Ne fai parte anche tu (in realtà il tuo indirizzo di posta elettronica aziendale e/o privato), inevitabilmente: “benvenuto a bordo” del più corposo gruppo di vittime di phishing che io ricordi da qualche anno a questa parte. Radio, TV, giornali, ormai puoi leggere articoli in proposito anche nei bagni degli Autogrill o delle stazioni ferroviarie, subito accanto ai numeri di cellulare associati a piccanti sconcerie. Hai visitato un sito web per adulti e qualcuno ha catturato video e audio passando rispettivamente da webcam e microfono del tuo PC, a prescindere che questo sia possibile o no (perché di vittime prive di entrambe le periferiche ne esistono eccome), si parla persino di indirizzi di posta elettronica non presidiati e magari utilizzati da software di terze parti, io ho scoperto che il software di HelpDesk aziendale visita siti web zozzi senza farsi scoprire, bravo!

Calmati, respira, nulla di quanto detto nella mail è vero, non esistono video compromettenti che ti riguardano a meno che non sia stato tu –coscientemente– a volerli mettere in rete, e in tal caso direi che la preoccupazione viaggia sotto lo zero.

Nella versione italiana, l’attuale ondata prevede un testo che si ripete (come ogni attacco classico) e che modifica solo il campo mittente / destinatario e il valore economico del riscatto richiesto, mantenendo inalterato tutto il resto.

In inglese la storia non cambia (c’è un diverso BTC Wallet, se ci fai bene caso), questo è ciò che ho intercettato tramite l’Exchange in Cloud che utilizziamo in ufficio e una Transport Rule creata ad-hoc, di cui ti parlerò tra breve:

Hi! As you may have noticed, I sent you an email from your account. This means that I have full access to your acc: On moment of crack USER@CONTOSO.COM password: 54428949 You say: this is my, but old password! Or: I will change my password at any time! Of course! You will be right, but the fact is that when you change the password, my malicious code every time saved a new one! I’ve been watching you for a few months now. But the fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence from e-mail and messangers. Why your antivirus did not detect my malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use. If you want to prevent this, transfer the amount of $791 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”). My bitcoin address (BTC Wallet) is: 1KeCBKUgQDyyMpaXhfpRi2qUvyrjcsT44o After receiving the payment, I will delete the video and you will never hear me again. I give you 48 hours to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed. Bye!

ATTN: NomeUtente@contoso.com THIS IS NOT A JOKE – I AM DEAD SERIOUS! Hi perv, The last time you visited a p0rnographic website with teens, you downloaded and installed software I developed. My program has turned on your camera and recorded the process of your masturbation. My software has also downloaded all your email contact lists and a list of your friends on Facebook. I have both the ‘ NomeUtente.mp4 ‘ with your masturbation as well as a file with all your contacts on my hard drive. You are very perverted! If you want me to delete both the files and keep the secret, you must send me Bitcoin payment. I give you 72 hours for payment. If you don’t know how to send Bitcoins, visit Google. Send 2.000 USD to this Bitcoin address immediately: 3E9Wbr5Wip7V5PFrrSxkur2tLfYeC5eiQm (copy and paste) 1 BTC = 3,580 USD right now, so send exactly 0.566837 BTC to the address provided above. Do not try to cheat me! As soon as you open this Email I will know you opened it. This Bitcoin address is linked to you only, so I will know if you sent the correct amount. When you pay in full, I will remove the files and deactivate my program. If you don’t send the payment, I will send your masturbation video to ALL YOUR FRIENDS AND ASSOCIATES from your contact list I hacked. Here are the payment details again: Send 0.566837 BTC to this Bitcoin address: —————————————- 3E9Wbr5Wip7V5PFrrSxkur2tLfYeC5eiQm —————————————- You саn visit police but nobody will help you. I know what I am doing. I don’t live in your country and I know how to stay anonymous. Don’t try to deceive me – I will know it immediately – my spy ware is recording all the websites you visit and all keys you press. If you do – I will send this ugly recording to everyone you know, including your family. Don’t cheat me! Don’t forget the shame and if you ignore this message your life will be ruined. I am waiting for your Bitcoin payment. If you need more time to buy and send 0.566837 BTC, open your notepad and write ’48h plz’. I will consider giving you another 48 hours before I release the vid. Anonymous Hacker

LAST WARNING NomeUtente@contoso.com ! You have the last chance to save your social life – I am not kidding!! I give you the last 72 hours to make the payment before I send the video with your masturbation to all your friends and associates. The last time you visited a erotic website with young Teens, you downloaded and installed the software I developed. My program has turned on your camera and recorded your act of Masturbation and the video you were masturbating to. My software also downloaded all your email contact lists and a list of your Facebook friends. I have both the ‘ NomeUtente.mp4 ‘ with your masturbation and a file with all your contacts on my hard drive. You are very perverted! If you want me to delete both files and keep your secret, you must send me Bitcoin payment. I give you the last 72 hours. If you don’t know how to send Bitcoins, visit Google. Send 2000 USD to this Bitcoin address immediately: 3LXeenwA2rTat1EeqNzhqXzZZmvYyCytUH (copy and paste) 1 BTC = 3470 USD right now, so send exactly 0.588204 BTC to the address above. Do not try to cheat me! As soon as you open this Email I will know you opened it. This Bitcoin address is linked to you only, so I will know if you sent the correct amount. When you pay in full, I will remove both files and deactivate my software. If you don’t send the payment, I will send your masturbation video to ALL YOUR FRIENDS AND ASSOCIATES from your contact list I hacked. Here are the payment details again: Send 0.588204 BTC to this Bitcoin address: —————————————- 3LXeenwA2rTat1EeqNzhqXzZZmvYyCytUH —————————————- You саn visit the police but nobody will help you. I know what I am doing. I don’t live in your country and I know how to stay anonymous. Don’t try to deceive me – I will know it immediately – my spy ware is recording all the websites you visit and all keys you press. If you do – I will send this ugly recording to everyone you know, including your family. Don’t cheat me! Don’t forget the shame and if you ignore this message your life will be ruined. I am waiting for your Bitcoin payment. Brandon Anonymous Hacker P.S. If you need more time to buy and send 0.588204 BTC, open your notepad and write ’48h plz’. I will consider giving you another 48 hours before I release the vid, but only when I really see you are struggling to buy bitcoin.

Hello You as well as everybody have been warned many times.But,obviously you didnt use internet carefuly.Whats the problem?- U are thinking right now.Lets start with the fact that I put the virus on a webpage with videos for adults (site with pоrn content) (u know whats up).Object clicked on a play button and device began working as dedicated desktop with keylogger function.So all cameras and screen instantly started recording.Then my software collected all your contacts from messengers,e-mails and social networks. So what do we have now? I created the split screen video (1st part-screen record(you have a great taste lmao),2nd part- cam rec.) and all your contacts.I think its not good news. Hence I suppose that five hundred fifty usd is adequately for this smallwee fail. My bitcoin wallet – 1DGMALtWHn3z1EvXv4mDWxvwx99MUSWbdE Ask internet how to use it.It is not very hard.Just write “how to buy bitcoins” I give u 1 day after reading this message(I placed a special pixel in it,Ill see when you open it). If I don’t recieve the necessary amount All your contacts will recieve video with you Since I receive bitcoin- the сompromising will be destroyed.If u charge me to show evidence,reply yeah and Ill send this video to three contacts Ive collected from you. Can go to cops,but searching me is more long-lasting than 1 day,im Romanian,so you will be a star among friends.

Hello! As you may have noticed, I sent you an email from your account. This means that I have full access to your account. I’ve been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence. Why your antivirus did not detect malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use. If you want to prevent this, transfer the amount of $664 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”). My bitcoin address (BTC Wallet) is: 1Jh1miFmhTmGQvn6Zejaqg85viD4k1vVjG After receiving the payment, I will delete the video and you will never hear me again. I give you 48 hours to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed. Best wishes!

1/2/19

Un solo aggiornamento per raccogliere altri tre tipi di mail che sto intercettando negli ultimi tempi. Nel terzo esempio si fa addirittura un salto indietro nel tempo per far capire alla potenziale vittima da quanto l’attaccante abbia possesso delle risorse della macchina colpita. In comune hanno il riferimento alle solite 48 ore per il pagamento e la costante del pagamento bitcoin (la cifra è sempre variabile). Solo l’ultima ripropone l’indirizzo di posta elettronica della vittima.

Your account has been hacked! You need to unlock.

Hello! I’m a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it. Of course you can will change your password, or already made it. But it doesn’t matter, my rat software update it every time. Please don’t try to contact me or find me, it is impossible, since I sent you an email from your email account. Through your e-mail, I uploaded malicious code to your Operation System. I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources. Also I installed a rat software on your device and long tome spying for you. You are not my only victim, I usually lock devices and ask for a ransom. But I was struck by the sites of intimate content that you very often visit. I am in shock of your reach fantasies! Wow! I’ve never seen anything like this! I did not even know that SUCH content could be so exciting! So, when you had fun on intime sites (you know what I mean!) I made screenshot with using my program from your camera of yours device. After that, I jointed them to the content of the currently viewed site. Will be funny when I send these photos to your contacts! And if your relatives see it? BUT I’m sure you don’t want it. I definitely would not want to … I will not do this if you pay me a little amount. I think $700 is a nice price for it! I accept only Bitcoins. My BTC wallet: 18cFCmESfC6PKn8LL6HPbtK2EWLLdsryXp If you have difficulty with this – Ask Google “how to make a payment on a bitcoin wallet”. It’s easy. After receiving the above amount, all your data will be immediately removed automatically. My virus will also will be destroy itself from your operating system. My Trojan have auto alert, after this email is looked, I will be know it! You have 2 days (48 hours) for make a payment. If this does not happen – all your contacts will get crazy shots with your dirty life! And so that you do not obstruct me, your device will be locked (also after 48 hours) Do not take this frivolously! This is the last warning! Various security services or antiviruses won’t help you for sure (I have already collected all your data). Here are the recommendations of a professional: Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites! I hope you will be prudent. Bye.

This account has been hacked! Change your password right now!

You may not know me and you are probably wondering why you are getting this e mail, right? I’m a hacker who cracked your email and devices a few months ago. Do not try to contact me or find me, it is impossible, since I sent you an email from YOUR hacked account. I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Control) having a keylogger which gave me accessibility to your screen and web cam. After that, my software program obtained all information. You entered a passwords on the websites you visited, and I intercepted it. Of course you can will change it, or already changed it. But it doesn’t matter, my malware updated it every time. What did I do? I backuped device. All files and contacts. I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam. exactly what should you do? Well, in my opinion, $1000 (USD) is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google). My Bitcoin wallet Address: 1CcYkUKB5ViUJyNdKynSmt7H4YHiru5Ecf (It is cAsE sensitive, so copy and paste it) Important: You have 48 hour in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message). To track the reading of a message and the actions in it, I use the facebook pixel. Thanks to them. (Everything that is used for the authorities can help us.) If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on.