Many of our users have seen this type of email in their spam filters, most don’t actually get through to your account, although the odd one might. That is all the spammers, who are usually organised crime syndicates, need and rely on.

A full version of the email is at the bottom of this post.

What are these emails and why do some of them have my password in them?

These emails raise many questions and I will try to answer most of them here.

It is of course possible for what they say in the email to be true, but in most cases it is not. There have been many hacked websites over the years and there are now plenty of lists of people’s usernames and passwords, that have been compiled from these hacked websites. There are now two or three main lists that have been compiled and in turn these in to one list of over 500,000,000 usernames and passwords. Security researchers use this list to determine things like frequency of passwords, your chosen password is probably not as unique as you think it is; monkey, password, 123456, abc123 were the top password for many years and although recent research shows that they have moved about, they are still in the top 15.

The bad guys use these username and password lists to try to gain access to your accounts on other wesites and even your email account. Now some bright spark has decided to take your username and password combination where your username is your email address and send an email to you, firstly showing your password to you and secondly faking the sending address, which is trivialy to do, and then tells you that they know something about you that you don’t want revealed to others. This is a typical phishing scam in that they don’t have any access to your email (that is not say that they don’t but they tend to use other scams that are more profitable when they actually have access to your email).

NOTE: If you receive these emails to your inbox, then please contact your hosting provider or website maintenance company or computer support company in order to ensure that your SPF records and spam filtering are setup correctly. Our clients can submit a ticket here anyone else who needs help can submit a support ticket here and we will see if we can help. (WARNING – incorrectly setting up SPF records can cause you to stop receiving legitimate emails and still allow spam through as well as prevent your emails from reaching their destination, it also requires those sending you legitimate emails to have their email system correctly configured with or without SPF records).

Facebook, Vodafone and Dropbox are all examples of large databases of usernames and passwords that have been stolen as well as many smaller companies that have lost control of their databases and not had them properly encrypted. Even those that are encrypted with a basic hash can still be deciphered using rainbow tables. Sites need to hash passwords using individual salts and store the salt in a different database to the username and password database, but that is starting to get technical so I won’t go further in to that.

What is important is that if you, like many people, use the same password on multiple sites then you need to change your password immediately on all sites where the password has been used. You should really consider using a password manager to save individual unique passwords for each site. We could go in-depth in to the various password managers and the pros and cons of each and which ones to avoid completely but that is for another time, for now we will just recommend our own ConnectID which is available with all of our cloud accounts to manage your websites and web apps and auto log you in without you needing to remember your passwords. If you would like more details on this then go here and here or submit a ticket here.

If you have received one of the emails that is warning you that your account has been hacked, then you probably do not have too much to worry about (note that there is some worry as mentioned above). The email suggests that you have had your computer hacked as well and that malicious software has been installed. Whilst this could be true in some cases it is not for most and it is just a phishing exercise to get people to pay up. Email addresses are easy to spoof. These emails can usually be deleted. DO NOT click any of the links in the email as bad things may happen. They can then install a virus which can watch or steal passwords and bank details or do worse things. If you have clicked the link you should take immediate precautions to secure your PC, run antivirus on the highest level or deepest scan and perhaps get in contact with your support company, we can provide remote support, please click here to submit a ticket or here to signup and then call or submit a ticket from your account.

This scam should not be confused with real hijacking of your data, Ransomware is around, just like the radio advert says and they will take your money and not necessarily give you your data back. It costs businesses millions of pounds in lost earnings whilst trying to get things fixed. See our articles on this subject here. It is a very real and serious problem if you get ransomware in to your network. You should ensure you have backups that protect against this, as not all backups will. Backups should be Ransomware proof, like our backup ShareSync, available as a standalone product or with our cloud accounts. As far as we know it is the only one to give this protection as well as the file sharing capabilities of Dropbox or Box, OneDrive or iCloud. If your data is hijacked and you don’t have sufficient backups then you could lose your data completely as has happened to many people and businesses, including a Police station in the USA. The same thing that happened to the NHS in England some months ago which caused operations to be cancelled and days of disruption to the service it provides before it was finally fixed (see BBC news article here).

I digress, but it important to note the difference between ransomware and these opportunistic phishing emails which are trying to scare people into handing over cash. In the last few days they have increased dramatically as others have taken the idea and have now started to send these emails, without the password, to any and all email addresses they have.

The short side of this story is, make sure your email is setup correctly and your spam filtering is doing its job and delete these emails if they get through without opening them and definitely don’t click any link in the email, in fact, never click the link in an email unless you are expecting it and you have made sure it comes from the person you are expecting it from.

Some of these are bound to get through your spam filtering at some point, just delete them.

If your computers are important to you or your business, make sure that you have sufficient backups and your computer and network are checked and maintained regularly by someone trained and experienced in computer and network security.

Below is a couple of examples of the email as it is being sent out:

Hello, my victim.
I know your password – {a password}

That is my last warning.

I write you inasmuch as I set a trojan on the net site with pornography that you have visited.
My spyware grabbed all your own personal information and switched on your web cam which captured the procedure of your masturbation.
Right after that trojan stored your contact list.
I will remove the compromising video and all the information if you pay me 600 USD in bitcoin.
This is wallet address for payment : 1HqUTGvbvDWCSTFDdYtPVviPW2iF8HsNUc
(you can google on “how to buy bitcoin”)

I give you twenty four hours once you view my message to make the payment.
When you see the email I’ll know it right away.
It’s not required to inform me that you have delivered BTC to me. This address is connected to you, my script will erase everything instantly after payment confirmation.
You are able to visit the police but no one can not help you.
In the event that you try to cheat me, I’ll see it straight away!
I don’t live in your country. So no one can not track my place even for 9 months.
Don’t forget about the disgrace. Your life may be ruined.

Another:

Dear user of xxxxxxxxxx.xx.xx!

 

I am a spyware software developer.

Your account has been hacked by me in the summer of 2018.

 

I understand that it is hard to believe, but here is my evidence:

– I sent you this email from your account.

– Password from account xxxxxxxxxx@xxxxxxxxxx.xx.xx: xxxxxx (on moment of hack).

 

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

 

I went around the security system in the router, installed an exploit there.

When you went online, my exploit downloaded my malicious code (rootkit) to your device.

This is driver software, I constantly updated it, so your antivirus is silent all time.

 

Since then I have been following you (I can connect to your device via the VNC protocol).

That is, I can see absolutely everything that you do, view and download your files and any data to yourself.

I also have access to the camera on your device, and I periodically take photos and videos with you.

 

At the moment, I have harvested a solid dirt… on you…

I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.

 

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

 

I know what you like hard funs (adult sites).

Oh, yes .. I’m know your secret life, which you are hiding from everyone.

Oh my God, what are your like… I saw THIS … Oh, you dirty naughty person … 🙂

 

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.

Believe it turned out very high quality!

 

So, to the business!

I’m sure you don’t want to show these files and visiting history to all your contacts.

 

Transfer $847 to my Bitcoin cryptocurrency wallet: 1GXazHVQUdJEtpe62UFozFibPa8ToDoUn3

Just copy and paste the wallet number when transferring.

If you do not know how to do this – ask Google.

 

My system automatically recognizes the translation.

As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.

Do not worry, I really will delete everything, since I am ‘working’ with many people who have fallen into your position.

You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

 

Since opening this letter you have 48 hours.

If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material.

 

I advise you to remain prudent and not engage in nonsense (all files on my server).

 

Good luck!

There are other variants as well with other messages in them to catch other people out, these are just two examples we hae seen.

Stay Safe.

CritchCorp Computers Ltd.

There of course, have been some domain name companies that try to scam people either out of their domain name or just to win the business. Whichever it is I do not agree with underhand tactics to get business. People come to us because we are honest and open and we do an excellent job, not because we conned them in to moving to us.

The one that most people have probably seen the most is a company, that I will not name but they have been conning people for years now and more recently have been trying to clean up their act to appear more professional. They send out postal letter and emails to the registrant (owner of the domain name) and in the beginning they said that if they did not pay this extortionate rate their domain name would be lost forever. Anyone dumb enough to fall for it could have fallen in to many problems, as they were effectively transferring their domain name to another company and their website, emails and everything else could easily have stopped working and been lost. On top of the fact that they have paid a lot more for the domain name renewal than was necessary.

Always know who you have registered your domain name with and check with them first before renewing anything with a third party. This particular company have been forced by trading standards, I believe, to clean up their act. They still send out ridiculous emails and letters to try to steal customers from other companies, in my opinion, by deception. Their latest one stating that if you do not take their offer of SEO and domain name then no-one will be able to find your website. I will not go in to the technically details of this but to anyone with any technical ability they know this is not true, but it must be fooling some unwitting domain name holders or they would stop.

Another long running scam is the Asia domain name company that tells you that someone is trying to register a domain name that is similar to yours and they are going to give you first refusal of the domain name. A scam as well that has forced thousands of people to buy domain names that they do not need or want.

The latest email to go to domain name owners is one that is intended to scare you though showing you a whole lot of technical information about your domain name. All of it is probably true but means nothing in the context. From what I can see their whole point of sending you a large font email telling you that your whois information has been updated (which is a lie) is to get you to purchase other domains from them. I have not been any further and I have only just seen this one going round so I am sure that we will see what devastation it causes in the coming weeks and months.

If you own a domain name make sure you know the basic information of who it is registered with and when it is due for renewal. Even if you have technical people to look after things like that for you, make sure you have basic information (read: http://www.cc-computers.biz/Blog/?p=228 to make sure you don’t lose your domain name)

Be vigilant with emails and letters that come in the post telling you that you need to do something, check with the right people first.

Support Team

CritchCorp Computers Ltd.

Prices correct at date of publish.

Before I clicked it I took a moment to calm down and think logically. I have a suitably strong password on my account so it is unlikely someone would have been able to guess it. You can’t make a payment unless you have the password. Is it possible someone could have got it from my PC with a keystroke logger and then used it; possible but not likley. I then took a moment to read the email more carefully and noted a couple of things that I should have picked up on straight away.

Firstly the email was addressed to me, but not in the normal way. Secondly it came to an address that was not the one I used for PayPal. These two facts alone were proof enough that this was a phishing email. I check out the links that I was about to click and sure enough they were not to the PayPal website but something that was meant to look like the PayPal website as it had www.paypal.com in the address but was not their site. (I will write another posting about what to look out for in the URL to make sure you are going to the right place).

What struck me about this one was the fact that it was very well written, not like most of them that give themselves away instantly with the bad grammar or spelling mistakes.

What you need to learn form this is to be extra vigilant when it comes to any message in email. NEVER EVER click the link in an email, go to the website by typing in the address yourself. Read the content of the email over again before jumping to conclusion. PayPal in particular use the correct greeting in their email which makes it harder (although not impossible) for people to pretend to be PayPal. The same goes for some banks and other financial institutions.

Phishing emails have been around for a long time and are clearly very successful so be extra vigilant on emails that you expect and ones you are not!

Be on the look out for the latest batch of PayPal phishing emails as they have clearly copied the contents of real PayPal emails and just changed a few details.

I have had several more since the first one of these.

CritchCorp Support Team.

These people phoned up and said that they were from Microsoft and want to fix the problems she had been having with her computer. After a while they convinced her they were real and she let them on to her computer. She watched what they did and to her horror, they copied all her university work off her computer and then deleted it!!

She had to pay £50 for them to “recover” it for her! For a student this is a lot of money! To be conned out of £50 is not nice for anyone.

I cannot stress enough the old rule of, if you didn’t ask them for something then under no circumstances let them in!

There are many more stories out on the Internet but I thought this one was close to home. There have been many attempts on CritchCorp Customers but luckily so far no-one has succumbed to them. Always know who looks after your computer and there is very little for free in this world and computer support is definitely not. Computer systems vary from person to person so always have someone that knows your system and you to best be able to advise you and do not let anyone else touch it!

CritchCorp.

What happens is, you will receive a phone call to say that you are having problems with you computer, Internet connection or email or something else that will give them an excuse to log-on to your computer. The caller will then explain that he/she is calling from either Microsoft or your ISP (Internet Service Provider), BT, your bank or some other credible but generic source to resolve all your problems. “This service is free”, they will tell you and all they need to do is ask some questions, log-on to your computer and they will have it resolved in no time, or some other story along these lines as it does change slightly as they change their story to suite the local market they are trying to exploit. If you were at this point to ask them any specific questions there are a few responses you will get depending on how experienced the caller is, from hanging up the phone to giving generic answers or answering with a question. The truth is they do not know anything about your situation unless you tell them. They will phone everyone they can with the same story.

If you did allow them to gain access to your computer then you would find one of two things can happen. This depends on which call center is calling you as there are many of them. The first thing is they will download a virus to your computer and after trying to make you believe it was there before they started and they have just discovered it, along with a whole host of other problems (most of which are not problems). They will say that this can all be sorted out for you for fee of $50 or whatever they think they can get from you. So this free ‘service’ has now started to cost you money. Worst of all they are the problems they created or invented and they are not going to fix them when they are done. The other way is that they show you all the temp files or Internet cookies and tell you that these are bad files or corrupt files and they may even open a few in Notepad or Wordpad to show you that they are corrupt. (These files are not corrupt, they are not intended to be opened in these programs so will generally look like gobbledygook)

In both cases they will then proceed to the payment options, credit or debit cards. When you give the first card details over it will surprisingly not work. So you will need to move to another card and another and another until you have no more cards (and by that time probably no more money). Some are not as bad and only take the first payment and leave you alone, for now! 

The best thing to do is to say that you have someone that looks after your computers and they are dealing with it so they do not need to worry. Then hangup the phone.

If, like in some cases, they are persistent then I suggest trying the following. After answering the phone and identifying this type of call ask them to “please wait a moment”, put the phone down on the side and walk away for an hour or so. Come back and replace the handset. If they still continue to call, then keep doing this until they get the message. It is costing them money to call you. (granted not a lot as they tend to use VoIP, but every penny counts) Most of them will not call back after the first time. These people are people in places like India where the call center boom is now coming crashing down and there are many unemployed people with families to feed. The criminals setup the call centres and pay wages to these people who know it is wrong but need the money. This is the same type of people who send out a lot of the phishing emails, but I will talk about that later.

Chris.

CritchCorp Computers Ltd.