Archives: Cybercrime Alerts

What would you do if you received an email from someone claiming to have hacked your computer and recorded you via your webcam while you were engaged in watching porn, then threatening to send the video to everyone in your email and social media contact lists if you don’t pay a ransom? Would you pay the ransom? Even if you’ve never viewed porn, what if they made the same threat to reveal the private details of all your emails?

This type of email is being circulated to people and has been reported to Safe Communities Portugal.

These sorts of emails are not to sent to individuals by name and the details of what you have supposed to have watched are never shown in the email. In other words these are a phishing attempt to scare you either into paying money or providing personal data in a phishing attempt.

Never pay up or reply – simply delete and block sender.

Some people have reported that they received a version of the email which includes a real password they’ve used in the past. Does this mean that they should be concerned?

In these cases it is still a scam, but you should be concerned that your password has been compromised. Often this happens not because someone has hacked into your computer but that the password was obtained through an account which you have say with Yahoo or Amazon etc which has been hacked into in the past. Research suggests over 500 million passwords hacked in this way. The password in the email was likely one of them.

If it is still an active password for you, the scam email should be a big wake-up call that you need to ensure you are using unique and secure passwords for every one of your accounts. Change the email and ensure that you do not use the same password for multiple emails.

Here is an example

“THIS IS NOT A JOKE – I AM DEAD SERIOUS!

Hi perv,

The last time you visited a p0rnographic website with teens, you downloaded and installed software I developed.

My program has turned on your camera and recorded the process of your masturbation.

My software has also downloaded all your email contact lists and a list of your friends on Facebook.

I have both the ‘Info.mp4’ with your masturbation as well as a file with all your contacts on my hard drive.

You are very perverted!

If you want me to delete both the files and keep the secret, you must send me Bitcoin payment. I give you 72 hours for payment.

If you don’t know how to send Bitcoins, visit Google.

Send 2.000 USD to this Bitcoin address immediately:

38iiASSTZ16ptCeUxgKVqWtt9DwaHU3t2P

(copy and paste)

1 BTC = 3,580 USD right now, so send exactly 0.567862 BTC to the address provided above.

Do not try to cheat me!

As soon as you open this Email I will know you opened it.

This Bitcoin address is linked to you only, so I will know if you sent the correct amount.

When you pay in full, I will remove the files and deactivate my program.

If you don’t send the payment, I will send your masturbation video to ALL YOUR FRIENDS AND ASSOCIATES from your contact list I hacked.

Here are the payment details again:

Send 0.567862 BTC to this Bitcoin address:

—————————————-

38iiASSTZ16ptCeUxgKVqWtt9DwaHU3t2P

—————————————-

You саn visit police but nobody will help you. I know what I am doing.

I don’t live in your country and I know how to stay anonymous.

Don’t try to deceive me – I will know it immediately – my spy ware is recording all the websites you visit and all keys you press.

If you do – I will send this ugly recording to everyone you know, including your family.

Don’t cheat me! Don’t forget the shame and if you ignore this message your life will be ruined.

I am waiting for your Bitcoin payment.

If you need more time to buy and send 0.567862 BTC, open your notepad and write ’48h plz’.

I will consider giving you another 48 hours before I release the vid.

Anonymous Hacker”

Facebook has revealed that a software bug exposed the photos of up to 6.8 million users, including pictures they had not posted.

It made the announcement a day after hosting its pop-up privacy experience “It’s Your Facebook” in New York’s Bryant Park.

It said several third-party apps had access to “a broader set of photos than usual” for 12 days in September.

The company said it would notify affected users.

It is the latest in a series of data breaches at the social network, which has faced scrutiny following the Cambridge Analytica data scandal.

“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline.

“In this case, the bug potentially gave developers access to other photos,” the company said in a blogpost.

It said up to 1,500 apps were affected by the glitch.

As well as letting developers access photos on a user’s timeline, it gave them access to photos posted in Stories and Marketplace, among other features.

It also let them see photos that people had uploaded but not posted on Facebook, for example if they had started writing a post but not finished it.

Facebook said it would be working with affected developers to help them “delete the photos from impacted users”.

The records of 500 million customers of the hotel group Marriott International have been involved in a data breach.

The hotel chain said the guest reservation database of its Starwood division had been compromised by an unauthorised party.

It said an internal investigation found an attacker had been able to access the Starwood network since 2014.

Marriott International bought Starwood in 2016, creating the largest hotel chain in the world with more than 5,800 properties.

Starwood’s hotel brands include W Hotels, Sheraton, Le Méridien and Four Points by Sheraton. Marriott-branded hotels use a separate reservation system on a different network.

Marriott said it was alerted by an internal security tool that somebody was attempting to access the Starwood database. After investigating, it discovered that an “unauthorised party had copied and encrypted information”.

It said it believed its database contained records of up to 500 million customers.

For about 327 million guests, the information included “some combination” of: name, address, phone number, email address, passport number, account information, date of birth, gender and arrival and departure information

It said some records also included encrypted payment card information, but it could not rule out the possibility that the encryption keys had also been stolen.

“We deeply regret this incident happened,” the company said in a statement.

“Marriott reported this incident to law enforcement and continues to support their investigation. The company has already begun notifying regulatory authorities.”

The company has set up a website to give affected customers more information. It will also offer customers in the US and some other countries a year-long subscription to a fraud-detecting service.

In a statement, the UK’s Information Commissioner’s Office said: “We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries. If anyone has concerns about how their data has been handled they can report these concerns to us.”

What should I do if I’m affected?

The Marriott group said it would contact affected customers whose email addresses were in the Starwood reservation database.

The database contained details of reservations made on or before 10 September 2018.

The company has set up a dedicated help website for those affected and is also operating a free helpline. For UK customers the number is 0808 189 1065.

Marriott is not certain whether the attackers were able to obtain payment information, so be aware of any suspicious transactions on your account.

Also be aware that scammers may be sending out mass emails pretending to represent the Marriott group.

The company says it will not include attachments in its notification emails and will not ask for personal information over email. If in doubt, call the helpline.

The company is offering affected customers a year-long subscription to a fraud-checking service.

Beware of this email purportedly from Barclays Bank. The sender’s email address is info (at) comms.barclays.com

It is convincing, providing fraud prevention information and advice which is timely with the approach of Christmas. It reads as follows:

“Dear xxx,

With the festive season upon us, many people will be looking forward to some well-earned time off.

 Stay safe from fraud by making sure you and your family understand these risks and how to report any issues.

It gives advice for example:

“Online shopping

More and more people are shopping online. Ensure you have anti-virus software on your computer, laptop or mobile device.

Try to use online retailers you know and trust and avoid those with poor ratings, as fraudsters can trick shoppers into making purchases on scam websites”.

However, the email appears to be fraudulent and the two links provided do not appear to link to a recognized Barclays Bank website pages. Safe Communities Portugal have contacted Barclays Bank and their reply is as follows:

“Thank you for your email.

We are aware of a number of email scams that are currently operating. We will review the one you have sent to us and take appropriate action

We screen every email received and any evidence of phishing attempts or other scams are reported to the relevant authorities.

Stay safe online

Whilst Barclays may contact you from time to time with useful information related to products and services which may be of benefit.  We will never send you the following..

• Emails containing attachments
• Emails with links taking you directly to our Online Banking Log in pages.
• Emails requiring you to reply with personal information such as date of birth, pin numbers or other security details.
• Emails containing alleged transaction activity.
• Emails related to invoicing of accounts or to confirm sales through retail websites.

Please also refer to our fraud prevention guide online by following this link

www.barclays.co.uk/fraudprevention

As expected, following Black Friday and Cyber Monday we are aware of an increasing number of fraudulent emails now being received in the name of DHL, inviting recipients to click on a link or an attachment to open a delivery document.

By doing this will either download a virus onto your computer or it is a phishing attempt to steal personal information. Scams in the name of FEDEX and UPS also exist.

Advice from DHL

DHL recommends not opening the emails if identified as being “from” DHL, and one or more of the following is the case:

• You have received an email without a tracking number and you are not doing business with DHL
  § The email has an attachment and you are not aware that you are doing business with DHL
  § The email instructs you to open an attachment for the tracking number
  If in any doubt check with your local DHL branch directly.

How to recognise fake emails
https://www.safecommunitiesportugal.com/…/on-line-parcel-d…/

DHL Fraud Awareness information
http://www.dhl.com/en/legal/fraud_awareness.html…

This Christmas, Action Fraud and City of London Police are reminding shoppers to take extra care when shopping for gifts online. As consumers search online for bargains and gifts for loved ones, fraudsters are seeing this as an opportunity to trick people with the promise of great deals and big cash savings.

The latest report by Action Fraud shows that fraudsters conned 15,024 shoppers out of more than £11 million over the Christmas period last year.

People are being defrauded on popular social media websites and online auction sites. Action Fraud works together with platforms including Gumtree to combat fraud and to issue protect advice to consumers.

Mobile phones were once again the most common item that people tried to buy from fraudsters. Victims reported being hooked in with bargain deals on some of the most popular models of smart phones, only for the phone to never actually arrive and leaving them without presents to give on Christmas Day. Apple iPhones accounted for 74% of all mobile phones purchased that turned out to be fraudulent.

Electrical goods (including games consoles), household items, computers, clothing, and accessories also featured in many of the reports. Examples including Fingerling toys, UGG Boots and Apple MacBook’s were among the most popular items victims reported losing money to fraudsters on.

Last year, more than 30% of reports were made by women aged between 20 and 29, however anyone can fall victim to Christmas shopping fraudsters during the festive period.

This year’s campaign urges all shoppers to look out for the warning signs that mean an offer may be too good to be true. Action Fraud will provide useful fraud and cyber crime prevention tips throughout December to stop people from getting conned out of the Christmas they deserve.

Don’t get caught out by the Christmas rush!

• If something seems too much of a bargain, it’s probably poor quality, fake or doesn’t exist.
• Don’t pay for goods or services by bank transfer unless you know and trust the person. Payments via bank transfer offer you no protection if you become a victim of fraud.
• Make sure you’ve installed the latest software & app updates. Criminals use weaknesses in software to attack your devices and steal information, such as your payment details.
• Use a strong, separate password and 2FA to protect your email account. Criminals can use your email to access other online accounts, such as those you use for online shopping.
• Don’t click on a link in an unexpected email or text. The volume of online shopping related phishing emails increases during the holiday period. Remember, if a deal seems too good to be true, it probably is.

Another of these Nigerian Scams received by email on 30th November 2018, from Martin Jones (unlikely real name) email fm8587166 (at) gmail.com.

Off course there is no money and the fraudster is simply trying to obtain your personal data.

Simply deleted – do not reply.

“Dear Sir,

Please pardon me for this unsolicited communique.

 do have the trusteeship of a PRIVATE investor with a stormy political background to outsource individuals with sound Financial Management abilities to manage over US$1.3B devoid of his name. These funds can be invested in tranches of US$100M or a tranche that is suitable for the portfolio manager.

If you have Financial Management abilities, credible project in need of funding or existing business requiring expansion, your feedback would be appreciated.

Sincerely,

Martin Jones

Managing Partner

FINANCIAL MANAGEMENT AND ADVISORY SERVICES LIMITED”

Watch out for this Phishing attempt to obtain your personal details, received 29th November 2018.

This is fairly typical .

“Sometimes, I do wonder if you are really, really with your senses. How Could you keep trusting people and at the end you will loose your hard Earned money, or are you being deceived by their big names? They Impersonate on many offices, claiming to be Governors, Directors/Chairmen of one Office or the other. Their game plan is only just to extort your hard Earned money. Now, the question is how long you will continue to be Deceived? Sometimes, they will issue you fake check, introduce you to fake Diplomatic delivery, un-existing on-line banking and they will also fake wire transfer of Your fund with Payment Stop Order and even send you fake Atm cards etc.

Anyway, by the virtue of my position I have been following this Transaction from inception and all your efforts towards realizing the Fund. More often than not, I sit down and laugh at your ignorance and That of those who claim they are assisting you, it is very unfortunate That at the end you loose. Although, I don’t blame you because you are Not here in Nigeria to witness the processing of your payment in Nigeria. The problem you are having is that you been told the whole truth About this transaction and it is because of this truth they decided to Be extorting your money. The most annoying part is even fraudsters Have really taken advantage of this opportunity to enrich them selves At your expense. Those you feel are assisting or working for you are Your main problems. I know the truth surrounding this payment and I am The only person who will deliver you from this long suffering if you will abide by my advice.

They claim that they are helping you and you forward all the fraudulent e-mails you receive to them. At the end they do nothing about the fraudsters. Soon they will ask you to pay money to receive a compensation of millions of dollars Do not pay any money to them because they are only interested in your hard earned money and you will never receive any compensation in return, they will always keep coming back to ask for more money.

Please I beseech you to stop pursuit of shadows and being Deceived. Feel free to contact me immediately you receive this mail so that I can Explain to you the modus-operandi guiding the release of your Payment. Do not panic, be rest assured that this arrangement will be Guided by your Embassy here in Nigeria.

N/B: You are urgently requested to provide me with the following information

Full Name:

Address:

Telephone Number:

Passport Or National Identity Copy:

Contact me upon the receipt of this mail if you wish to receive your fund and stop wasting your hard earn money..

I await your urgent response.

Yours Sincerely,

Mr. Ibrahim Mustafa Magu.

CHAIRMAN ECONOMIC & FINANCIAL CRIME COMMISSION”

A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state.

According to a lengthy report published on 4^th October by Bloomberg, a tiny surveillance chip, not much bigger than a grain of rice, has been found hidden in the servers used by nearly 30 American companies, including Apple and Amazon.

The malicious chips, which were not part of the original server motherboards designed by the U.S-based company Super Micro, had been inserted during the manufacturing process in China.

The report, based on a 3-year-long top-secret investigation in the United States, claims that the Chinese government-affiliated groups managed to infiltrate the supply chain to install tiny surveillance chips to motherboards which ended up in servers deployed by U.S. military, U.S. intelligence agencies, and many U.S. companies like Apple and Amazon.

Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code.”

The chips suspected to have been added to help Chinese government spy on American companies and their users—basically a “hardware hack” that according to the publication is “more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.”