Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
If the headline above frightened or at least alarmed you, that means you really can fall prey of this cybercrime. Because it is a bit different from others. While the perpetrators usually aim at a vulnerability of your PC, this attack targets vulnerabilities of your mind. Throughout the crooks use no malware, it lets them empty pockets of thousands victims. Many users have already fallen prey of this cybercrime combined of scam, porn, blackmail and cyber technologies.
Here the freshest example.
Comodo specialists detected 9382 malicious emails sent to potential victims. The crooks used the impressive amount of 8590 IPs for spreading the emails – the eloquent fact sharply demonstrating the massive scope of the attack.
What were inside these criminal emails?
Just message. But this message made thousands of people to open their wallets in benefit of the crooks.
The message begins with the stunning statement (spelling is kept):
“I do know hafizah is your passphrase. Lets get right to the point. You do not know me and you are most likely thinking why you are getting this e-mail? Not one person has compensated me to investigate about you.
actually, I setup a malware on the xxx videos (sex sites) site and do you know what, you visited this website to experience fun (you know what I mean). When you were watching video clips, your internet browser started out functioning as a RDP that has a key logger which gave me access to your screen and web camera. Immediately after that, my software obtained your complete contacts from your Messenger, Facebook, as well as emailaccount. After that I created a double video. 1st part shows the video you were watching (you have a good taste haha . . .), and 2nd part displays the recording of your web cam, & it is you.
You got two alternatives. Lets study these options in details:
Very first solution is to ignore this email message. In that case, I most certainly will send out your actual tape to almost all of your contacts and also visualize regarding the awkwardness you will get. Not to mention if you are in an affair, just how it will certainly affect?
Next choice would be to pay me $4000. Lets think of it as a donation. Then, I most certainly will straightaway delete your video footage. You could continue your life like this never took place and you never will hear back again from me.
You’ll make the payment through Bitcoin (if you do not know this, search for “how to buy bitcoin” in Google).
BTC Address: 13JtJDtepN4MARpKbDrWADpd592seKW1kj
[CASE SENSITIVE copy & paste it]
In case you are thinking about going to the cops, okay, this email cannot be traced back to me. I have taken care of my actions. I am also not attempting to ask you for much, I simply prefer to be paid.
You now have one day to make the payment. I’ve a specific pixel within this mail, and at this moment I know that you have read through this email message. If I don’t get the BitCoins, I will definately send your video recording to all of your contacts including family members, coworkers, and many others. However, if I receive the payment, I’ll destroy the video immediately. If you want proof, reply Yea! then I will certainly send out your video to your 11 friends. This is a nonnegotiable offer, and thus do not waste my personal time & yours by responding to this email message”.
Looks frightening, doesn’t it? And it’s not surprising: they call your real password right from the beginning, so they must had been really hacked you, right? More of that, they described how exactly they hacked you in details. They “setup a malware on the xxx videos (sex sites)” and turned your internet browser “in an RDP that has a key logger which gave me access to your screen and web camera”. And they even have all “contacts from your Messenger, Facebook, as well as email account”.
So it seems it’s not a hoax. They can really send this terrible video to all your friends… your coworkers… your boss … your friends … your lover… You’re breaking into cold sweet, your heart starts racing, you’re short of breath. You feverishly effort to prevent this horror, and the only reason to get rid of all that is to pay the attacker. So you rush to google how to make a payment in Bitcoins and …
Stop! You can relax. All this is nonsense. Nobody has implanted a malware in “xxx videos”. Your browser has never turned into “RDP that has a keylogger” (by the way, what a rubbish!). And nobody has stolen your contacts.
But… what about the password? How did they know it if they didn’t hack you?
Most likely, they found it in a database dump bought in Darknet. There are plenty of such dumps derived from databases hacked by cybercriminals. For example, in the past you could use the password for signing in to an online shop. After that, the shop’s database was hacked and sold via Darknet.
So aren’t you under threat?
No way. All you should do is just deleting the email and change the burned password if you still use it. Ah… also, you can laugh at your worries.
This email is just a scam that tries to exploits your emotions. Manipulating the feelings of guilty, shame and fear, it makes victims open their wallets. The text includes professional psychological tricks to manipulate the readers, so it’s hard for many people to resist its influence. That’s why, throughout it’s definitely a soap-bubble from technical point of view, it should be taken as a serious threat. And no doubt, many cybercriminals will use it in the nearest future.
What’s interesting, the scam emails intercepted by Comodo technologies were sent from different domains. The first was yahoo.jp and the others were from the range formed by the pattern “smith + numbers iterating from 1 to 999” + .edu”. The similar pattern was used in the email addresses with domain yahoo.jp. Actually, it’s much easier to understand by seeing than reading, so just have a look at the picture below:
Throughout all the emails include “Aaron Smith” name, the content of the emails is a bit different sometimes. Here are two other examples of the emails.
As you can see, the discrepancies are not significant and relate to some words and phrases changing. For example, “if you are making plans for going to the police” is changed for “in case you are thinking about going to the cops” etc. These changes do not alternate the sense of the message and, obviously, are created to bypass security filters. Another distinction is different Bitcoin wallets addresses. The aim is obviously the same – avoid putting all eggs in one basket. If one wallet is blocked, the others will continue gaining criminal profit. And it’s one more evidence – along with the crafted text and wide attacking IPs range – that the attack was prepared carefully.
The details of the attack
The attack started on October 09, 2018 at 7:31:36 UTC and ended on October 26, 2018 at 12:09:30 UTC. The emails was send by little chunks from 8590 IPs of 159 countries around the world.
The top 5 countries involved in the attack and the number of the emails sent from each country.
The heatmap of the attack
“This attack sharply indicates that sophistication of cyber fraud grows as well as malware- based cyberattacks”, says Fatih Orhan, the Head of Comodo Threat Research Labs.” “In the past we got used to think that scam in the Internet is something like Nigerian scam easy detectable by any reasonable person and something not to take too seriously. However, this case is much harder. Actually, the criminals’ message can be compared to a trojan for human minds. The scammers play on the people’s fear of cybercriminals — the description of how they “hacked” the victims looks very plausible, because it’s very similar to what people read in media or see on TV about malicious hackers. This plausibility helps to bypass victims’ critical thinking. And like real trojan, this psychological malware takes control on a victim’s mind and make her to pay the crooks. I’m glad that Comodo technologies helped to secure thousands people from this dangerous scam”.
Live secure with Comodo!
Tags: Criminal Emails,Cybercriminals,Sexscam
Reading Time: 6 minutes Update: check the latest version of Comodo’s free mobile security app How Your Smartphone can Turn Hazardous Your smartphone is your best friend and assistant. But within a few minutes, it can turn into an insidious betrayer. Then it begins tracking every move you make, catching every word you say or write – and pass…
Reading Time: 6 minutes Cybercriminals fond of celebration dates like Thanksgiving Day — but not for the same reason that upstanding people do. For the perpetrators, it’s the favorite time to attack. Why? Because people are tuned on pleasant and good thoughts and feelings on such days. Unfortunately, it makes them more vulnerable. When they see a greeting letter…
Reading Time: 6 minutes Cryptomining has become a gold rush of nowadays, and cybercriminals are also seized by it. They invent more and more cunning gimmicks to infect users’ machines and make them mine cryptocurrency for the attackers’ profit. The cybercrime recently detected by Comodo specialists is a striking illustration of this process. To infect users all over the…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats