This year saw a new form of greenmail: emails sent to you containing a password of yours stolen from a compromised site. I saw the first one of these literally an hour or two before boarding a flight to Manchester UK to speak at the SQL Saturday there. My wife received it.
They often take a form similar to:
As you may have noticed, I sent you an email from your account.
This means that I have full access to your account: On moment of hack your account has password: Tel3phone!
You say: this is the old password!
Or: I will change my password at any time!
Yes! You’re right!
But the fact is that when you change the password, my trojan always saves a new one!
I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence.
Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this, transfer the amount of $745 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).
My bitcoin address (BTC Wallet) is: 19Q4HZtCznuBGcuWng7cacwqZV13gNpZas
After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.
Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.
If I find that you have shared this message with someone else, the video will be immediately distributed.
I actually LOVE this form of greenmail because I suspect it’s highly effective. I’m also amused because the above (edited) email came with the subject: Security Alert. You account has been hacked. Password must be need changed. It then goes on to tell you that even if you do change your password, the hacker can read it. I’m also amused because the faux hacker’s concept of my time at the computer sounds FAR more exciting than what I actually do at the computer (and of course the fact I don’t keep my webcam plugged in!)
When confronted with a password that the user recognizes, I’m sure folks pay up. But, don’t. Yeah, it’s probably a password of yours, but it’s almost certainly from a site that was hacked months previously and has nothing to do with your email, current account, etc. You can easily find lists of email addresses and passwords online, especially if you’re willing to pay.
In the case of the above password (changed to be extra safe, but even if I hadn’t it most likely wouldn’t matter in this case) I know what service was hacked. Fortunately I only used that password on that one site and it had no financial data associated with it.
That said, again don’t use obvious passwords. In fact effective password systems would incorporate a list such as the one here: Worst 25 passwords of 2018. If you’re using a password on this list: SHAME on your.
The takeaway: If you haven’t, for 2019 make a New Years Resolution to use UNIQUE passwords for every site you use, use a password manager to remember them, and do NOT make them obvious or easy!
Pingback: Security: Close isn’t good enough! | greenmountainsoftware