Articles on: Security Info

Latest Bitcoin Blackmail Scam

Dear clients,

Referring to our article title, it is imperative to take notice of the recent rise of such global scam activity with the following email subject.

“account target@domain.com is compromised”



Reference:

US-CERT (United States Computer Emergency Readiness Team)

FBI (Federal Bureau of Investigation)

Intego (Security company)

Fox News



Maybe some of you might not have received such threats in your email inbox but recently we have received several reports from our clients regarding emails of similar nature. As a responsible web hosting provider, we would like to share with you some case studies which we have compiled. So let's go through some of the header & content.


A) Email header + content

Any email divided into an Email header and Email body.
Email header record every single relay point of the email went through before reaching your mailbox.
It is like how you trace your parcel from courier express when you purchase something online.






Suspicious Email Content #1:




Analysis #1:
If you have my email account password, why not you direct authenticate/relay over the mail server but need to send from a third party host [12.12.12.123] then acting as if that you know my password?


Suspicious Email Content #2:




Analysis #2:

The spammer seems trying to put in pressure.

If he/she is a real hacker who gained “full access” to my laptop/desktop then he/she should deploy a ransomware but not perform a scam and wait for me to take the bait.



Suspicious Email Content #3:





Analysis #3:
My spoiled camera already stop working for a period of time and the most frequent website i view is ServerFreak.com , now you really make me laugh, i get your joke! LoL


Suspicious Email Content #4:




Analysis #4:

It seems that you care more than me about the data leak and also provide me the steps how to make payment through Bitcoin.



This is also why we call it a "Bitcoin blackmail scam"




Suspicious Email Content #5:




Analysis #5:
Spammer! I read the similar mail from you last week, you did not keep track on that?


Email actually got a function “Read receipts” and why you need to spend time write a Trojan to track?



Suspicious #6:




Analysis #6:
Finally, I saw a meaningful line in the whole content…Yes, Do not be silly with such scam and I will sure help my friends and clients by spreading out this information ^^



Bye Mr. Spammer and good try.





B) Domain Spoofing

Any domain in this internet can be a victim of domain spoofing.


We deploy SPF record to all shared hosting domains that use our DNS as default to reduce the damage of email spoofing.


The damage only can be reduce through the deploying of SPF, DKIM and DMARC but no technology at the moment that able to prevent domain spoofing.



Please feel free to contact our team by providing them the full email header via our helpdesk if you need a further analysis.

Updated on: 05/11/2018

Was this article helpful?

Share your feedback

Cancel

Thank you!