New Smishing and Phishing Scams on the Rise
There’s a new scam every fifteen seconds
Or at least that’s the way it seems.
I have recently become far more proactive about blacklisting IP addresses that overload my inbox with scams. You know the ones:
From: <your email address>
Subject: Security Notice. Someone have access to your system
Hi! As you may have noticed, I sent you an email from your account. This means that I have full access to your account: At the time of hacking your account (your email address here) had this password: ********* You can say: this is my, but old password! Or: I can change my password at any time! Of course! You will be right, but the fact is that when you change the password, my malicious code every time saved a new one! I've been watching you for a few months now. But the fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence from e-mail and messangers. Why your antivirus did not detect my malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use. If you want to prevent this, transfer the amount of $743 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin"). My bitcoin address (BTC Wallet) is: 15G9wyGRDssFXsfwEm1ihdJs2xabVPDu68 After receiving the payment, I will delete the video and you will never hear me again. I give you 48 hours to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed. Bye!
With every single one of these I get – whether it is from a typical email or my online contact form, I find the IP address it came from and then block the entire range of IP addresses in use by the Internet provider (ISP) through which the message arrived. I will literally never hear from this particular scammer again, as they cannot reach my website or email address – FOREVER.
But I host my own websites, numerous sites for my clients – and all the email associated with these sites. You may not be so fortunate.
But back to this particular email scam:
Even if the password they have for you is real, unless you have actually been doing what the scammer claims… You’re fine.
If the password IS actually current…
You’re using a password that’s over 5 years old? Change it to something a LOT more C0mpL!c4T3d## and do it FAST.
For the most part, the accounts being targeted are the identities harvested in the Yahoo account breach from about 5 years ago, along with all the other massive personal info breaches of the last 5 years. All of this information is readily available on the Dark Web. And every single script kiddie on the planet is sending out these emails in the hopes they will hit pay-dirt.
- You should use different passwords for every account.
- Keep them ALL in a spreadsheet.
- Update it every time you create or change an account.
See how simple that is?
The latest victims
A recent story about two UK men losing £20,000 each prompted me to write this post.
Never respond to any text message (smishing) that requires you to click on a link.
Block the number.
Never let anyone take remote control of your computer except for someone like me who has made previous arrangements to solve a problem for you. Something predicated on your initial contact with them. In other words, if you called someone legit like myself and elected to have a remote session set up to troubleshoot a problem, fine. If you see a popup on your computer or get a call from “Microsoft” (they will never call you) or “Windows Support (there is no such thing) – reboot your computer immediately. NEVER allow these people to get inside your computer.
You will rue the day.
Have a nice safe day out there.