Hello all,

Today I received a ransom email. The attacker claims to have infected my mobile phone with malware which was installed on a pornography website. The attacker further claims to have taken control of my phone's front-facing camera and also captured screen footage of pornography videos being watched. Finally the attacker claims to have captured my address book contents and is threatening to send the embarrassing video footage to friends and colleagues unless ransom to the tune of $1,000 (in BTC) is paid within 48 hours.

Now, I am lucky here on two counts. First of all, I have not visited pornography websites on my mobile phone. So the claim is fake in my case before it even gets off the ground. But second, a competent computer enthusiast (probably >90% of users on here) can tell that the message is fake by some of the absurd claims that are made within it. For example, the attacker claims to have emplanted a unique pixel in the message which has alerted him* to the fact that I have read the mail. Yeah, OK.

Here is the ransom email:







Now, one thing I obviously ask myself is: where did the attacker get my information from? He has my email address, and the last four digits of my mobile number in the ransom email are correct.

Well, it could be from anywhere. It could be that a friend's phone or computer has been compromised with malware and since they have both my email address and phone number, now the attacker has my email address and phone number.
It could also be that a company has been attacked and my information has been leaked to criminals.

Now, that last point is interesting because I received an email from Currys customer service a few days ago admitting that 10 million of their customer's details had been compromised by unknown attackers.
I responded to Currys and thanked them for being honest, but requested that they delete all my personal information from their servers and I told them that I would deny any future requests for my personal information when purchasing products. Have you ever experienced that?
You go in there to buy a hard drive and they want to know your email address, your phone number and your mail address. It always feels like it's a requirement of sale, and most people (myself included) tend to comply. Well, not anymore. This is a principal I am going to adopt not just for Currys, but for all similar circumstances. My private information is on a need-to-know basis from now on. Companies cannot be trusted with my private details.

Here is the email from Currys:





I checked the bitcoin address and it looks like this trick has already claimed a sucker. In fairness the email is persuasive for the average cpmputer user and I imagine that receiving it would be very stressful for someone who knows they've visited pornography websites on their mobile phone. The thought of their friends and family receiving the video footage.... it's horrible. Some people will pay out of sheer desperation.

Last edited by BrianHoskins on 27-Aug-2018 at 01:51 AM.
Last edited by BrianHoskins on 27-Aug-2018 at 01:43 AM.
Last edited by BrianHoskins on 26-Aug-2018 at 10:58 PM.
Last edited by BrianHoskins on 26-Aug-2018 at 10:56 PM.
Last edited by BrianHoskins on 26-Aug-2018 at 10:53 PM.
Last edited by BrianHoskins on 26-Aug-2018 at 10:48 PM.

@BrianHoskins

I've had a gazzilion of these. Some of them actually had an old password I used on a number of sites as "proof" of legitimacy. Though quite a few also had that field in the email blank as well. Thankfully I don;t use that password anymore, but as I uswed it in a number of places I can't tell which site may have been compromised to leek data.

It's a particularly unpleasant form of phishing.

The "pixel" in the email thing is not so outrageous a claim actually if your are reading in HTML there could easily be a hiden image. But in reality the whole things is abluff.

_________________
BroadBlues On Blues BroadBlues On Amiga Walker Broad

@broadblues

Thanks for the response! I didn't realise this was so widespread. I've had SPAM before of course, but this is the first time I've received one in the form of a ransom email. In fact this is the first time that I'm receiving any SPAM on my main email account - generally I use a junk email address for signing up to websites so that I avoid this very issue. But sometimes I do give out my real address, as in the case with Currys. Probably I was expecting to receive genuine mail from them about an order or something.

I'm not blaming Currys by the way; it's probably a coincidence that their admission comes at the same time as this mail. But this is the way your details get out there into the open. Someone else's computer or server is attacked and your information is leaked.

I guess now that mine is out there, I can expect to receive more SPAM to this account in the future

Good point about the email image. I guess they can implant a unique image in each email, then when they see that the image has been accessed on their server they know you've read the email. I've never thought of that before!!! I've been working with the understanding that I don't reply to the SPAM, I don't get noticed by the spammers. That might not be a safe assumption!

Last edited by BrianHoskins on 27-Aug-2018 at 11:47 AM.

@BrianHoskins

Tracking html email opening by embedding an image which has a URL query back to a server somewhere used to be the most common way of doing just that.

However it's still nonsense. What interests me is how a mobile browser might be coopted into viewing dodgy content in the background and getting into your history that way. The amount of unwanted crap bundled into every web page these days is unbelievable.

_________________
Doing stupid things for fun...

My cell phone camera has a piece of duct tape over it. Anyway, I don't visit sites like that.

The funniest email spam I ever received was a query as to how many spare shipyard cranes I might have for sale. I've never worked at a shipyard nor have I ever had any cranes to sell.

@Karlos

I used to have HTML turned off by default in my email client. I think I'll go back to that!
But the browser is a different story, you're forced to leave much of the modern functionality turned on if you want to experience the modern internet in the same way as everyone else. And that leaves you open to a lot of vulnerabilities, as you have pointed out.

I once visited a website which was able to completely lock out my computer from the browser!

@JimP

Me too! I didn't want to be seen as paranoid so I wasn't going to volunteer that information. But yep, I have a small circular sticker over my front-facing camera.
On my previous phone I took it apart and removed the front-facing camera, but I found that it's occasionally useful to have the camera in place so on my current phone I just put up with the sicker.

It's surprising how much access is demanded by mobile phone applications. It's all very well giving you the options to approve, but when pretty much every application requests pretty much full access as a pre-requisite, it's not much of a choice in the end.

The scammers have claimed another sucker, and they've already banked their loot.




If you trace the transactions they end up at an address with 50 BTC in it. If that is all sucker money, they're earning a mint from it

Last edited by BrianHoskins on 27-Aug-2018 at 09:50 PM.
Last edited by BrianHoskins on 27-Aug-2018 at 09:46 PM.

@BrianHoskins

More than likely some of the victims have viewed things they don't want other people to know about and as a consequence have fallen for it.

There are data breaches every other day it seems. With the amount of info most sites, shops and other services seem to want to hold about you, it's inevitable your personal data will end up in the hands of criminals. At the very least they can use it to commit extortion like this. Not much effort and a big return if you can throw meeelions of emails out via a rented botnet.

_________________
Doing stupid things for fun...

I've done tech support, and assisted the network people in letting them know about suspicious activity. I have seen emails that pretended to be from the corporate office, a coworker, etc.

Its better to have some security measures, than have none.

The problem with data breaches is that some companies fail to keep their server security updated. I have been lucky in that my employers over the years listened to IT when my coworkers wanted to strengthen server and network security.