I will talk about sextortion through email, which is much more common, in a future one of these.

Where did you come across this sextortion through dating apps thing?

The good folks over at the Internet Storm Center put up a post this week talking about an online forum that they have discovered. The posts on this forum are full of details about people and these details are coming from dating apps.

What are the evil doers doing?

What the criminals are doing is they are creating lots and lots of fake profiles on dating sites and dating apps. Then when they get connected with their victims, which are nearly always men, they will get into conversations with them. They will ask them what their sexual preferences are. What they like doing. They will try to get them to virtually cheat on their partners, etc. They gather all of this information and they put it into a post on this online forum which is actually in the public domain.

Then what they do is contact the victim and say “If you want us to take down this post with all your sexual preferences, etc., this embarrassing information, pay us some money.” And they do apparently do this when they are paid money.

What’s the problem then?

But the thing is these sites have been in the public domain, they might be indexed by Google or they might be also in an internet archive. So that information is still up and is probably still in the public domain.

What can I do to protect myself?

So it’s just a case of being very careful about who you contact and who you can converse with on these dating sites.

So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 033 Sextortion through Dating Apps appeared first on L2 Cyber Security Solutions Ltd..

Hoax bomb e-mail

Subject: Think twice
There is the bomb (tronitrotoluene) in the building where your business is located. My recruited person constructed an explosive device under my direction. It has small dimensions and it is hidden very well, it is impossible to damage the supporting building structure by my bomb, but there will be many wounded people if it detonates.
My man is controlling the situation around the building. If any unnatural behavior, panic or emergency is noticed he will power the device.
I want to suggest you a deal. You send me $20’000 in Bitcoin and the bomb will not detonate, but do not try to fool me -I warrant you that I have to call off my man solely after 3 confirmations in blockchain network.
My payment details (Bitcoin address)- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <redacted>
You must pay me by the end of the workday. If the working day is over and people start leaving the building explosive will explode.
This is just a business, if I do not see the money and the bomb detonates, next time other commercial enterprises will send me a lot more, because this is not a single incident.
I wont enter this email. I check my Bitcoin wallet every 40 min and after seeing the payment I will order my mercenary to leave your district.
If an explosion occurred and the authorities see this letter:
We arent a terrorist society and do not assume responsibility for explosions in other places.

Needless to say it is a hoax bomb threat. It is similar to the sextortion scam that I warned about last July.

I love the last line. “We arent (sic) a terrorist society …” I think the evil doers are a little bit scared that the anti-terror units will come after them. They should be scared … but of all law enforcement. They will come down hard on these guys. In fact the US Computer Emergency Readiness Team (US-CERT) have advised people to:

• Do not respond or try to contact the sender.
• Do not pay the ransom.
• Report the email to the Federal Bureau of Investigation (FBI)

The concern about the volume of these types of threats though, is that they will tie up first responder resources while the hoax bomb is being investigated.

Lets be careful out there.

#SecuritySimplified

The post Hoax Bomb Extortion Emails Are Latest Scam appeared first on L2 Cyber Security Solutions Ltd..

So it’s similar in nature to the earlier sextortion scam where it shows an old password. However this one includes a link to a “video presentation” as proof that they have a video recording of you up to fun and games while watching pornography. The recording also includes a view of the alleged pornography that you were watching. If you click on the link, it will lead to Ransomware becoming installed on your computer. This will then scramble all of your files and demand $500 ransom to unscramble them. Here is an example of the dodgy e-mail:

The evil doers are using multiple social engineering techniques to fool nervous and vulnerable people. This step of providing “proof” of the existence of the video evidence is really sneaky. Please don’t fall for it. Let everyone you know, hear about this. You can point them at some detailed advice in our Fifth Commandment which is part of the wildly popular Ten Commandments of Cyber Security.

If you want to find out how our simple, yet comprehensive Security Awareness training can help you spot these scams and avoid falling for them, then please send an e-mail to info@L2CyberSecurity.com or call 087-436-2675 and we can let you know.

Lets be careful out there.

#SecuritySimplified

The post Sextortion Scam Volume 3 appeared first on L2 Cyber Security Solutions Ltd..

The first thing to highlight is that the evil doers are now using partial telephone numbers in this sextortion scam instead of old passwords. This can be more effective than the old password ruse that was used last month. This could be because many people may have changed passwords since. However not too many of us regularly change our mobile number.

New development of the sextortion scam

We may also be quite used to seeing our number appear in a partially redacted manner.

So in this example, the victim sees the number +XX XXXXXX6074 instead of an old password. They have confirmed to the good folks over at the Internet Storm Centre (ISC) that those last 4 digits match their number. So that can really make people sit up and take notice.

The question arises though – why are they partially redacting the number? It’s not like these guys are reputable and are trying to protect your privacy by not emailing the full number. If they truly had your full information from a hack or a data breach, why not just put the whole thing in there? It would be very much more effective.

No, they don’t have your full number at all and as surmised by the team over at the ISC, they are probably getting the information from password reset forms. This is where the like of Google and Amazon will send you a text message with a code as part of the reset process. Or as part of a two-factor authentication step such as the following:

So the bad guys have upped their game here. Just don’t fall for it.

Are they making any money?

The other update in relation to this is about the money they have actually made from this sextortion scam. A couple of weeks ago the fine people at the ISC did an analysis of the bitcoin wallets that were included in the scam emails. These are the long string of characters and numbers that I redacted in the email example above.

“Wait a second” I hear you say, “Bitcoin is untraceable, anonymous money.”. Actually it’s not really untraceable as by the very nature of the blockchain on which bitcoin is based, each transaction is fully public. It would be more appropriate to say that it is unregulated money.

Anyway, their analysis revealed that of the many wallets they were monitoring:

• 123 payments were received
• $235,000 in total was paid to those wallets
• $4,900 was the biggest payment, with an average payment of $1,900

This was probably a subset of all the wallets in use across the whole campaign. However you can see that people were fooled into parting with their money in reasonably large numbers.

So you now want to easily protect you and your staff from these kind of scams, right? I do some pretty awesome security awareness training. If you were interested in finding out more, just send an e-mail to info@L2CyberSecurity.com.

#LetsBeCarefulOutThere

#SecuritySimplified

The post Sextortion scam – a follow up. appeared first on L2 Cyber Security Solutions Ltd..

It is of course a scam, but having an old User ID and Password on the e-mail does seem to give it a sort of legitimacy, in that they may just have hacked your computer. If you happened to be somebody who recently viewed porn on that computer, one which has a webcam, then you may just fall victim to this sextortion scam. This is what a typical e-mail looks like:

The amount payable varies between the various e-mails, as does the Bitcoin wallet address (both circled above). There may also be a number of random words towards the end of the e-mail, which are used to defeat spam filters.

The bottom line here is, these people did NOT hack into your machine and record you watching porn. If they did, why wouldn’t they include a frame from said footage to prove that they had something on you.

The old User ID and Password that they included will have been picked up by the bad guys from a data breach sometime in the past. This stuff has been knocking around the internet for a loooonnng time. I did mention this last year when I talked about another scam e-mail that knew your name. They will have used other indexing techniques to associate the old account with your current e-mail address and then send you the scam e-mail.

Well known security reporter Brian Krebs, reckons that the evil doers may refine their technique and use more recent accounts that were part of a data breach.

As I always do in these e-mails I refer you to my fifth commandment. I’ll also throw in a shameless plug for the security awareness training that I provide, which, if you were interested in finding out more, just send an e-mail to info@L2CyberSecurity.com.

Let’s be careful out there.

The post A Sextortion Scam appeared first on L2 Cyber Security Solutions Ltd..