NinerNet Communications™
Blog

Corporate Blog

Extortion scam email

24 July 2018 04:57:43 +0000

We have had a particularly nasty extortion email brought to our attention by two different clients in the last four days. Some research reveals that it has been around since at least late last year, but variants of extortion emails are almost as old as email itself. However, the personal nature of the current incarnation of these emails is alarming to those who receive it, even those with a clear conscience.

Unfortunately, as with most (if not all) scams, the scammers have been successful. In this case, because they demand payment of their ransom in Bitcoin, and the Bitcoin system allows public tracking of all transactions (just not the identities of the senders and receivers), researchers have been able to see that the Bitcoin addresses used in these scam emails have indeed received payments. A quick glance shows payments reaching into six figures (in US dollars) for some Bitcoin addresses (like bank account numbers, but not subject to the same scrutiny as happens when you open a bank account), and since it seems that few (if any) Bitcoin addresses have been used twice (although they are probably controlled by a small number of criminals), you can multiply that many times over.

One of the key features of the current round of emails that seem to have cropped up in the last week is the inclusion of a password that you may have used at some point in the past, both in the subject and the body of the email, to get your attention. This adds plausibility to the extortion attempt. However, keep in mind that huge databases of personal information are being breached by hackers all the time. The well-known tracking website “Have I Been Pwned” includes over five billion breached accounts (and growing) in its database. They compile their database from the raw data released by hackers after they penetrate the systems of the likes of LinkedIn, MySpace, Adobe, Ashley Madison and many others, so those databases are out there and will be forever. If a website or company you use was hacked and your password was stored by them in an unencrypted form, then there are databases out there that contain enough information to put together your email address and a password you have used, and possibly your name, address and phone number too. (Some people have received these extortion attempts via postal mail.) Do an old-fashioned mail merge and voila, you have an email message that could scare you into parting with anywhere from hundreds to tens of thousand of dollars in a vain attempt to keep a secret that a scammer made up in his or her own imagination.

As with all spam and scam emails, these are best ignored. They are just mass produced by the millions and fired out at the Internet shotgun-style.

Some have commented in the links we provide below that they have contacted the police about these emails (or letters) and received the cold shoulder. This is unsurprising. One of the benefits of computers is also one of their downsides; the fact that you can send an hilarious cat video to a few thousand of your closest friends is the same technology that allows scammers to multiply their own efforts considerably and with very little effort or expense. Your national police force probably already has this in their in tray, and when combined with other law-enforcement efforts it will probably rise to the top one day when they pull Guido over for speeding and realise that he is the mastermind behind all of this. Case closed.

There are many “top ten things you should do to remain safe on the Internet” lists out there. None will cover it all in only ten items, but here are some things for you to consider in the vein of the contents of these emails that we have reproduced below:

  • Don’t reuse passwords. If you consistently use the same email address and password for different websites, then when one of them is breached, all of your accounts are breached. Use a different password for every single website. It’s not that hard. Use a password manager like KeePass to generate and track random, complicated passwords that you will never remember and never need to remember.
  • Cover your webcam lens with an opaque cover when it is not in use. Some webcams include such a cover you can flip over the lens. If yours doesn’t, you can get a sticky cover that you can easily remove and reapply that doesn’t leave residue on the lens. We buy ours from the Electronic Frontier Foundation, but you can get generic ones or small metal covers you can install that you then slide to cover the lens (do a Web search for “webcam cover“), or you could use a sticky note or even a plaster / adhesive bandage.
  • Tell your friends and family. Friends don’t let friends pay bogus ransoms for bogus extortion attempts. Send them a link to this post at blog.niner.net/2018/07/24/extortion-scam-email

If you have any questions or concerns about this, please contact us and we will be happy to answer your questions. Thanks for your time.

Links to external websites with additional information documenting this scam

The two emails brought to our attention are below. The wording is not identical, but the style and substance are the same and they seem to be written by the same person. In these emails we have masked our clients’ names, email addresses and passwords, of course.

Email 1

———- Forwarded message ———
From: Juliana Bradford <ydewillyfx@outlook.com>
Date: Mon, 23 Jul 2018 at 19:46
Subject: CLIENT NAME – PASSWORD
To: CLIENT EMAIL ADDRESS

I am well aware PASSWORD one of your passphrase. Lets get right to point. There is no one who has compensated me to investigate you. You do not know me and you’re most likely wondering why you’re getting this e-mail?

In fact, I actually setup a malware on the X streaming (pornography) web-site and do you know what, you visited this web site to experience fun (you know what I mean). While you were viewing videos, your internet browser began functioning as a Remote control Desktop that has a key logger which provided me accessibility to your screen and web camera. Right after that, my software collected all your contacts from your Messenger, social networks, as well as e-mailaccount. After that I created a video. First part displays the video you were viewing (you have a nice taste haha), and 2nd part displays the view of your cam, yea it is you.

You get two alternatives. Shall we read each of these choices in particulars:

First choice is to disregard this email message. In this scenario, I am going to send out your very own recorded material to every single one of your contacts and also just think concerning the awkwardness you will see. And consequently if you happen to be in an important relationship, just how it will eventually affect?

2nd alternative is to pay me $7000. Lets refer to it as a donation. Consequently, I most certainly will without delay discard your video recording. You could go on your daily life like this never occurred and you surely will never hear back again from me.

You will make the payment by Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google).

BTC Address to send to: 18sPsLXYDqKZnZ6Mb5xbYS168QFPYrQC75
[case sensitive, copy & paste it]

Should you are planning on going to the law enforcement, well, this mail can not be traced back to me. I have covered my actions. I am just not looking to ask you for money a whole lot, I simply want to be paid. I’ve a special pixel within this mail, and right now I know that you have read this message. You have one day to make the payment. If I do not receive the BitCoins, I will certainly send your video recording to all of your contacts including friends and family, co-workers, and many others. Nevertheless, if I do get paid, I will destroy the video right away. If you need proof, reply with Yea then I will certainly send out your video recording to your 7 friends. It’s a nonnegotiable offer and so please don’t waste my personal time & yours by responding to this message.

Email 2

——– Forwarded Message ——–
Subject: RE: CLIENT NAME – PASSWORD
Date: Thu, 19 Jul 2018 05:03:35 +0000
From: Antonio Simmons <jrcsxeugeniouks@outlook.com>
To: CLIENT EMAIL ADDRESS

I will directly come to the point. I do know PASSWORD is your pass word. More to the point, I am aware about your secret and I’ve evidence of your secret. You do not know me personally and nobody paid me to look into you.

It’s just your bad luck that I came across your bad deeds. Well, I placed a malware on the adult video clips (porno) and you visited this site to have fun (you know what I mean). While you were busy watching videos, your internet browser initiated operating as a Rdp (Remote desktop) that has a key logger which gave me access to your display screen as well as web camera. Right after that, my software program gathered your entire contacts from messenger, facebook, and mailbox.

Next, I put in more hours than I probably should’ve looking into your life and made a two view video. 1st part shows the video you were watching and second part shows the view from your web camera (its you doing dirty things).

Honestly, I am ready to forget all information about you and let you continue with your daily life. And I am going to present you 2 options that will make it happen. Those two option is with the idea to ignore this letter, or simply pay me $ 2900. Let’s explore these 2 options in more detail.

Option One is to ignore this email message. Let us see what is going to happen if you opt this option. I will certainly send your video to your entire contacts including family members, co-workers, and so forth. It does not shield you from the humiliation your self will face when family and friends discover your dirty details from me.

Option 2 is to send me $ 2900. We will call it my “privacy tip”. Now lets see what will happen if you choose this option. Your secret remains your secret. I’ll erase the recording immediately. You go on with your routine life that none of this ever occurred.

At this point you may be thinking, “I will complain to the police”. Let me tell you, I have covered my steps in order that this e mail cannot be linked to me plus it won’t prevent the evidence from destroying your lifetime. I’m not seeking to steal all your savings. I just want to get compensated for the time I placed into investigating you. Let’s assume you decide to produce all of this vanish entirely and pay me my confidentiality fee. You will make the payment via Bitcoin (if you don’t know how, type “how to buy bitcoins” on google search)

Amount to be paid: $ 2900
Bitcoin Address to Send to: 1GQK1MNV5N7B9pV8L63W7nGfChJkKp7ymq
(It is CASE sensitive, so you should copy and paste it carefully)

Tell nobody what you should use the bitcoin for or they may not provide it to you. The method to get bitcoin will take a short time so do not delay.
I’ve a specific pixel within this email message, and now I know that you’ve read this e mail. You have 24 hours to make the payment. If I don’t get the BitCoin, I will definately send out your video to your contacts including close relatives, colleagues, and many others. You better come up with an excuse for friends and family before they find out. Nonetheless, if I do get paid, I’ll destroy the video and all other proofs immediately. It’s a non negotiable offer, thus do not waste my personal time & yours. Your time is running out.

WHOIS privacy for domain registrations

17 July 2018 12:58:23 +0000

We have offered so-called private registrations (“WHOIS privacy”) to clients for years, but it’s not a service we have gone out of our way to push. This is because the public record of your domain registration is (or was) an important factor in establishing the authenticity of your business, and hiding it is (in our opinion) counterproductive for that use.

However, one of the major effects of the GDPR on the Internet industry is that, for now at least, all of your contact information for your domain registrations is no longer available to the public. This is a welcome development, as far as keeping your email address out of the hands of the spammers and fraud artists who mined the WHOIS for email addresses is concerned

We do offer WHOIS privacy, and will continue to do so with our new registrar. However, our contract with the new registrar means that we can only offer it to non-commercial registrants. The use of WHOIS privacy by individuals is entirely prudent and sometimes necessary, but should not be necessary for businesses. Therefore, for that small percentage of our commercial clients who have been using WHOIS privacy up to this point, we will no longer charge you for it and it will be removed from your domain registration once your domain is transferred to the new registrar.

Per your domain registration agreement, all domain registration data for domains registered with us are still available to us, the registrar and (if necessary and armed with the required legal documents) law enforcement, so this change changes nothing in that regard. We’re just giving our business clients notice that WHOIS privacy will no longer be available to them, but the good news is that it’s no longer really necessary with access to the WHOIS being restricted by default now.

Something you might want to consider is changing the contact email address for your domain(s) if it receives a lot of spam. The fact that spammers can no longer harvest email addresses from the WHOIS will not stop them from spamming addresses they already have. However, if you set up a brand new address for the WHOIS and delete the old one after a short overlap period, your new address should receive far less spam.

If you have any questions or concerns, please let us know. Thank-you.

Quarterly kwacha rate review, Q3 2018

1 July 2018 02:21:08 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are maintaining our retail kwacha prices until the next quarterly review.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 157.50
  • mailONE hosting plan (monthly): ZMW 105.00
  • gTLD domain (annually): ZMW 199.50

Our kwacha rates are available on our website.

Mathematically speaking, by the slimmest of margins, we should be increasing our rates to the next level. If the trend continues then we will next quarter, but the trend is just as likely to stay the same or even reverse marginally, and so in the interests of stability we’re keeping our rates where they are.

Change of domain registrar

28 June 2018 06:39:22 +0000

Over the next year, starting today, we will be migrating all domain registrations under our management to a different domain registrar. For the most part these migrations will take place as the domains are renewed.

To be clear about NinerNet‘s position in the domain ecosystem, we are a reseller of domain registrations, reselling domains registered with domain name registrars, who in turn register domains from domain name registries. For the last seventeen years we have been a reseller for OpenSRS, a subsidiary of Tucows; going forward we will be a reseller for RRPproxy, a subsidiary of Key-Systems, a member of the KeyDrive Group.

Automated emails about your domains will continue to be sent from the same email address we’ve been using for years: domainsupport on the niner.net domain. You will notice a change in the format and language used in these emails. At least initially, links in those emails — such as those requesting you to validate your email address — will be on domains controlled by RRPproxy; however, we will work on using the niner.net domain at some point in the future, but we don’t have a timetable for that yet. The domain used in links in the email address validation emails that you may receive after your domain is transferred is currently emailverification.info.

Unless otherwise notified, you will continue to manage your domain registration through the interface at manage.niner.net. Within the next six months the interface at that address will change.

We are looking forward to an improved experience for all clients (except those using dot-zm domains, of course) as a result of this move. If you have any questions or concerns, please let us know. As always, if you are concerned about the legitimacy of an email you’ve received that pertains to your domain or hosting account with us, please forward it to us and we will advise you accordingly.

Thank-you for your business.


Update, 2018-06-29: Please note that, despite our best efforts, the transfer confirmation emails you will receive from our current registrar are sent from two different email addresses not on the niner.net domain: noreply@opensrs.email and transfers@opensrs.org. The inability of OpenSRS to consistently use our domain in messaging over the years (or even just one of their own domains) is a significant symptom of the problems that have led us to make this decision to move. Our apologies for the confusion.

Data privacy developments

22 May 2018 22:44:39 +0000

The purpose of this long blog post is to keep you informed of a significant development in the domain registration business, how it will affect you, what action you need to take and how to protect yourself from the criminals who will take advantage of the confusion that will no doubt be generated. We have also sent this via email to our clients.

The GDPR

In the last few months you may have heard rumblings about a new European law called the GDPR, the General Data Protection Regulation. This is a sweeping new law that will affect people in every corner of the globe, not just in the European Union (EU). It places a premium on the value of individual privacy, and restricts how the personal data provided by an individual may be used by companies and organisations. Fines for breach of the law can reach tens of millions of euros.

The GDPR is a good thing, and will address some glaring problems in our industry that we have referred to on a number of occasions, particularly the public WHOIS system where a domain registrant’s information is available for all the world to see, and is therefore used by scammers worldwide. However, even a good law is still a law and comes with an administrative burden for all parties.

On the hosting side of our business, not much (if anything) will change. We have always closely guarded the personal information of our clients — and that won’t change — and only collected what is technically and legally necessary to provide the services you contract from us.

Domain registrations

On the domain registration side of things, because of the fact that the domain registration system requires a number of entities to co-operate — registrant (you), registrar (currently OpenSRS/Tucows), reseller (NinerNet), registry (various, including Verisign, CIRA, ZICTA, etc.) and ICANN (the Internet Corporation for Assigned Names and Numbers) — you will start to see various transactional emails from us refer to the GDPR (which comes into force on 25 May 2018) and mechanisms for you to provide and, if necessary and possible, withdraw consent for use of your personal data. The need for you to fulfil your obligations as a domain registrant and respond to calls to action in emails will be in addition to actions you have needed to take until now. In short, it should mean a couple more emails per domain per year that you will need to pay attention to, but exactly how this manifests itself will develop over time, especially in the first year after this Regulation comes into force.

While it’s a reasonable question to ask why an EU law will apply to people and companies outside of the EU, the fact is that, worldwide, domain registries and registrars intend to comply with this Regulation and adopt a uniform system for managing it. Many jurisdictions have privacy laws, but the GDPR looks like it will be the most robust affecting the greatest number of people and the general feeling among proponents is two-fold: 1) Privacy is a good thing and we should follow the most stringent standards in favour of it, and 2) If we have to adjust policies and practices, then it makes no sense to have one set of policies and practices for some people and another for everyone else.

While this law affects all industries (and governmental organisations) in the EU and those (within and without the EU) that deal with European residents, the most visible effect in our industry will be on the public WHOIS (“who is”) system, where your personal information — name, address, phone number, email address, etc. — is currently published in public databases of domain registrants for everyone to see. These databases will continue to exist, of course, but access to them will be restricted, through layered access to a new “gated” WHOIS system, to legitimate accredited users that will include law enforcement organisations and intellectual property lawyers, as well as the registries, registrars and resellers directly involved in a particular domain registration.

Spammers, scammers and fraud artists

The one class of people that we certainly hope will no longer have access to this information is the fraud artists that fill your email every day — despite our best efforts — with offers to enlarge body parts, sell you web design and “search engine optimisation” services, scam you into sending them money for services they’ll never provide, and trick you into providing information to them that will lead to identity theft (phishing). With any luck, this new law will finally almost wipe out the spammers who harvest your email address from the WHOIS. It won’t stop those who get your unprotected email address off your website, or already have it or buy it from these unscrupulous individuals, but it should stop anyone else getting your email address if you change it in your existing domain registration.

But speaking of scams, as sure as night follows day (we’ve seen it before) these changes will no doubt lead to many scammers sending out emails urgently requiring you to take some action or another after clicking a link in their email. The text of the emails will use urgent language designed to scare you, but that they assume you will have heard in the news. They will refer to the GDPR and tell you that if you don’t go to a website and fill in a user name and password for your domain — and perhaps send them money too — your domain will be suspended and deleted.

DO NOT FALL FOR THIS! IT IS NOT TRUE!

As we have said over and over again for more than twenty years, if you receive an email about your domain or hosting from an email address that is not on the niner.net domain, then it is almost certainly a scam. If the email attempts to scare you into taking action immediately, then that only adds to the weight of evidence pointing to it being a scam. If you are concerned and not sure, we’re happy to advise you if you forward the email in question to us before taking any action.

Our new privacy policy

As with many Internet companies, the new GDPR has prompted us to revise our privacy policy. Our privacy policy — part editorial, part serious statement — is unlike any you have ever read. It provides some truth about the real problem with what the true purpose is of many (mostly larger) companies these days, and how we’re very different.

No action required at this time

Finally, no action is needed from you at this time. However, after 25 May you will start to receive email notices directing you to take GDPR-related actions, especially if you change anything to do with your domain, and possibly when you renew it.

If you have any questions, please let us know. Thank-you for your time.

Quarterly kwacha rate review, Q2 2018

1 April 2018 00:00:02 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are maintaining our retail kwacha prices until the next quarterly review.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 157.50
  • mailONE hosting plan (monthly): ZMW 105.00
  • gTLD domain (annually): ZMW 199.50

Our kwacha rates are available on our website.

Quarterly kwacha rate review, Q1 2018

1 January 2018 23:57:16 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are maintaining our retail kwacha prices until the next quarterly review.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 157.50
  • mailONE hosting plan (monthly): ZMW 105.00
  • gTLD domain (annually): ZMW 199.50

Our kwacha rates are available on our website.

Year-end wishes and business hours

22 December 2017 13:09:26 +0000

Please accept our thanks for your business in 2017, and our best wishes to you, those in your organisation and your families for a Happy Christmas, and all the best for a prosperous New Year.

Over Christmas and the New Year our administrative side will be taking a break from 23 December 2017, and will be back on the job on Tuesday 2 January 2018, at which time routine emails and enquiries will be dealt with. We will, of course, continue to monitor servers 24/7, and emergency support requests will be dealt with immediately.

Thanks very much again for your ongoing business. We look forward to continuing to serve you in 2018.

Quarterly kwacha rate review, Q4 2017

1 October 2017 22:19:06 +0000

Based on the current value of the Zambian kwacha in US dollars and recent trends, we are increasing our retail kwacha prices effective today and until the next quarterly review by about 5%.

Some sample rates:

  • webONE hosting plan (monthly): ZMW 157.50
  • mailONE hosting plan (monthly): ZMW 105.00
  • gTLD domain (annually): ZMW 199.50

Our new kwacha rates will be online within 24 hours.

Office hours

31 July 2017 20:26:33 +0000

NinerNet‘s offices will be closed from Tuesday 1 August and will re-open on Monday 7 August. Emergency support will continue to be available 24/7, but routine emails and enquiries will be dealt with on Monday 7 August. Thank-you.

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all that that entails. This includes such concomitant industries and activities such a domain registration, SSL certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira client feedback contact information domain registration domain registry of canada domain renewals domains domain sales dot-ca domains dot-zm domains down time droc facebook google happy hosting customers hosting transfer icann internet registry of canada invoices iphone iroc kwacha maintenance new services paying your bill paying your invoice quarterly kwacha rate review rates registrant transfers registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours support testimonials transparency verisign

Resources:

Couldn't connect: Access denied for user 'ninernet_x_site'@'localhost' (using password: YES)