Ces derniers mois (en gros depuis mi-2018), de nombreux clients nous ont remonté l’arrivée de mails de menace, prétendant avoir piraté leurs comptes, leurs boites mail, leur téléphone etc. Ces mails sont très souvent en anglais, souvent menaçant, prétendant même parfois avoir eu accès à votre webcam, et demandent une rançon pour ne pas diffuser tout cela.
Ces mails sont souvent bien écrits, et font référence à des dates ou des lieux au hasard, des faits plus ou moins précis. Ces dates, lieux et faits sont là pour vous faire chercher mentalement d’autres dates, lieux et faits de votre vie qui pourraient corroborer le mail et ainsi monter le niveau de peur, de stress, de doute, et vous faire payer.
Certains des ces mails peuvent même contenir un mot de passe, voir LE mot de passe, vous savez, celui que vous utilisez partout ? C’est une bien mauvaise pratique qu’il faut abandonner de ce pas : si un des sites où vous utilisez ce mot de passe se fait pirater, votre mot de passe est donc disponible à tous les malfrats du net qui en feront leurs choux gras …
Et donc on fait quoi ?
Les bonnes pratiques contre ce genre de mail :
- Les ignorer, les déplacer dans votre dossier à spam. Si le contenu est compromettant, l’effacer et le purger de la corbeille
- S’ils contiennent un mot de passe que vous avez utilisé dans le passé, allez dans le gestionnaire de mot de passe de votre navigateur, pour voir si vous avez utilisé ce mot de passe ailleurs, et changez ces mots de passe de suite !
- Ne payez surtout aucune rançon, cela ne sert à rien !
Dans le doute et si vous êtes client d’Octopuce, transmettez nous ce mail avec votre question, nous vous répondrons.
Des exemples ?
Pour terminer, voici quelques exemples de mails de ce genre :
Sujet: (Part num your Hacked phone& 8088
It seems that, 8088, part num your phone.
I observe your device.
I am in scandalize of your erotica fantasies!
I made screenshots from your camera lens from yours devices.
You act, I record video.
I made stand-in your contacts and files.
I want 870 $ to my #Bitcoin
My )Bitcoin briefcase
1AjgBp2S3GuD9pyySXXXXXsBpixDNosbDU
If YOU don’t Send $Bitcoin. I share this scandalize of your copulation fantasies. With yours contacts!
If you do not know how to do this – enter into Google=
-how to transfer money to a Bitcoin^ wallet&
You Have Time – 31 hours.
You see grammatical mistakes? Yes! I do this special, to not find me. All correspondence and google have analyze writing style.
Sujet: Change your password immediately. Your account has been hacked.
I greet you!
I have bad news for you.
11/08/2018 – on this day I hacked your operating system and got full access
to your account votreadressemail@votredomaine.fr
It is useless to change the password, my malware intercepts it every time.
How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources. I’m talking about sites for adults.
i want to say – you are a big pervert. You have unbridled fantasy!
After that, an idea came to my mind.
I made a screenshot of the intimate website where you have fun (you know what it is about, right?).
After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate.
I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues.
I think $873 is a very small amount for my silence. Besides, I spent a lot of time on you!
I accept money only in Bitcoins.
My BTC wallet: 17vzpL7n29egXXXXXXXUE4tKV81MqsW4wF
You do not know how to replenish a Bitcoin wallet?
In any search engine write « how to send money to btc wallet ».
It’s easier than send money to a credit card!
For payment you have a little more than two days (exactly 50 hours).
Do not worry, the timer will start at the moment when you open this letter.
Yes, yes .. it has already started!
After payment, my virus and dirty photos with you self-destruct automatically.
Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your « joys ».
I want you to be prudent.
– Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)
– Do not try to contact me (this is not feasible, I sent you an email from your account)
– Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.
P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim.
This is a hacker code of honor.
From now on, I advise you to use good antiviruses and update them regularly (several times a day)!
Don’t be mad at me, everyone has their own work.
Farewell.
Sujet: philipp – phil4312 (en fait un mail avec pour sujet : votre prénom – un de vos mots de passe)
Greetings philipp,
My nickname in darknet is Mozelak77. I’ll begin by saying that I hacked this mailbox (please look on ‘from’ in your header) more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.
Here is one of your passwords by the way: « phil4312 »
Even if you changed the password after that – it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.
I have access to all your accounts, social networks, email, browsing history. Accordingly, I have the data of all your contacts, files from your computer, photos and videos.
I was most struck by the intimate content sites that you occasionally visit. You have a very wild imagination, I tell you!
During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching. Oh my god! You are so funny and excited!
I think that you do not want all your contacts to get these files, right? If you are of the same opinion, then I think that $500 is quite a fair price to destroy the dirt I created.
Send the above amount on my bitcoin wallet: 1Bs28XXXXXXXETGeoh4eQypgG7nVJbjqnv
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.
Otherwise, these files and history of visiting sites will get all your contacts from your device. Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!
Since reading this letter you have 48 hours! After your reading this message, I’ll receive an automatic notification that you have seen the letter.
I hope I taught you a good lesson. Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere! Good luck!
Sujet: gledeen255@jetable.org is hacked (en fait un de vos mails d’inscription à un service)
Hello!
My nickname in darknet is rorke79.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.
So, your password from gledeen255@jetable.org is soleilvert
Even if you changed the password after that – it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.
I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.
I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!
During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!
I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $860 is quite a fair price to destroy the dirt I created.
Send the above amount on my BTC wallet (bitcoin): 1EZS92K4xJbymDLwG4F7PNXXXXXXX2e9XY
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.
Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!
Since reading this letter you have 48 hours!
After your reading this message, I’ll receive an automatic notification that you have seen the letter.
I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere!
Good luck!
Sujet: Your account was hacked
Hi, dear user of mondomaine.fr
We have installed one RAT software into you device.
For this moment your email account is hacked (see on « from address », I messaged you from your account).
Your password for monmail@mondomaine.fr: monmail7777
I have downloaded all confidential information from your system and I got some more evidence.
The most interesting moment that I have discovered are videos records where you masturbating.
I posted my virus on porn site, and then you installed it on your operation system.
When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device.
After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose.
For the moment, the software has collected all your contact information from social networks and email addresses.
If you need to erase all of your collected data, send me $800 in BTC (crypto currency).
This is my Bitcoin wallet: 13cyEdT7kyH2f4j9xchvDGXXXXXXXYNLUS
You have 48 hours after reading this letter.
After your transaction I will erase all your data.
Otherwise, I will send video with your pranks to all your colleagues and friends!!!
And henceforth be more careful!
Please visit only secure sites!
Bye!
Sujet: Should have covered your webcam
Hello,
I have been watching you for a while now. I hacked you through a virus that I injected in an ad on a porn website.
The virus gives me full access and control over your computer (or any other device). That means that I can see everything on your screen and switch on your camera and microphone without your knowledge.
I made a video that shows how you masturbate on the left half of the screen and on the right half you see the video you were watching. With the press of a button I can forward this video to all contacts of your email and social media.
The only way to prevent this is to pay me.
Send me a message for instructions:
unmail@undomaine.com
Regards,
Sujet: <your login name>
Hello,
I am a spyware software developer. Your account has been hacked by me in the summer of 2018.
I understand that it is hard to believe, but here is my evidence (I sent you this email from your account).
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
I went around the security system in the router, installed an exploit there. When you went online, my exploit downloaded my malicious code (rootkit) to your device. This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol). That is, I can see absolutely everything that you do, view and download your files and any data to yourself. I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt… on you… I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
I know what you like hard funs (adult sites). Oh, yes .. I’m know your secret life, which you are hiding from everyone. Oh my God, what are your like… I saw THIS … Oh, you dirty naughty person … :)
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera. Believe it turned out very high quality!
So, to the business! I’m sure you don’t want to show these files and visiting history to all your contacts.
Transfer $975 to my Bitcoin cryptocurrency wallet: XXXXXXXXXXXXXX
My system automatically recognizes the translation. As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system. Do not worry, I really will delete everything, since I am ‘working’ with many people who have fallen into your position. You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours. If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material.
I advise you to remain prudent and not engage in nonsense (all files on my server).
Good luck!