Patch Lady – do they think this will work?

Topic

New Reply

Over the weekend here at the office nearly every mailbox (including ones that aren’t public) got “I saw what you did and now send me bitcoin” threaten
[See the full post at: Patch Lady – do they think this will work?]

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

Elly, abbodi86, Nibbled To Death By Ducks, Pepsiboy, woody

Reply | Quote

Replies

I’ve gotten calls for the last few weeks from many clients in a PANIC! I notice this new round is sent as an image to bypass spam filters. First thing I point out to most of them is they don’t even have a camera on their machine! That usually makes them feel better 🙂

On a side note, I’ll be sure to wear rubber gloves when working on their systems 🙁

1 user thanked author for this post.

SueW

Reply | Quote

[pHROZEN gHOST]

There are so many scams out there now that I refuse to pick up phone calls from numbers I do not recognize. I also delete email from anyone I do not know and I am vigilant about what I get from those I do know … those that come from an unreal address are obviously scams.

And, in Canada, people are even getting mail from someone claiming to be CRA regarding taxes owing. They even  use the CRA’s letterhead.

Best rule of thumb, everything is a $cam until you have proof otherwise.

Byte me!

• This reply was modified 5 years, 9 months ago by pHROZEN gHOST.

Reply | Quote

As long as some people are willing to give personal information to a complete stranger they will likely be successful to some degree.

I’ve had a few people receive that. I couldn’t help but chuckle a bit when I see those. One was an elderly lady who would never be involved with the activity the email claims. I can’t resist giving those people a bit of a hard time about what they have been doing on their computer before I tell them to disregard and delete.

Any business should now have some sort of training regarding email usage or they will likely pay the price eventually.

I think it was the city government of Baltimore got infected with ransomware a week or so ago due to someone opening a malicious email which spread to others. They had to shut down their entire network to prevent further damage and are now struggling to get things back in order. A little training could have prevented that.

Red Ruffnsore

Reply | Quote

Don’t forget that Steve Ballmer’s PC got infected by the ILOVEYOU virus, when he opened an infected message sent to him by Bill Gates.

3 users thanked author for this post.

Elly, gkarasik, Great Lake Bunyip

Reply | Quote

I have been getting the same kind of email where I do some voluntary work. They have been coming for some three months or more with some variations in the text.

They say that they can see me on my camera (we don’t have one), they infer that they have the dirty pictures I have been accessing on the internet, and threaten to send them to my wife and family if I do not pay up in bitcoin.

The flood of this type of email seems to be easing off now but a new flood of emails is now coming. Prostitutes soliciting business by email.

They must get enough out of these scams otherwise they would not do it. I do not know how to stop them as the normal filters do not work.

Just got to be careful.

mbhelwig

Reply | Quote

woody wrote:

Don’t forget that Steve Ballmer’s PC got infected by the ILOVEYOU virus, when he opened an infected message sent to him by Bill Gates.

so: it’s all selling puters & services ?    🙁

* _ ... _ *

Reply | Quote

I am not sure what the Patch Lady means by: “ merely providing the bitcoin wallet number to your attackees isn’t a good way to ensure you will be paid. ” But, then again, I’ve never transacted a payment using bitcoins.

The scatter-shot approach to extorting money would pay off, even if modestly — or not — depending of what the risk to the attacker might be. How likely is that the authorities will find these attackers and arrest them?

A date written “not the US way” (dd, mm, yyyy instead of mm, dd, yyyy) does not necessarily mean the attack is not real. The Internet connects different countries, so all the date system used in the threatening letter might mean is that the attackers, and their attack, while real, are not from the USA.

Finally, about the “we have pictures of you doing…” threats: while I doubt there will be ever a picture taken of me in some compromising situation (I live a rather proper and, so, boring, life), photos these days can be digitally edited to produce images of startlingly apparent realism. So, when not in use, I keep the cameras’ pinhole lenses on top of the screens of my two laptops covered with a little piece of duct tape, and the internal microphones turned off. Nothing to see here, nothing to hear, but all the same… Of course, an attacker able to plant the right malware in one’s machine could turn the speakers on again without this being noticed. But still there will be no pictures, and those are, for the attacker, the most interesting prizes, I would imagine.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

The best 2 prevention methods are adding a spam filter and training the users.

Reply | Quote

OscarCP wrote:

I am not sure what the Patch Lady means by: “ merely providing the bitcoin wallet number to your attackees isn’t a good way to ensure you will be paid. ” But, then again, I’ve never transacted a payment using bitcoins.

I think her point is that it is significantly complicated for a first time bitcoin user. Obviously the type of individual who might fall for their ploy also probably isn’t the type who would be able to figure out what to do in order to send bitcoin.

Image or Clone often! Backup, backup, backup, backup......
- - - - -
Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

1 user thanked author for this post.

OscarCP

Reply | Quote

Thanks for clarifying that point, RockE.

So it all really comes down to the answer to this question: how likely is it that such a scatter-shot approach to extorting people will hit enough susceptible marks that either know how to pay in bitcoin, or know someone who does and is willing to “help” them out; and, for the attacker, does the corresponding expectation of gain sufficiently exceeds the likelihood of being caught for carrying out the attacks?

Since, as already explained, I am not familiar with bitcoin transactions, also I cannot rule out that giving detailed enough instructions as to how to make the payment might not provide information that would reveal who the attacker is.

In last analysis, same as just about everything potentially rewarding in life, whether it is rewarding in a good or a bad way, it is all about playing successfully the odds, or just getting plain lucky enough times, is it not?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

[The Surfing Pensioner]

Yes, these would-be criminals are a laugh a minute. Today I received an e-mail purporting to be from TV Licensing to say that it had not been possible to renew my licence by direct debit (I have never paid my TV licence by direct debit and it doesn’t expire anyway for another four months) from an e-mail address “@girlpower.com”. I mean come on!

• This reply was modified 5 years, 9 months ago by The Surfing Pensioner.

Reply | Quote

Susan Bradley wrote:

Over the weekend here at the office nearly every mailbox (including ones that aren’t public) got “I saw what you did and now send me bitcoin” threaten
[See the full post at: Patch Lady – do they think this will work?]

Susan,

I,too, have been hit with similar e-mails in the last month or so. Simple problem, simple solution.  DELETE WITHOUT OPENING. Sorry for the all caps. Not yelling, just emphesizing. ( I hope I spelled that right.)

Dave

Reply | Quote

I not only receive, now and then, emails such as Susan’s, some are even in Greek! Recognizable as threats of some kind to be avoided by paying in bitcoin, because of a few English words here and there. Hypothesis: I know some Greek people, and maybe the mails are coming from one of their computers, with my email address kept in the email client, and now infected with malware that makes them part of a botnet?

My email service flags them as “junk” and when I open the “Junk” folder, there they are! I delete them right away.

My email service is also prone to flagging as “junk” some receipts for payments that are sent to me by email, the emails from a Japanese friend that lives in Nagoya, and those of others that it likes to pick on for its own reasons. But it does a good job with those Greek ones.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

? says:

i get spam\scam mail every day since my provider decided to monitize auto bounce last summer. i open the headers in several different spam email header readers and look at the originating senders by ip address and dns. i get a daily world blacklist tour courtesy of the folks who just can’t seem to find (or disdain) honest work. They are mostly originating from Africa, Europe, Turkey, and the former Soviet Union. Don’t know what happened to delevery from South America i used to get loads of them from there. Once the subterfuge is stripped away by the header dissectors it appears that they prefer using google mail and amazon for the most part to serve up their slop…

Reply | Quote

? says:

e.g. ( provider wants $’s to keep this **** off my box)

today’s sample:

from: ip 195.151.109.185, NS: hostingtake.com, ISP: SilverCom.RU.ltd, (Yaroslal Oblast Russia)

Reply | Quote

It’s proof positive you have to be stupid to try to be a scammer. Now don’t teach them how to do it better!

Here’s some food for thought…

I sometimes rant against the publication of “proof of concept” exploit implementations. People tell me, “Oh, no no it’s worth it to force the hands of big business“.

[Nonsense].

Big business is going to do whatever they want no matter what. They are not driven by a conscience.

But consider the number of scammers who are now copying this stupid “we have a recording of you…” scam. How many do you think try to copy those PoC malware exploits? Bad people, besides not being that smart, are also not that creative.

-Noel

3 users thanked author for this post.

Nibbled To Death By Ducks, OscarCP, RockE

Reply | Quote

I especially love the ones that use hopelessly old/outdated/defunct tech branding.

Nathan Parker

Reply | Quote

[Nibbled To Death By Ducks]

Thankfully, my ISP is NOT my email provider, but my web host is; I have noticed a 95% reduction in SPAM/Malicious emails since I switched from having my ISP handle my mail. These guys are good, give you great tools (graylisting, etc.) with which you can slowly throttle the parameters down to the point where you’re just not getting this garbage, just the legit stuff.

Ty it if practical, folks. The Big Boys just don’t give a toot.

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

• This reply was modified 5 years, 9 months ago by Nibbled To Death By Ducks.
• This reply was modified 5 years, 9 months ago by Nibbled To Death By Ducks.

Reply | Quote

The scams coming from random sources are a bother but not a particularly severe problem really.

What is more of an issue is the occasional smarter crook managing to get their hands on someone’s legitimate mailbox credentials, making that mailbox the *source* of more scams. Also they grab your address book right away… and anything else they find. Which is a real bother with the modern integrated cloud services where you can get everywhere with the single authentication…

REALLY recommend multi-factor authentication.

Reply | Quote

[Alex5723]

I am sure many home users will fall for Microsoft’s Windows 10 pop-up ads notifying a PC virus…regarding the ads as coming from Microsoft.

Ads in Windows 10 apps may open deceptive webpages

Windows 10 users who run ad-powered applications on their systems may be targeted by deceptive and fraudulent campaigns that make them believe that their PC is infected or that they have won an iPhone currently…

https://www.ghacks.net/2019/06/03/ads-in-windows-10-apps-may-open-deceptive-webpages/

• This reply was modified 5 years, 9 months ago by Alex5723.

Reply | Quote

The reason for all the poor spelling and incorrect date formats is NOT sloppy work.

The reason these fake “ransom” emails are so poorly written is to VET THE RESPONDING USERS.  The scammer does NOT WANT smart people to respond.  It would be a waste of their time, as the scammer will never be paid.

They prefer to target the “more vulnerable” by making the scam obvious.  That way any reply is likely to be from someone dumb enough to pay them.

Reply | Quote

gkarasik: Interesting point! Although… I am not all that sure that smart people won’t fall for a well-presented scam. Such as a carefully written email, perhaps mimicking a message from someone believable.

Why people, including very intelligent people, may fall for scams? There are two very powerful basic drives of human behavior that most scammers use: anxiety and greed. They either will, first scare their potential marks with the dire warning of some kind of personal hazard, then promise to take care of things so the feared thing goes away. Or promise to make their fortunes in some unclear but smart-sounding way. For this to work, they will require some form of payment, ransom, in the case under discussion. Not a nice scam, but it fits the general description as in “pay us and we’ll remove this threat from your life.” In other words: give us money, and your problem will go away. Even if the problem is “us.”

But do smart people fall often enough for clever scams to be worth the scammers’ time to try and trick them? Well, the best person to ask about this, in my opinion, is Bernie Madoff. Unfortunately out of reach, at the moment.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

[doriel]

Internet has become the paradise for ads, malware and viruses. They usually try to scare users, so they click that bait for them.
Or why should I pay for NOT TO SEE ADS on webpage? This is sick. Did you saw Black Mirror TV series?
But it begins with webpages, that force you to click 25 times on the ‘NEXT’ button if you want to finish your reading.
Second type of scums are links, that promise to fix some issue by dowloading payed SW. For example you type into google, that excel crashes on saving graph. Webpage snoops your problem definition and creates a button ‘FIX EXCEL CRASHING ON GRAPH SAVE’. If you download and pay for that program, it just scans your registry and says ‘fix complete!’ – but the isuue remains.
I understand that some hackers try to pick our pockets, but I feel more concerned abou “software companies” that are developing these apps officially, or lets say, legally.. hmpf…

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

• This reply was modified 5 years, 9 months ago by doriel. Reason: forgot to mention Black Mirror

Reply | Quote

I think people in Africa should read some Kevin Mitnick…

The answer to your Why are these emails so bad is here, Susan. Meanwhile in spamming Africa… (Yes, this is real!)

https://www.youtube.com/watch?v=o26Eks801oc

And also regarding spam humour, this guy started replying to scammers and this is the fun he had:

https://www.youtube.com/watch?v=_QdPW8JrYzQ

Reply | Quote

I tried to reply to the email message from one of these scam emails. It replied right back into my In Box. These folks don’t want a reply. They are only interested in people so stupid or so guilty that they will send the Bitcoins on a knee-jerk reflex reaction.

I see nothing funny about this kind of activity, on the Net, through the US Postal Mail or by phone.

-- rc primak

Reply | Quote

? says:

is that why some (most) of the headers contain 120.0.0.1? does it send replies back to the person replying? i’m not laughing either. once upon a time i used to print the headers until they figured out how to empty my ink tank…

Reply | Quote

Sorry, by any chance do you mean 127.0.0.1 instead of 120.0.0.1?

The information about 120.0.0.1 leads to China:

https://www.infobyip.com/?ip=120.0.0.1

so I think you actually tried to mean 127.0.0.1. Or am I missing something here? Thanks.

Reply | Quote

Headers are often spoofed in spam so are meaningless.
127.0.0.1 is the loopback address of any machine – a self check if you like. Ignore that in any header.

cheers, Paul

1 user thanked author for this post.

Elly

Reply | Quote

One email threatened to reveal all the porn I’d been watching to the world. I’m hoping they will. I want to see it too.

GaryK

3 users thanked author for this post.

Elly, OscarCP, rc primak

Reply | Quote