It is a well-known fact that our oceans are over fished. As if that is not enough, so too are our inboxes. While a different kind of “phishing”, email hacking and scams are increasing with every turn of the tide, most of us count on our email provider to include a level of spam filtering that is sufficient for keeping email hackers at bay. But the net of malicious emails being cast out by hackers is more like a dragnet that cannot be avoided.
If you check your ‘spam’ folder right now, you will likely find many unwanted messages from people—or rather, bots—you don’t know, all the product of what we call Random Access Trojans (RATs). This is an entirely different animal than a “phish.” A RAT can do almost anything, from rummaging through you files to steal data to crashing the system and infecting it with other malware—or even using it to infect other computers.
When RATs Phish
RATs are what enable phishing. The bait? Fear. Fear that most email users are unsuspecting and will fall for the promise of keeping some unknown aspect of their lives from being revealed on the internet. These malicious trolls, more recognizable as malware, may take money, data, or privacy as a form of payment. Around one in every hundred messages sent is a malicious hacking attempt. That might not seem like a large figure, but when millions of messages are sent every day, it adds up — especially when it just takes one employee to fall victim to a phishing message and potentially lead to a whole organization towards compromise.
1.38M new and unique phishing sites are created each month, attempting to extort money, data, or Bitcoin from you. These sites may appear to be, for example, your financial institution luring you to a fake site, asking for Pii in the form of an account number. Ninety-three percent of the phishing emails that attempt to drive you to the extortionist’s site are a result of ransomware, or RATs, that will hijack your computer or your data. Until you pay up, that is.
Recent Phishing Expeditions
In recent news, one such spam or ‘phishing’ campaign made the rounds. Commonly referred to as the “I’m a programmer who cracked your email” scam, it has been hijacking people’s inboxes demanding victims pay up using Bitcoin. The hackers (or programmers) responsible for this scam demand that recipients pay the equivalent of $870 in Bitcoin, imposing a 48-hour deadline. The message may look something like this:
The message may look something like this:
From : MY EMAIL ADDRESS@hec.ca
To : PASSWORD <MY EMAIL ADDRESS@hec.ca>
Date: 27 oct. 2018 00:49
Subject: MY EMAIL ADDRESS has password PASSWORD. Password must be changed
Sent from: hec.ca
I’m a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I catched it.
Your password from email@example.com on moment of crack: PASSWORD
Of course, you can will change your password, or already made it.
But it doesn’t matter, my rat software update it every time.
Please don’t try to contact me or find me, it is impossible, since I sent you an email from your email account.
Through your e-mail, I uploaded malicious code to your Operation System.
I saved all your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also, I installed a rat software on your device and long tome spying for you.
You are not my only victim; I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.
I am in shock of your reach fantasies! Wow! I’ve never seen anything like this!
I did not even know that SUCH content could be so exciting!
So, when you had fun on intime sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I jointed them to the content of the currently viewed site.
Will be funny when I send these photos to your contacts! And if your relatives see it? BUT I’m sure you don’t want it. I definitely would not want to …
I will not do this if you pay me a little amount.I think $827 is a nice price for it!
I accept only Bitcoins. My BTC wallet: XXXXXXXXXX
If you have difficulty with this – Ask Google “how to make a payment on a bitcoin wallet”. It’s easy.
After receiving the above amount, all your data will be immediately removed automatically.
My virus will also will be destroy itself from your operating system. My Trojan have auto alert, after this email is looked, I will be know it!
You have 2 days (48 hours) for make a payment.
If this does not happen – all your contacts will get crazy shots with your dirty life!
And so that you do not obstruct me, your device will be locked (also after 48 hours)
Do not take this frivolously! This is the last warning! Various security services or antiviruses won’t help you for sure (I have already collected all your data).
Here are the recommendations of a professional: Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!
I hope you will be prudent.
Hackers Don’t Take Cash
Cybercriminals who claim to have stolen your personal information, demanding you pay ransom to secure it, may ask for various forms of payment, including bitcoin. In fact, there is evidence of victims paying up to 18K in bitcoin. And if you do not if you do not meet their demands, they will threaten to lock your computer and send your personal information or private, sometimes revealing photos to all your contacts.
Spammers are using a variety of breached databases to draw from personal information to use as evidence that they really do have some type of damaging information on the target. Additionally, these fraudulent emails are now being sent to a larger audience. Previously, mainly English speaking people were chosen, but starting in September campaigns have been launched against German, Italian, Arabic, and Japanese speakers. Any English speaker can tell just from reading the email text that it was not written by a native speaker—or even someone who knows the language well.
Not all scammers make ransom demands. Some send emails with malicious attachments and encourage people to open them because it benefits the hackers when a recipient simply opens the message and clicks on the attachment. In this way, email messages serve as virtual inroads to a super-highway of access points to a corporate network, which can potentially leave an entire enterprise vulnerable to compromise.
When it Looks Like Your Email Has Been Hacked
If you received an email message that says “I’m a programmer who cracked your email account and device about half year ago” and appears to be sent to you from your own email address, ignore it. The message is probably fraudulent, and no one actually hacked your email account or device.
Any email message could appear to be frightening because it will look as if it was sent from your own account; hackers will make threatening claims that they used your current or previous password to access your account. Looks are deceiving. Bad actors and opportunistic promoters quickly alter their approaches, which makes it difficult for any vendor to address 100% of spam so always report suspicious activity.
An Ounce of Prevention
Always use a trusted vendor for email security and sanitization. Look for features that enable automated detection and removal of hidden active code within email messages, attached files, or documents downloaded from the internet. This ensures malware embedded by hackers is eliminated before it has the chance to infect a network.
Organizations of any size should make sure their email security solution has SPF, DKIM and DMARC features (that can detect an email scam), which also allows for custom rules to be applied to protect employees from BEC. Ensure there is functionality that works to automatically to remove sensitive data in email attachments, and protects it from being shared outside of the organization, redacting sensitive data that employees might have otherwise shared with a cybercriminal.
1 – Update your antivirus solution
2 – Don’t open or click on email from unknown senders
3 – Scrutinize email addresses and URLs, and hover before you click
4 – If it sounds too good to be true, it probably is
5 – Be careful when viewing emails on smartphones as phishing indicators can be more difficult to identify
6 – Keep software updated and perform regular data back-ups
7 – You may want to consider changing your email address if unwanted spam continues
8 – Contact your Internet Service Provider (ISP) as they are constantly working to identify and block messages from suspicious IP addresses
Email phishing has been going on since the 1990’s. Back then, we never would have predicted this would still be a problem in 2018. It would have seemed unimaginable. One can hope it will not be such a huge challenge in five or ten years from now, but if email is around, RATs will Phish.