Internet Scam

[mzawf]

Information Source.. Harry Hamburg
Editor, Exponential Investor
Be on your guard- the anatomy of a near-perfect internet scam
Hello

Over the last week or so, a particularly clever scam email has been circulating.

There’s a good chance you or someone you know has had this exact email in the last few weeks, or some variation of it.

The email is no more dangerous or truthful than the “Nigerian prince” and “lottery” scams that were popular a decade or so ago. But it doesn’t feel that way when you get it.

That’s because it tells you just enough information about yourself to make you believe it.

It basically tells you you’ve been hacked. It either comes from your own email or from a “darknet” hacker with some random username.

The reason many people end up believing it is because it usually lists your own password in the email.

Then it tells you the hacker has installed malware on to your computer and has been watching you on your webcam.

The hacker has access to all you files, all your contacts and numerous videos of you “enjoying yourself” while visiting various internet sites.

The hacker also has screen captures of all the sites you’ve been visiting and all the conversations you’ve been having with all your contacts.

Basically,a number of possible potential situations and is sure to hit home on at least one.

And what is the hacker planning to do with these videos, photos and message logs?

Send them to all of your contacts, of course… unless you pay them a ransom in bitcoin.

Here’s a screenshot of one of the emails sent to my friend over the weekend:

The key to why this scam is so successful is because it gives you information the scammer couldn’t possibly have unless they had all the things on you they said they do.

The truth is, they don’t actually have any of these things. If they did, they’d also include one of the screenshots or message logs they claim to have.

However, if you get one of these emails do not ask for proof. If you do the scammer will simply attach a real malware program that will be able to do all the things they claim to have already done.

Never open email attachments from people you don’t know. Don’t even open attachments from people you do know if you weren’t expecting them to send you something.

So, if they don’t have the things on you they claim to, how do they have one of your passwords? Or how did they send the email to you from your own address?

Let’s take a look.
There are four main ways you can get hacked:
1. Someone physically steals your equipment and logs in
2. You download some malware
3. A company or service you use gets hacked
4. You fall for a phishing scam.
Route one is usually the most distressing. But, at least you know it has happened instantly and you can take the necessary precautions.

If you lose your phone or laptop, or are a victim of theft you wil need to change all your passwords as soon as practically possible.

And if there’s a possibility to log into your device remotely and wipe it that’s one less worry to be concerned over

Route two is the most insidious and usually the most dangerous. There really is malware out there that can do all the things that scam email claims to have done.

And it is easy for even novices to use. The “hacker” wouldn’t really have to have any programming knowledge to use it.

They simply buy the script from a real hacker and start getting people to download it. Hence the computer term “script kiddie” for these hacking types

The thing is they have to get you to download their malware script in the first place. As long as you are careful about the files you download and the email attachments you open this shouldn’t be a problem.

Your virus scanner should also pick up on any malware you’ve been unfortunate enough to download. However, the quality of virus scanners varies greatly. And the most expensive ones aren’t necessarily the best.

It’s a good idea to download the free Malware Bytes scanner and run it if you think you might have downloaded anything suspicious. It’s free to use if you don’t need it running all the time.

I have no affiliation with Malware Bytes. I just know it is widely regarded a one of the best in the business.

Many people get hacked through no fault of their own
Now this brings us on to route three.

This is how most people get hacked. They get hacked entirely through no fault of their own and there was nothing extra they could have done to prevent it.

Almost every company and service on the internet now requires you to make an account, giving them your email address and creating a password.

It makes a lot of sense to use throwaway passwords for sites you don’t really trust. You could use a less complicated password for sites and services that don’t store much private information on you.

The more private information a service has on you the stronger and more unique your password should be.

At the top of the pile here is the login to your email address. If hackers get this, they can usually get access to everything else via lost password forms.

So make sure to use a completely unique password for your email login, and if you can, use two-factor authentication as well (2FA).

With 2FA on, if someone tries to login from a different device or location to where you usually do, you’ll have to verify it with a short code.

This code is usually either sent to you via text, or it can be set up in an app that continuously cycles codes based on an algorithm.

I don’t really have space to get into the ins and outs of 2FA here. Other than to say, if you have the option of using it, you probably should be.

But if 2FA and the technology behind it would be something you’d like to know more about send me an email: harry@southbankresearch.com and if I get a few responses I’ll write an Exponential Investor all about it.

So, let’s say a website you use gets hacked: Twitter, LinkedIn, Ticketmaster, Adobe, British Airways… they have all been breached over the last few years.

The chances are at least one website you gave an account with has been hacked.

You can type your email address into haveIbeenPwned.com to check (I wrote an issue about that service a few months ago. You can read it here).


How I got hacked
When a big company hack happens, the hackers will often upload a massive list of all the login details of the users somewhere on the internet.

This is called a “paste” because they are copying and pasting the list of users’ accounts.

If you use that email address and password combination for more than one service, changes are you are now going to get anything that uses it hacked.

This happened to me earlier this year. My account was included in a paste of Ticketmaster accounts.

I used the same email and password for my Zipcar account as I did for Ticketmaster. Within a day or two of the Ticketmaster hack I had people logging into my Zipcar account and hiring cars under my name.

That’s how easy it is to get your account hacked. You don’t even have to do anything wrong yourself.

A lot of the time these massive company hacks don’t get reported until months later.

The hackers won’t initially just paste the users’ details on to the internet for free. They’ll sell them on a few times first. They are usually in this to make money, after all.

And that brings us on to route four: phishing scams.

These are the most common ones people fall for. And they are usually powered by route three hacks.

Here’s a good definition of phishing from our friend Wikipedia:

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.


Basically hackers go on a “fishing trip”. They give you some information and see if you’ll bite.

Phishing scams are wide ranging and come in many, many different varieties: fake websites, fake login screens, fake ads, call or emails from “your bank”, etc.

The scam I opened with today is a classic phishing scam. Here’s how it works.

The scammers obtain a paste of a company hack. They then use a program to scrape the email addresses and password combinations from this paste and send out thousands of emails to these names.

The email is a template.

The things that will change are the hacker’s “darknet name”. The victim’s name and password. And, if the scammers are clever, the bitcoin address to send the money to.

(Although if they were really clever, they wouldn’t be using bitcoin at all as it is not anonymous. They would be much better using Monero.
Some of the recipients will be using the same password for their email as they were for whatever service it was that was hacked. If they are this will make them much more likely to send the scammers money.

This is just one reason why it’s so important to keep your email address password separate from all your other accounts. Your email account is like the gatekeeper to all your other accounts. I can’t stress this enough.

“90% isn’t very sure, Harry!”
My friend who got this email over the weekend pointed out the password the email listed was not their email address password. But it was a password they used for other services from time to time.

Even though they knew this meant the scammer was lying, they still felt very unnerved by it. I mean, you would, wouldn’t you?

I looked into it for them and said I was 90% sure the email was a scam and they had nothing to worry about. But that they should run Malwarebytes anyway, just to be safe.

Their message came back: 90% isn’t very sure, Harry!

To be fair, it really isn’t. I had another look around and saw this same email was being posted around
the web with many people asking about it.

After that I told them I was 99% sure it was a scam. I mean, you can never be 100% sure of anything, can you?

That was on Saturday. At the time only a few, more underground places were reporting on this new scam. By yesterday, it had already appeared in The Daily Mail.

So if you get a similar email. You can be pretty certain it is a scam.

The reason why this scam seems to have exploded this week is probably due to a big company hack that we’re not yet aware of.

I asked my friend to check their email address on Have I Been Pawned, and nothing recent came up.

They had been victim of some older company hacks. Most people have. But the amount of people now getting this specific email tells me we’re about to see another major company hack surface in the news over the next few weeks or months.

I don’t know which company it is yet, but I have a feeling it will be a big one.

in my opinion the way to solve problems like this? Yes, you guessed it, crypto & BlockChain technology

If companies switched to a blockchain or crypto based-approach, there would be no user details to hack. The company would never store them in the first place.

This would mean any company could be hacked and YOU would not have to pay the price for its incompetence.

The current model, whereby each company keeps a centralised database of user details, is really a terrible model.

It creates a massive honeypot for hackers to target. Hack one computer at one company and you can get access to potentially millions of user logins.

If these systems were crypto or blockchain based, each user would keep their own data and only give the company access to it when it was needed.

This is another great example of why crypto is so important. It’s not about magic internet money, it’s about building a better computer infrastructure.
original source:
Harry Hamburg
Editor, Exponential Investor

[mzawf]

Information Source.. Harry Hamburg
Editor, Exponential Investor
Be on your guard- the anatomy of a near-perfect internet scam
Hello
Over the last week or so, a particularly clever scam email has been circulating.
There’s a good chance you or someone you know has had this exact email in the last few weeks, or some variation of it.
The email is no more dangerous or truthful than the “Nigerian prince” and “lottery” scams that were popular a decade or so ago. But it doesn’t feel that way when you get it.
That’s because it tells you just enough information about yourself to make you believe it.
It basically tells you you’ve been hacked. It either comes from your own email or from a “darknet” hacker with some random username.
The reason many people end up believing it is because it usually lists your own password in the email.
Then it tells you the hacker has installed malware on to your computer and has been watching you on your webcam.
The hacker has access to all you files, all your contacts and numerous videos of you “enjoying yourself” while visiting various internet sites. The hacker also has screen captures of all the sites you’ve been visiting and all the conversations you’ve been having with all your contacts. Basically,a number of possible potential situations and is sure to hit home on at least one.
And what is the hacker planning to do with these videos, photos and message logs?
Send them to all of your contacts, of course… unless you pay them a ransom in bitcoin.

hamburg.png

Here’s a screenshot of one of the emails sent to my friend over the weekend:
The key to why this scam is so successful is because it gives you information the scammer couldn’t possibly have unless they had all the things on you they said they do. The truth is, they don’t actually have any of these things. If they did, they’d also include one of the screenshots or message logs they claim to have.
However, if you get one of these emails do not ask for proof. If you do the scammer will simply attach a real malware program that will be able to do all the things they claim to have already done.
Never open email attachments from people you don’t know. Don’t even open attachments from people you do know if you weren’t expecting them to send you something.
So, if they don’t have the things on you they claim to, how do they have one of your passwords? Or how did they send the email to you from your own address?
Let’s take a look.
There are four main ways you can get hacked:
1. Someone physically steals your equipment and logs in
2. You download some malware
3. A company or service you use gets hacked
4. You fall for a phishing scam.
Route one is usually the most distressing. But, at least you know it has happened instantly and you can take the necessary precautions. If you lose your phone or laptop, or are a victim of theft you wil need to change all your passwords as soon as practically possible.
And if there’s a possibility to log into your device remotely and wipe it that’s one less worry to be concerned over
Route two is the most insidious and usually the most dangerous. There really is malware out there that can do all the things that scam email claims to have done. And it is easy for even novices to use. The “hacker” wouldn’t really have to have any programming knowledge to use it.
They simply buy the script from a real hacker and start getting people to download it. Hence the computer term “script kiddie” for these hacking types
The thing is they have to get you to download their malware script in the first place. As long as you are careful about the files you download and the email attachments you open this shouldn’t be a problem.
Your virus scanner should also pick up on any malware you’ve been unfortunate enough to download. However, the quality of virus scanners varies greatly. And the most expensive ones aren’t necessarily the best.
It’s a good idea to download the free Malware Bytes scanner and run it if you think you might have downloaded anything suspicious. It’s free to use if you don’t need it running all the time. I have no affiliation with Malware Bytes. I just know it is widely regarded a one of the best in the business. Many people get hacked through no fault of their own
Now this brings us on to route three. This is how most people get hacked. They get hacked entirely through no fault of their own and there was nothing extra they could have done to prevent it. Almost every company and service on the internet now requires you to make an account, giving them your email address and creating a password. It makes a lot of sense to use throwaway passwords for sites you don’t really trust. You could use a less complicated password for sites and services that don’t store much private information on you. The more private information a service has on you the stronger and more unique your password should be.
At the top of the pile here is the login to your email address. If hackers get this, they can usually get access to everything else via lost password forms.
So make sure to use a completely unique password for your email login, and if you can, use two-factor authentication as well (2FA).
With 2FA on, if someone tries to login from a different device or location to where you usually do, you’ll have to verify it with a short code.
This code is usually either sent to you via text, or it can be set up in an app that continuously cycles codes based on an algorithm.
I don’t really have space to get into the ins and outs of 2FA here. Other than to say, if you have the option of using it, you probably should be.
So, let’s say a website you use gets hacked: Twitter, LinkedIn, Ticketmaster, Adobe, British Airways… they have all been breached over the last few years.
The chances are at least one website you gave an account with has been hacked.
You can type your email address into haveIbeenPwned.com to check (I wrote an issue about that service a few months ago. You can read it here).
How I got hacked
When a big company hack happens, the hackers will often upload a massive list of all the login details of the users somewhere on the internet. This is called a “paste” because they are copying and pasting the list of users’ accounts.
If you use that email address and password combination for more than one service, changes are you are now going to get anything that uses it hacked. This happened to me earlier this year. My account was included in a paste of Ticketmaster accounts.
I used the same email and password for my Zipcar account as I did for Ticketmaster. Within a day or two of the Ticketmaster hack I had people logging into my Zipcar account and hiring cars under my name.
That’s how easy it is to get your account hacked. You don’t even have to do anything wrong yourself.
A lot of the time these massive company hacks don’t get reported until months later.
The hackers won’t initially just paste the users’ details on to the internet for free. They’ll sell them on a few times first. They are usually in this to make money, after all.
And that brings us on to route four: phishing scams. These are the most common ones people fall for. And they are usually powered by route three hacks. Here’s a good definition of phishing from our friend Wikipedia:
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Basically hackers go on a “fishing trip”. They give you some information and see if you’ll bite.
Phishing scams are wide ranging and come in many, many different varieties: fake websites, fake login screens, fake ads, call or emails from “your bank”, etc. The scam I opened with today is a classic phishing scam. Here’s how it works.
The scammers obtain a paste of a company hack. They then use a program to scrape the email addresses and password combinations from this paste and send out thousands of emails to these names.
The email is a template.
The things that will change are the hacker’s “darknet name”. The victim’s name and password. And, if the scammers are clever, the bitcoin address to send the money to.
(Although if they were really clever, they wouldn’t be using bitcoin at all as it is not anonymous. They would be much better using Monero. Some of the recipients will be using the same password for their email as they were for whatever service it was that was hacked. If they are this will make them much more likely to send the scammers money.
This is just one reason why it’s so important to keep your email address password separate from all your other accounts. Your email account is like the gatekeeper to all your other accounts. I can’t stress this enough. “90% isn’t very sure, Harry!”
My friend who got this email over the weekend pointed out the password the email listed was not their email address password. But it was a password they used for other services from time to time. Even though they knew this meant the scammer was lying, they still felt very unnerved by it. I mean, you would, wouldn’t you? I looked into it for them and said I was 90% sure the email was a scam and they had nothing to worry about. But that they should run Malwarebytes anyway, just to be safe.
Their message came back: 90% isn’t very sure, Harry!
To be fair, it really isn’t. I had another look around and saw this same email was being posted around
the web with many people asking about it. After that I told them I was 99% sure it was a scam. I mean, you can never be 100% sure of anything, can you? That was on Saturday. At the time only a few, more underground places were reporting on this new scam. By yesterday, it had already appeared in The Daily Mail.
So if you get a similar email. You can be pretty certain it is a scam. The reason why this scam seems to have exploded this week is probably due to a big company hack that we’re not yet aware of. I asked my friend to check their email address on Have I Been Pawned, and nothing recent came up.
They had been victim of some older company hacks. Most people have. But the amount of people now getting this specific email tells me we’re about to see another major company hack surface in the news over the next few weeks or months.
I don’t know which company it is yet, but I have a feeling it will be a big one, in my opinion the way to solve problems like this? Yes, you guessed it, crypto & BlockChain technology
If companies switched to a blockchain or crypto based-approach, there would be no user details to hack. The company would never store them in the first place.
This would mean any company could be hacked and YOU would not have to pay the price for its incompetence.
The current model, whereby each company keeps a centralised database of user details, is really a terrible model.
It creates a massive honeypot for hackers to target. Hack one computer at one company and you can get access to potentially millions of user logins.
If these systems were crypto or blockchain based, each user would keep their own data and only give the company access to it when it was needed.

This is another great example of why crypto is so important. It’s not about magic internet money, it’s about building a better computer infrastructure.
original source:
Harry Hamburg
Editor, Exponential Investor

Good Day as a follow up to the Internet ransom scam
As recently a member forwarded an example of an e-mail they recieved
Hello.
You can complain to the police but nobody can help you.I am foreigner.So nobody can trace me even for 9 months.
Your system was infected by my virus.We recorded you through your web-camera,at the moment you went to the porn web-page.And now I have a video with your masturbation.
I copied all your contacts and if you want us to delete this compromising evidence you have to pay 730 USD in bitcoins.
Enter this wallet address -

---

1B6SDnYqPPizbJq4gKvEcvdEsURrfy2i1n
(something like a credit card number). I give you 30 h after reading this message for making the payment.
Bye.Think about the disgrace.
It’s important as highlighted in the article Harry Hamburg wrote that if you receive a com of this nature never respond in any manner whatsoever, because it’s at that point the dumbfuck will attempt to infect your computer
Some more examples of suspect claims being made its important that the insert links are never followed
These types of claims very often relate to currency speculation ( spread betting ) which is a complex process and immense focus to learn but is real & reputable FXCM.com is a good starting point if you are serious about learning how to trade within the currency & commodities markets. While claims that miraculous algorithm can make u money are just too risky and something to stay away from (if it looks too good to be true, It likely is!) Consumers lost more than 16B us dollar to fraud and identity theft last year If it looks too good to be true? It Is!
Your earnings has to be collected now!
Yesterday we paid over 80 people who visited our
new site and took a whopping $180,069 and the money
is already in THEIR accounts!
Let us know if you want us to do the same for YOU!

Click here to confirm
Talk soon! Samantha Miller ://ow.ly/Ai5o30mpsLM
This message was sent by Member: latnerlcc. To be removed or report abuse click below.

701 S Carson Street - Suite 200 - Carson City, NV 89701___
Hey!
I'm Jake
I didn't graduate from college and I'm not a mathematician.
I just found a way to make dollars on the markets,
and I wanted to help my parents and my family earn millions too!
WHY THE AUSSIE METHOD?
It's so easy to use, anybody with no experience
can start making money within the next half an hour!
Now is the time!
Watch the video and start here.
://zii.bz/2XUwFW
Good httpsLuck!
Jake P.
Dear Card Holder,
Payment completed and that will be credited
to your account soon...
Payment Date : October 17, 2018
Receipt Number : 94T55801DG9119324
Payment Amount : USD $10,970.02
Payment Status : Paid
Confirm This Payment Here
ow.ly/QRpf30mejoz
Should this not be you, please contact us.
See you inside.
- Monique Sanchez

Hey brillo@mzawf
Just one more step left and you can collect
your commissions deposit of $19,032.90.
Approve your latest deposit here
Once you've approved it the transfer will take
2-3 days to hit your personal account.
...View the status of your transfer here
ow.ly/ypP130m9IFd
To your success,
Paige Arnold
14 Worthy Lane
MAVIS ENDERBY
PE23 2UJ
---
To stop receiving these 3b7f76&L=65&N=348
Hey , I think you missed my last email.I have a unique link here for you to get access to the member sign up page for the site.This particular area of the site isn't open to the public yet so we're asking you not to share this with anyone until it's been passed on to all of our most valuable users, like yourself.The link is set to expire soon so I suggest going there as soon as you can, like right now. Again, here's the unique link//tiny.cc/xq47zy
Hi
Crypto VIP Club is one of the most accurate crypto robot on the market. The complex algorithm behind our software include 8 advanced trading indicators that traders can select or deselect them on their trading sessions.
Our system have already generated over $265.253 in profits this week alone, boasting a success rate over 91%.
Crypto VIP Club is build to work on automatic mode, so no previous experience is needed. The algorithm will analyze the market and will decide when and what to trade. But if you have previous trading experience, you can change the settings and to trade on manual mode following the signals provided by Crypto VIP Club.
Cryptocurrencies are booming so there is no time to waste in getting started.
See how traders just like you are able to generate profitable trades every single day.If you savvy and followed dubs foray into the crypto universe he says that it’s not booming but at this stage unpredictable and risky albeit showing a fiat loss but its early days!
Stay Safe!