Saturday morning, not too early, on account of the party the night before, I check my email. Not happy to discover my business partner’s email has been hacked! Given we host the email, very much unhappy about it. In fact I had to spend more than 10sec to work out that it’s a scam. What had me fooled for so long?
- the scammer mentioned an email that could easily be one of hers (yes too many people use pets in their passwords)
- the email appeared to come from herself (or from one of your contacts is a common variant)
- the email was in passable English without too many typos
After those key features — it kinda went downhill from there. The stuff that doesn’t make sense to a nerd like me:
- having the email password — gives a hacker no access to a computer or phone. Given that Kris is an all things Mac fan-girl, it’s even less likely that she has a virus on her Mac or iPhone.
- So no, there is no way at all they would have access to all her social networks.
- She’s far to busy to spend hours a day on porn sites (unless we count Nigella as porn?)
In fact when you read the email again (reproduced in full below) — there is nothing personalised at all — outside of the email address and the old password. The rest of it is boilerplate. In fact today another one arrived — same email — different nickname, and different bitcoin account!
So where did they get the (extremely) old password from? From data breaches — the NZ government suggests that up to 1 million email account details have been sold on the black web in the last few years.
So what should I do if I get this ransom demand?
- Change your password — and change it everywhere — not just on the original email address you used — change it to something unbreakable and unique. I sometimes use a random string of characters, sometimes I use words with numbers and other symbols throughout them — words not in an English directory are good (Te Reo is a good place to start for unusual words).
- Worried about remembering proper passwords? Use a password manager like Roboform. I’ve used it for years — works on all my phones and computers.
- Report it to CERT NZ the branch of NZ government that specialises in cyber security.
Obviously if you are already a customer or friend of Dear John NZ — please feel free to reach out to us on social media or directly here.
Here’s the email in full so you can compare it — but they are all variations on the same template.
<From: kris@b_________.co.nz Date: 21 October 2018 at 3:34:54 AM NZDT To: "cat's name" kris@_________.co.nz Subject: kris@b_________.co.nz is hacked Hello! My nickname in darknet is murray66. I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time. So, your password from kris@_________.co.nz is pet's name Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me. I have access to all your accounts, social networks, email, browsing history. Accordingly, I have the data of all your contacts, files from your computer, photos and videos. I was most struck by the intimate content sites that you occasionally visit. You have a very wild imagination, I tell you! During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching. Oh my god! You are so funny and excited! I think that you do not want all your contacts to get these files, right? If you are of the same opinion, then I think that $818 is quite a fair price to destroy the dirt I created. Send the above amount on my BTC wallet (bitcoin): 1NXNt72qfMhPZDffUEqryCYpEUzyR6
LmgH As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it. Otherwise, these files and history of visiting sites will get all your contacts from your device. Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it! Since reading this letter you have 48 hours! After your reading this message, I'll receive an automatic notification that you have seen the letter. I hope I taught you a good lesson. Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere! Good luck!it!