News & Social

A snippet of our news...

The joys of an online world

The joys of an online world

The joys of an online world

 

We have had several customers recently who have received emails headed either “Account Issue”, “Your account was hacked” or “Your secret life” that are attempts to extort money.  The emails contain passwords from the users accounts, although in all cases we have seen the passwords they contain are not the ones for their email accounts.  The text is basically an attempt to extort money using fear of embarrassment.  It appears that the passwords in the mails are those used to access either BA.com or Moonpig.com, both of which have had major hack attacks recently.

 

We strongly recommend you do not respond to extortion and ignore the emails.  Change your email passwords and obviously passwords for any sites that have been hacked.  It is good practice to use strong passwords (mix of upper and lower case, numbers and special characters) and use different passwords for different sites.  An article such as https://www.wired.com/story/7-steps-to-password-perfection/ gives good tips for password security.

 

IAP can help with advice on security and protection for your devices and also with cleaning them if you believe an infection has occurred.  Talk to the team. Got to our website www.iapuk.biz, email help@iapuk.biz or call 0117 911 4390.

 

Details of the hacks on those sites plus samples of the letters are shown below.

 

Hello!

I’m a member of an international hacker group.

 

As you could probably have guessed, your account xxxx was hacked, because I sent message you from it.

 

Now I have access to you accounts!

For example, your password for xxxx is *****

 

Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we’ve created, through an adult website you’ve visited.

So far, we have access to your messages, social media accounts, and messengers.

Moreover, we’ve gotten full damps of these data.

 

We are aware of your little and big secrets…yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

 

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!

I think you are not interested show this video to your friends, relatives, and your intimate one…

 

Transfer $800 to our Bitcoin wallet: 1CMQMKmvT4hz2k2ijyxVxN7fHS62K7uQ7z

If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy.

 

I guarantee that after that, we’ll erase all your “data” 🙂

 

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

 

Your data will be erased once the money are transferred.

If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

 

You should always think about your security.

We hope this case will teach you to keep secrets.

Take care of yourself.

 

Another example:

 

Hi, dear user of ****

We have installed one RAT software into you device.

For this moment your email account is hacked (see on <from address>, I messaged you from your account).

Your password for xxxx: ****

 

I have downloaded all confidential information from your system and I got some more evidence.

The most interesting moment that I have discovered are videos records where you masturbating.

 

I posted my virus on porn site, and then you installed it on your operation system.

When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device.

After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose.

 

For the moment, the software has collected all your contact information from social networks and email addresses.

If you need to erase all of your collected data, send me $800 in BTC (crypto currency).

This is my Bitcoin wallet: 1PuYAe7BLxNE6F6zE2PeVthfXCeYH88PmQ

You have 48 hours after reading this letter.

 

After your transaction I will erase all your data.

Otherwise, I will send video with your pranks to all your colleagues and friends!!!

 

And henceforth be more careful!

Please visit only secure sites!

Bye!

 

 

 

Moonpig hack:

https://www.theguardian.com/technology/2015/jan/06/personal-details-moonpig-exposed-security-bug

 

BA hack:

https://www.telegraph.co.uk/business/2018/09/06/british-airways-hacked-380000-sets-payment-details-stolen/