Some days ago checking my email inbox I found in the spam section an email that caught my attention Well, in the title it said "Hello, your password is xxx" so at that moment I focused on him, since at that moment he puzzled me, but also curious because I it explicitly indicated a password that it used on a website.
The truth was I thought I would just put it aside, but given the situation we find ourselves in and see that several people have already paid, simply I decided to contribute a grain of sand, since they try to take advantage of people in a situation as delicate as the one that is being lived.
In those moments when reading the mail the first that It came to my mind were two possible scenarios, one where it is basically a person with minimal knowledge and is being tested to see how far it goes or is a phishing campaign automatically taking data and inserting it into a template.
Later threatened to leak collected information obtained by inserting malware into my web browser and taking control of it and my webcam, I collect contact information from "Facebook", "Messenger", mail, etc.
And well here right now I got a smile because in addition to being a scam campaign It hit me right in the heart, because several months ago the Facebook lords made the decision to close my account and give me a definitive ban from the platform, since Junkin Media, a supposed company that buys the rights to everything that they consider viral and is dedicated to claiming rights to memes, viral videos, etc. So be it a second or an image ... but hey, that's another story.
Seeing this simply in my head I happened to answer him and say "come on boy, if you recovered my Facebook account and accessed my contacts I offer you more ..." but hey just pass by ignoring at the end and I will not give the person more rope or group of people behind.
Already explaining a little, now I'm just going to share a quick analysis and that maybe it can be of use to someone else and perhaps to those who do not have some knowledge about these types of scams and may panic.
Firstly, the mail is presented as follows:
Investigating a bit if a similar type of campaign had already been denounced or talked about, I find that the body of the email is identical except for some details, which are:
- Enter your email or website username
- Indicate a password used from that email or that website
- And they ask you for a different amount to pay in dollars, but asking for the deposit in bitcoin
For some the mail could make sense and they could be alerted as it contains data that in theory will have to be confidential.
But if you take your time basically by reading the mail you can tell that it is a scam And it is simply because when someone really wants to extort you, they not only give you a password to use or a username, they present you with proof information (photos, videos, text etc.)
In addition, it is not directed towards you simply quoting your email and a password used if "supposedly" I already collect information from you, at least to make the matter more credible I should indicate your name or the most personal one.
Finally, If you use a password manager and look for that password, you will see that on which website or if you use it on websites (and that is why the recommendation is always made that different passwords be used as well as combining it with two-factor authentication if possible).
By knowing which site or websites use that information, you can investigate further if possible, such as accesses, IP addresses, devices, etc.
Lastly, if you take advantage of services like Firefox Monitor You can verify which websites have suffered from information leaks just by entering your email. With this you can also see what information was leaked and take action.
No more I hope this can be useful or someone you know And if you have received the same type of email, do not hesitate to share this information and prevent people who do not have knowledge from being scammed.
More cases of the same type of mail: https://www.bleepingcomputer.com/