Just when you might feel you’re starting to get your hands around spotting classic phishing emails, a new twist is emerging. We’ve talked to a few rattled people who received what they thought was a personalized and very frightening blackmail message over email. The email seems incredibly specific, very aggressive, and, in one instance, even referenced a stolen password.
We will analyze these emails below, but it’s important to note that these emails are not personalized blackmail threats toward you. They are automated messages sent by machines, with hackers hoping that the general messaging hits a nerve with a small segment of the users it targets. It can use stolen credentials (gotten through many, many huge data breaches over the last few years) to fill in the blank of an email message, rather like a form letter personalized to you.
Because these attacks tend to be very explicit, we will not print an example in its entirety. However, we will analyze a few clues that will help you realize that these threatening emails are no threat at all.
While the message tries to sound specific, there are no personal details that would confirm that someone knows exact details about you and your behavior. Read the message and see if there are any exact details that only apply to you. If not, then it is a mass message where the hacker is betting on a few details coincidentally striking true.
In the email message, the blackmailer will state something like, “I placed a malware on the X video clips (pornographic material) web-site and guess what, you visited this web site to have fun (you know what i mean).” Later, the blackmailer mentions that they captured salacious activity via the person’s webcam. These untrue details are a clear sign this message is not personalized.
Many tech support scams use a person’s lack of knowledge about technology to trick them into thinking a problem on their computer needs fixing. These blackmailers use the same lack of knowledge about technology to strike fear into a person.
Here is part of a blackmailing threat email: “While you were viewing video clips, your internet browser started out functioning as a Remote Desktop that has a keylogger which provided me accessibility to your display screen as well as web cam. after that, my software program gathered every one of your contacts from your Messenger, FB, as well as e-mail. and then i created a video.”
Oh my! Let’s break this down:
If you’re unsure about such technological descriptions, always ask your IT vendor or staff.
One easy way to check if the email is an empty threat is to take a phrase or two and Google it. For example, Googling the phrase “While you were viewing video clips, your internet browser started out functioning as a Remote Desktop” brings up the following credible articles among many:
If you receive a suspicious email, it’s unlikely you’re alone. Do some Googling and see if others have received the same email. Think of it like a form of fact checking.
Even though this type of blackmailing email is not a threat, you should take a few precautions:
Need training to help your city employees spot these increasingly complicated phishing emails? Reach out to us today.
Original Date: 2/13/2019