Archive | September, 2018

[OLD PASSWORD] – Victim, Scam (9-28-18)

The following is a variation of a sextortion scam. The scammer uses an older password of the victim, taken from an old data dump, to appear as a more legitimate threat. The advice for handling an email like this is the same advice for all sextortion scams, ignore and delete the emails. The scammer does not have a video of you.
—————————————————————————————————-
[Some information has been redacted to protect privacy]

From: Lamb Boxer dutcostavck@outlook.com
Date: September 27, 2018 at 11:24:20 AM EDT
To: “victim@vcu.edu” victim@vcu.edu
Subject: Victim- [Old Password]

[Old Password] i​​s yo​​ur pass. L​​ets g​​et di​​r​​ectly to​​ po​​int. No​​t a​​ si​​ngle perso​​n ha​​s comp​​ensa​​ted me to​​ ch​​eck you. Yo​​u do no​​t kno​​w me a​​nd yo​​u ar​​e mo​​st li​​kely thi​​nking why you’r​​e g​​etting this ma​​i​​l?|You ma​​y no​​t know m​​e a​​nd you’r​​e pro​​ba​​bly wo​​nderi​​ng why yo​​u a​​r​​e g​​etti​​ng this ​​e mai​​l? No​​ on​​e has co​​mp​​ensa​​t​​ed me to investi​​ga​​te yo​​u.}

i​n fact, i actually pla​​c​​ed a​​ ma​​lwar​​e o​​n th​​e adult vi​​ds (po​​rnography) w​​eb si​​te a​​nd gu​​ess wha​​t, yo​​u visi​​t​​ed this sit​​e to​​ ​​experi​​enc​​e fun (yo​​u kno​​w wha​​t i​​ m​​ean). Wh​​en yo​​u w​​er​​e vi​​ewi​​ng vi​​d​​eo​​s, your w​​eb brows​​er i​​niti​​a​​t​​ed wo​​rki​​ng a​​s a​​ R​​emote D​​esktop wi​​th a​​ k​​ey logger whi​​ch pro​​vi​​d​​ed m​​e a​​cc​​ess to yo​​ur di​​spla​​y a​​nd w​​eb ca​​mera​​. imm​​edia​​tely a​​ft​​er tha​​t, my so​​ftware co​​ll​​ected a​​ll yo​​ur contacts fro​​m your Mess​​eng​​er, FB, a​​nd ema​​i​​l . N​​ext i​​ cr​​ea​​t​​ed a​​ doubl​​e vi​​deo​​. 1st pa​​rt shows th​​e vi​​d​​eo​​ you w​​er​​e watchi​​ng (yo​​u ha​​v​​e a go​​o​​d ta​​ste lo​​l . . .), and 2nd pa​​rt sho​​ws th​​e r​​eco​​rdi​​ng o​​f yo​​ur w​​ebca​​m, a​​nd its yo​​u.

Yo​​u ha​​v​​e go​​t two a​​lt​​erna​​ti​​ves. We are go​​i​​ng to​​ ch​​eck out th​​ese typ​​es o​​f so​​luti​​ons in deta​​i​​ls:

V​​ery first choi​​c​​e i​​s to​​ disr​​egard thi​​s ​​e ma​​i​​l. i​​n thi​​s si​​tua​​ti​​o​​n, i am going to​​ s​​end o​​ut your vi​​d​​eo clip to just a​​bo​​ut a​​ll o​​f yo​​ur p​​ersona​​l co​​nta​​cts and co​​nsi​​der rega​​rdi​​ng the sha​​m​​e tha​​t yo​​u r​​ec​​ei​​ve. and a​​s a​​ co​​ns​​equ​​enc​​e i​​n ca​​se yo​​u are in a​​n a​​ffai​​r, how this wi​​ll a​​ff​​ect?

2nd choi​​c​​e wi​​ll b​​e to​​ co​​mp​​ensa​​t​​e m​​e $3000. L​​et us refer to​​ i​​t a​​s a​​ do​​na​​ti​​o​​n. Then, i​​ mo​​st c​​ertai​​nly wi​​ll promptly ​​elimi​​nate yo​​ur vi​​deo​​ fo​​o​​ta​​ge. Yo​​u will go​​ fo​​rward daily li​​f​​e li​​k​​e thi​​s n​​ever ha​​pp​​en​​ed a​​nd yo​​u wi​​ll no​​t ever h​​ea​​r ba​​ck a​​ga​​in fro​​m me.

Yo​​u will ma​​k​​e th​​e payment via​​ Bitcoi​​n (if yo​​u do​​n’t kno​​w thi​​s, s​​ea​​rch fo​​r ‘how to buy bi​​tcoin’ i​​n Go​​o​​gl​​e sea​​rch ​​engi​​n​​e).

BTC a​​ddr​​ess to s​​end to: 1JRb7gPTtHZfk8zPxXNCG5chGvbHdqPd
[cas​​e-S​​eNSi​​Ti​​V​​e co​​py a​​nd pa​​ste i​​t]

i​​f yo​​u ha​​v​​e b​​e​​en thi​​nki​​ng of go​​ing to the co​​ps, v​​ery w​​ell, thi​​s ​​emai​​l ca​​nno​​t be trac​​ed ba​​ck to​​ me. i ha​​v​​e co​​v​​er​​ed my mo​​v​​es. i​​ a​​m no​​t lo​​o​​ki​​ng to​​ d​​ema​​nd so​​ much, i​​ si​​mply pr​​ef​​er to b​​e pa​​i​​d. You now ha​​v​​e o​​n​​e da​​y to​​ pa​​y. i​​’v​​e a​​ sp​​eci​​a​​l pix​​el within this messa​​g​​e, a​​nd now i​​ kno​​w tha​​t you hav​​e r​​ea​​d thi​​s m​​essag​​e. i​​f i​​ don’t g​​et th​​e Bi​​tCoi​​ns, i​​ wi​​ll c​​ertai​​nly send yo​​ur vi​​d​​eo​​ to a​​ll o​​f yo​​ur co​​nta​​cts includi​​ng m​​emb​​ers o​​f your family, cowo​​rkers, a​​nd ma​​ny o​​th​​ers. N​​ev​​erth​​eless, i​​f i do​​ g​​et pa​​id, i​​ wi​​ll ​​era​​s​​e th​​e vi​​d​​eo ri​​ght a​​wa​​y. if yo​​u wa​​nt ​​evid​​enc​​e, r​​eply wi​​th Y​​ea​​h! a​​nd i​​ wi​​ll c​​erta​​i​​nly s​​end yo​​ur vi​​d​​eo​​ r​​eco​​rdi​​ng to​​ your 7 fri​​​​ends. i​​t’s a​​ no​​n:nego​​ti​​a​​ble o​​ff​​er a​​nd thus pl​​ease do​​n’t wast​​e my p​​ersona​​l ti​​m​​e & yo​​urs by respo​​ndi​​ng to​​ thi​​s ema​​il.

Comments Off on [OLD PASSWORD] – Victim, Scam (9-28-18)

Hi Victim, Scam (9-27-2018)

The following is a scam in which the scammer is posing as a high ranking VCU employee. The scammer is asking the victim to send over gift cards for a client. The victim is then expected to send over the gift card information to the scammer.

Some signs that this is a scam are the fact that the email is being sent from an outside account, a non-vcu account. The scammer also does not mention how much is needed. Also it is unusual to pay a vendor with steam gift cards. Another indicator that is a scam is the poor grammar. If you have received this email please ignore and delete it.

—————————————————————————————————————————————————–
From: Director dm4309318@gmail.com
Date: Thu, Sep 27, 2018 at 10:01 AM
Subject: Re: HI VICTIM
To: Victim victim@vcu.edu

Kindly do these for me… It’s very important and urgent to me..I’m in
a meeting and i will not be able to talk to you on phone.I will need
you to please run an errand for me at the store now,I need steam
wallet gift cards to send out to some client, can you confirm if you
can get some? Will want you to make arrangements to get the gift cards
so i can advise certain product and denomination to procure,Take the
picture of the card and send here.Thanks

Comments Off on Hi Victim, Scam (9-27-2018)

PAYMENT PROCESS, Scam (9/24/2018)

The following is a scam in which the scammer is posing as an VCU employee. The scam appears to come from the VCU victim but actually is from another account. This shows once the user forwarded the email.

When you receive an email like this, is to message the person who allegedly sent the email via another means (Phone call/ alternative email/ Instant message) to confirm that they sent this email. If you do not know the person in the email, ignore it. You should also examine all parts of the email carefully – you might noticed something off such as the reply-to address being different than the From: address.

If you have received an email like this please delete it.
———————————————————————————————————

From: VCU Employee/AC/VCU* victim@vcu.edu
Reply-To: VCU Employee prezfash001@yahoo.com
Date: Monday, September 24, 2018 at 10:46 AM
To: Victim* victim@vcu.edu
Subject: PAYMENT PROCESS

Hi Victim,

I need you to process a payment to a vendor. E-mail me back if you will be available today so as to detail you with information.

Regards

VCU Employee.

Sent from my iPad

* Names have been redacted to protect identity of victims/ impersonated people.

Comments Off on PAYMENT PROCESS, Scam (9/24/2018)

Did you attempt to log into my Facebook by accident? Scam (9/17/18)

The following is a scam in which the scammer is trying to trick the victim into logging into a clone Facebook page. If the credentials are entered then the scammer will have control of the victim’s facebook.

You can tell this is a scam based on the email address used and the non-facebook link in the email body. If you have received an email like this please delete it.
————————————————————————————————————————————-
From: PMO sue.collins@richmondrep.us
Date: Thu, Aug 30, 2018 at 8:27 AM
Subject: Did you attempt to log into my facebook by accident?
To: victim@vcu.edu

Was this you …..?

We have detected an unauthorized login attempt. 10 or more incorrect passwords in a row were attempted. Please log int to veify any changes.

162.209.3.163:80/InvalidAttempt

Comments Off on Did you attempt to log into my Facebook by accident? Scam (9/17/18)

Extortion scam (9/5/2018)

The following scam attempts to extort its victim by claiming that the scammer has compromising videos of the victim. Scams like this are becoming widely used by scammers to trick their victims into paying money. If you received an email like this, then please discard it.

______________________________________________

From: ligitame1973@zipmail.com.br <ligitame1973@zipmail.com.br>
Date: Wed, Sep 5, 2018, 8:01 PM
Subject: XXXXXX, We know what you did this summer
To:

Hi, my dear friend.

There is a specific porno website that you have surfed just a while ago.

Keep your cool though! You are not the first one to get into this clusterxxxx, but still there are chances for recovery.

When you have navigated to the web page, your browser downloaded the trojan. It is lame, I know…

The virus documents all that you complete on your computer and saves the cookies of web sites that you navigate to.

But the most principal part is that our trojan switches on your webcam and gets all your connections from your mail. Yes, we’ve got access to your online mail and all of your social media. It is already done! Truth is, I got my hands on a recording, where you are clearly seen without your clothes and xxxxxx xxx.

If you would like this data to remain in secret, and do not want me to share it with your siblings, buds, fellow workers, on mainstream sites and publications, or on the WWW in general, then there is a way out.

Here is the bitcoin address 1JpPvcvgVzy4Y88bYiaQ5YXaqe3NyFpBvh – you must transfer 600 usd sum.

Once I confirm the remittance of BTC, I will erase the specified stuff, and I will not pester you again.

Unless I pick up the specified sum in a period of 24 hrs starting from now, I will hand out your vulgar recordings to your folks, acquaintances, and fellow workers.

Additionally, I will fabricate a meme out of your videos, and will circulate it on social media with your face on it.

Comments Off on Extortion scam (9/5/2018)

2018 Cyber Threat, Scam (9/5/2018)

The following is a sextortion scam in which the scammer is claiming they have footage of the victim view some adult material. This is a common scam in which the scammer hopes the victim will be shamed into sending them money, otherwise the scammer will leak the video to all of the victim’s friends.

The scammer does not have a video of the victim and is hoping the victim will be too embarrassed and just send over money to save themselves. The best course of action is to ignore and delete the email.

———————————————————————————————————————
From: cchoi1951@zipmail.com.br
Date: Wed, Sep 5, 2018 at 1:02 PM
Subject: Victim, 2018 Cyber Threat
To: victim@vcu.edu

Good day, mate.

There is a certain erotic web page that you have checked out just a while ago.

Kick back though! You are not the first one to get into this tricky situation, but still you can recover from it.

When you have visited the website, your browser saved the trojan. It is disheartening, I know…

The trojan records every little thing that you perform on your PC and saves the cookies of web pages that you browse.

But the most chief part is that our malware activates your webcam and gets all your friends list from your email. Yes, we’ve got access to your email and all of your social profiles. There is no way out! As a matter of fact, I got hold of a video, where you are clearly seen naked and masturbating.

If you wish this video to remain classified, and do not want me to share it with your relatives, friends, fellow workers, on known websites and posts, or on the World Wide Web in general, then there is a chance that we can work it out.

Here is my bitcoin address [Redacted] – you have to pay 700 dollars amount.

Once I check the remittance of bitcoin, I will wipe out the mentioned data, and I will not extort you ever again.

Unless I get the designated sum within 24 hours starting from the moment you read these lines, I will deliver your vulgar videos to your family, companions, and colleagues.

Furthermore, I will compose a meme out of your recordings, and will populate it on social networks with your face on it.

Comments Off on 2018 Cyber Threat, Scam (9/5/2018)

[Empty Subject], Scam 9/4/2018

The following is a scam in which the scammer is attempting to establish communication with the victim. Once the victim reaches back out to the scammer, the scammer will request information from the victim which will be used to impersonate the victim down the line.

If you see this email or one like it, please delete the email.
———————————————————————————————

From: Danny tate [dantate190@gmail.com]
Date: Tue, Sep 4, 2018 at 7:27 AM
Subject:
To: victim@vcu.edu


Hii…

Comments Off on [Empty Subject], Scam 9/4/2018