still has some variations to it. However, all of them have a text stating nearly the same thing: a hacker got into your computer and gathered a lot of sensitive information. If you do not pay the ransom – all this info will be published. Here are some common patterns the forms of this scam follow all as one.

Worrying Claims At The Very Beginning

The message starts with the subject like “Your personal data has leaked due to suspected harmful activities”. This serious yet threatening claim may already inflict fear and make the victim believe every word in the message body.

The body is not better either. Commonly, there are claims like “successfully managed to hack your operating system” and “gained full access to your account”. They are nonsense from the technical point of view, but look legitimate for people who are not aware of such details.

Fake Hacker Activities Description

Further in the message body, the hacker says that it was “monitoring all your activities and watching you for several months”. The crook claims it has installed infostealer malware (or trojan viruses) on your PC. Interestingly enough, the spreading way they say about a lot is “adult sites”. While in the past such pages were really a threat, it is barely a thing these days. It is also unclear why there is so much attention to a single victim. The actions the hacker boasts of may be done in a matter of days if not hours. Thence, it is either about unprofessionalism or stalking.

Claims On Compromised Video Being Recorded

Another typical claim is about the video taken from the webcam. Not a regular one – hacker says about a recording of you being in pretty compromising situations. This is, actually, the culmination point of the scam letter. These rows talk about the potential possession of highly compromising materials. In other words, this is what should force a victim to pay. It is particularly hard to prove or disprove this statement, though as the overall email has a lot of questionable takes, this one is not realistic either.

Explanation of Malware Invulnerability

To prove its proficiency, a hacker states that the malware it uses integrates at driver level, which makes it impossible to detect and remove. Well, this part is at least somewhat true – driver-level malware integration is a thing and it is done exactly to make both detection and removal much more complicated. But to perform such a trick, a hacker should either trick you into running the malware with high privileges or escalate them through an exploit – which is not a trivial task.

Some crooks also mention “hourly updates” (each several hours, daily, etc), which is, in turn, just fiction. There are much less effort-intensive ways to avoid detection, so using such an ineffective trick is either a mark of an unskilled hacker or a liar.

Ransom Demands & Publishing Threats

Obviously, the outro of the scam email – ransom demands. “Professional Hacker” commonly asks for a ransom in Bitcoins, and sets a deadline of 48-72 hours. If the demand is dismissed, the hacker promises to publish all the gathered info and videos on your social media – as it “has full access to your accounts”.

The ransom sum varies depending on unknown factors, but most commonly the ask ranges from $1000 to $2000 in Bitcoin. Some messages do not tell the ransom amount and instead offer to negotiate the sum on the email.

Typical Professional Hacker Scam Email Example

As I said, there could be dozens of different text variations of this scam. Though they differ just a bit, so I collected the most common ones.

Typical example of a sextortion email

Is “Professional Hacker” Email True?

No, it is just an attempt to make a scared user pay for deleting non-existent compromising materials. Sure, some of the things described in the email may happen. But the overall course of action is not how hackers normally work. Spending more than a month spying on a single victim is a thing in cyberattacks on large companies. However, doing so in attacks on home users is counter-productive.

There are a lot of things in the message that make me conclude it is a scam written by a low-profile scam actor. It may be aware of some typical tactics and practices that cybercriminals use. However, any of their attempts to describe them in detail uncover the complete incompetence of a subject. “Malware uses drivers” “Updating the signatures every four hours” – any tech-savvy guy will laugh his head off listening to such twaddle.

Social Engineering Tactics Used in “Professional Hacker” Email Scam

As you could have possibly supposed, Professional Hacker scam is based purely on social engineering. There are mistakes in the technical description of a “hack“ that show low technical competence. Nonetheless, the psychological tricks scam actors are trying to use are quite clear and professional. Let’s have a look at each one.

Pretending to be a professional

First paragraph of a scam message starts with a claim about being a professional hacker. Most probably, a victim will not trust it from the start. But it changes as a victim sees details adult sites, trojan viruses and the like. All these tales make the target person believe the hacker who attacked them is really a professional one, and it is not a joke.

The scammers’ hope here is that the target individual don’t know a thing about how hackers operate. And let’s be honest – there are quite a lot of people who don’t. They will surely believe a scary story about month-long spying with an undetectable malware.

Privacy compromise notifications

Once the authority is gained with the tricks I described above, the hacker switches to scaring the victim. The first sprouts of this appear at the very beginning of an email message – in the message subject. Then, the rascal says that it possesses a whole bunch of compromising information – from dialogues in messengers to video from a webcam with the victim watching content on adult sites.

This may look like a silly show, but don’t forget – the victim believes it is a genuine hacker who has sent an email. Thus, it can enforce a genuine fear or even panic, especially when a blind take about compromising messagings or visits to adult sites was dead-on.

Threats of public humiliation & ransom demands

By appealing to the compromising info possessed and the overall access to the victim’s system, a hacker threatens to publish all the info to social media, using the victim’s accounts. Sure enough, a scared user will now be ready to do whatever the hacker asks to avoid this. And the task is quite obvious – a ransom you should pay off in Bitcoins. The scammer specifies the wallet in the message. Even in the cases where the message body does not mention the ransom at all, it still ends up there.

Inflicting urgency

Despite all the places in this message that may scare the victim, the key element that makes it pay is time sensitivity. Hackers inflict urgency of a payment by saying that the deadline for making a payment is 48-72 hours from the moment when it have sent the message. No payment = all your friends on social media will know about your dirty deeds. Well, they would not, but hacker’s role is make you believe that this will happen.

Scan Your System For Spyware

Once you suspect that your system has some unwanted items in it, or see scam messages stating so, consider checking your system with a security tool. Despite what these wannabe-hackers say in the email, anti-malware programs are able to counteract spyware, trojan viruses and other malware. Sure enough, not each one can boast of top efficiency – a security program should feature most modern detection mechanisms. GridinSoft Anti-Malware can show you all the profits of such capabilities – consider trying it out.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post “Professional Hacker” Email Scam appeared first on Gridinsoft Blog.

What happened to Binance?

On March 27, 2023, Binance was charged by Commodity Futures Trading Commission for consistently violating its regulations for preventing money laundering and terrorism financing. As the note released by CFTC says, Binance employees were guided by the company’s CEO, Changpeng Zhao to ignore the rules set by CFTC. The latter supposes uncovering the real identity of their customer in order to prevent misleading and following laundering. That thesis is partially confirmed by the fact that throughout the entire 2022, no suspicious activity reports were made.

Defendants’ alleged willful evasion of U.S. law is at the core of the Commission’s complaint against Binance. The defendants’ own emails and chats reflect that Binance’s compliance efforts have been a sham and Binance deliberately chose – over and over – to place profits over following the law, — Gretchen Lowe, CFTC’s Enforcement Division Principal Deputy Director

Currently, Binance is just amidst a huge scandal, which, however, does nothing to disrupt the operation flow. Still, the trial is ongoing, and the situation may change in the future. If the evidence possessed by the accusing party is proven true, the platform may have serious consequences.

First and foremost, regulators can ban Binance from the U.S., cutting a significant portion of its money flow. That ban will likely forbid the banks to wire transactions with the organisation. It will be painful, but not impossible to withstand – the US share is not that big. However, if things get worse, US authorities will ask European banks to do the same. Cutting off over 50% of the user base in a single move is deadly for pretty much any company.

What to expect?

The scale of possible scams may easily overwhelm the similar outbreak that happened following the SVB bankruptcy in early March. Hackers were sending emails pretending to be bank representatives or legal agents, offering their help in saving money held in the ceased bank. This time, however, the vast majority of targets are regular folks, who are much less aware of scams. Moreover, people are much more likely to interact with emails they receive – and cybercriminals know that.

There is, however, a difference between the case of SVB and Binance. Bankruptcy means a complete suspension of all operations – in simple words, you cannot get your money back. Ban in a certain country makes it troublesome, but not impossible. Still, it may be less obvious for people who are not so well acquainted with all the procedures. Moreover, folks mostly have no “plan B” for such a situation. That will be the bearing point of crooks.

Malicious alternatives

Nature abhors a vacuum. If Binance is gone, there are a number of other platforms offering hot wallets and easy investments. But aside from well-known names, others will pop up, offering unbelievably good terms. And for sure, it is better to remain incredulous.

The classic scheme here is offering a service to people who escaped from Binance, taking their money and leg it. These “alternatives” will likely be offered in advertisements all over the Internet, as well as on forums. Alternatively, crooks can perform classic email spamming campaigns, targeting the emails from databases related to a breach that happened back in 2019.

Typically, users will be offered bonuses at wire-in, miserable commissions per transaction, or even leverages for trading. Links, wherever they are placed, will lead to a freshly-created website that has small to no information about the service. Instead, the site will blink with numerous offers to create an account and top it up as soon as possible. Once done, you will never see your money back. This fraud may also fill the databases with personal information you share during the registration.

Wireout help offers

This type of scam may be conjoined with the previous one but requires contacting the victim. Crooks reach the victim via email, offering to migrate seamlessly to their platform. This message can also contain convincing statements about the partnership with Binance regarding their customers. Hackers may even impersonate a well-known exchange – to lull the vigilance. However, the link they will provide to proceed leads to the same poorly-made website.

At this point, things are getting more interesting. Instead of just taking your money, fraudsters can also ask the address of a Binance hot wallet and a cold wallet. This, in turn, exposes your identity even more – and may be threatening to your funds’ safety.

Pseudo-Binance mailings

What can be the most classic example of an email scam? Email messages that pretend to be ones from a genuine company. Scams related to SVB bankruptcy were generally of this sort, and now the story may repeat itself. Hackers will pretend to be the company that wants to help with wire out or other operations. Alternatively, if nothing bad happens to Binance, the legend may switch to “insure your account” stuff. This scam may take place in social media as well.

Routinely, you should log into your account by following the link added to a message. But oops – this link leads to a phishing copy of a Binance login page. This ends up with losing access to your account, which is suboptimal even in the case of troubles.

What can I do?

First of all, it is just an attempt to predict upcoming cases. If nothing happens – great; pessimistic predictions are always good when they do not come true. However, the threat of malware and phishing scams on email is as actual as never before. Following basic cybersecurity rules is a go-to advice for all cases.

Be suspicious of all the emails you receive. Check the email addresses, read the message body carefully – they can contain the signs which will uncover the attempt to scam you. Hackers do their best in mimicking the original messaging style of the companies, but cannot repeat all the details. Why do they call me “Dear user” instead of my name? And why does the sender’s email resemble a single-use one registered on a quick email box service? Notice details of this small – and any attempts to scam you will go naught.

Control social media messages. Using accounts that mimic the company one’s crooks can outreach people with relevancy. We are used to sharing a lot of information about ourselves on social networks, thus it is not a tough question to find out if you are using Binance or not. In Twitter, after the recent changes in its administration, it became even easier to counterfeit official accounts. Acting as support managers, they can easily deceive a huge number of people.

Do not trust links on the Internet. Wherever you find them – in emails or in someone’s forum post, they should not be trusted. They may look legitimate, but don’t be haste with typing your credentials or other sensitive data. First, check the URL address: if it contradicts with the contents (i.e. 1281300913.weebly.com and a PayPal login page) – close it immediately. Crooks are extremely good at copying login pages and setting up phishing traps for unsuspecting users.

The post Binance US Ban Scams Incoming: What to Expect? appeared first on Gridinsoft Blog.