Corporate Blog

Crowdstrike incident: Client update

20 July 2024 13:24:51 +0000

After a very trying day for many customers around the world that use Microsoft Windows or rely on companies that use Microsoft Windows — like Hotmail/Outlook.com, Office 365, Google Cloud / Compute Engine, Amazon Web Services (AWS), Azure, etc., etc., etc. — we would like to take this opportunity to ensure that our clientele know that we were wholly unaffected by the worldwide chaos.

Is this blog post an opportunistic jab at people who rely on an operating system and company that was late to realise the potential of the Internet? Yes, of course. Why? Well, just look at the trouble that Microsoft gave us last month, and are still giving us today. Microsoft are not our favourite people these days, even though Microsoft themselves weren’t responsible for the Crowdstrike failure.

Hey, we get it, shi … stuff happens. Our status blog currently shows 207 posts in the “incidents” category since 2009. Of course, that’s not 207 failures; at the very most it’s 104 failures if you assume a post announcing an incident and a second announcing it’s over, but in reality some incidents had multiple posts and some posts were only to alert clients to issues with other companies. I’d say that there were far fewer than 100 incidents in fifteen years; feel free to do the maths and check our live uptime monitor for yourself. But one does wonder how an update was pushed out by Crowdstrike without it being tested. That’s just unfathomable. On the other hand, NinerNet doesn’t check every single update we apply to our servers, but we have to rely on our operating system vendors to do that for us. As Crowdstrike customers and their customers found out yesterday, the IT world is very interdependent.

Of course, NinerNet will almost certainly have some major incident in the future, and I know that some will then say that this post will come back to bite us in the ass. Not really. I’m always amused when an incident happens and people say or claim, “We will learn and it will never happen again!” That cracks me up. Incidents — whether they are global IT meltdowns or plane crashes — are almost always human-caused. So yeah, it will happen again, and NinerNet will have some issue at some time in the future and we will learn from it and promise that we will take steps to prevent it from happening again. But we have never and will never claim that it will never happen again.

The other purpose of this post is for marketing. The word “marketing” is a four-letter word to me, simply because about the only skill that marketers have is the ability to lie, with a straight face. I certainly wouldn’t accuse Microsoft or Crowdstrike of any kind of over-marketing or marketing subterfuge but, you know, there’s a part of me that looks askance at claims made by companies that over-promise and under-deliver … and over-promising and under-delivering are pretty much the meat and potatoes of marketers! It is far beyond my remit to determine whether or not either Microsoft or Crowdstrike have ever over-promised or under-delivered, but yesterday under-delivery was rampant.

Update, 2024-07-24: I wasn’t planning to drive home any of my points above, but I was cleaning up some open browser tabs and there were a few Crowdstrike-related tabs still open.

At “Helping our customers through the CrowdStrike outage” Microsoft proudly states, “We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than one percent of all Windows machines.” Umm, so? Your point is? What they fail to state here is that those 8.5 million Windows devices affected many, many more millions (a billion?) of poor saps who rely on companies that rely on Crowdstrike that relies on Microsoft’s crappy operating system. It reminds me of a saying: “Figures don’t lie, but liars sure as hell can figure!”.

George Kurtz, CEO of Crowdstrike, also stated in a tweet, “Today was not a security or cyber incident. Our customers remain fully protected.” This statement is freaking hilarious! If you can’t turn on your “Windows device”, of course it’s “fully protected”! OMG, this is one for the comedy annals!

Browsing through Mr. Kurtz’s Twitter feed you see a lot of the aforementioned “marketing”:

* Wow… another great quarter in the books for $CRWD.
* $CRWD delivered a strong 2Q23 with record $218M net new ARR, $2.14B ending ARR, record net new customers & $136M free cash flow.
* $CRWD delivered record Q4 results.

*yawn*

Tags: down time, reputation, security
Categories: Interest, Warnings
Comments Off

Recent scam/phishing message(s)

17 May 2024 07:43:56 +0000

Please be advised that there is a phishing message getting through the spam filters with the subject:

Oops, Error updating the POP/IMAP server of YOUR-DOMAIN.TLD

In the actual email, “YOUR-DOMAIN.TLD” just happens to be the domain of the email address to which the scam was sent (see screenshot below). (What a coincidence!) These are not sent by NinerNet, as even a cursory look at the “From” field will show. We also do not use folksy words like “Oops” in business and technical emails, and we don’t pose as the “webmaster” of your domain. We are NinerNet, and that is how we always present ourselves to you, our client.

If you click the button to “Update Preferences” (or whatever action your copy of the message urges you to take) — which we strongly urge you not to do! — you will be taken to a page that looks like the log-in page for a webmail system (not our webmail system, I hasten to emphasise!), where the scammers expect that you will enter your email log-in information. Your log-in will fail, of course, but you will have given your real email password to the scammer, who will then use it to hijack your account.

If you or someone in your organisation falls for this, change the password for that account immediately! It’s not shameful to fall for a scam; many are convincing and we are all busy people who sometimes do something we regret when we are busy and distracted. What is important is that you recognise what has happened and take action to prevent any further damage.

Please be aware of and do not fall for these types of messages! The spam filter has been catching a lot of these types of messages lately, but the casual language of this one seems to be defeating our spam filters.

Please ensure that your employees, colleagues and other associates know about these scam messages. You should also remind yourself and your employees, colleagues and associates of the information on our website at the following links:

Thank-you for your time and attention to this vitally important matter. Please contact NinerNet if you have any questions.

Phishing scam email, 2024-05-16.

Tags: scams, spam
Categories: Warnings
Comments Off

Compromised email accounts are being accessed via webmail

29 August 2022 11:01:18 +0000

It is becoming more and more common, once an email account has been compromised by a computer virus or other malware, for the email account in question to be accessed through the webmail. When this happens, one or all of three things (and sometimes more) happen:

The criminal behind the virus/malware uses your webmail account to send spam or more viruses (the viruses will be stopped by our server though, but sometimes some spam will still get through),
The criminal poses as you (or one of your employees) and dupes your customers into sending payments to their bank account(s), and/or
The criminal creates filters in your email account to siphon off email to external email accounts they or their associates control.

While all are very negative and need to be stopped quickly — and this is why a compromised email account’s password must be changed, and the old password never used again — the last is particularly insidious as you might not use the filters, or you may not even know that they exist! Filters are a legitimate tool for people to use to handle some email in an automated fashion, and they have been around as long as email has been around.

The bottom line is that a compromised email account is a very serous matter. Your machines and devices need to be protected, by security software (anti-virus software, firewalls, encryption, anti-malware software, etc.), physically (access control, passwords, physical locks, etc.), and with education, knowledge and vigilance. If an email account is compromised the reason should be determined and the cause fixed or addressed in some other way. You then also need to examine the (now formerly) compromised account; one of the first things you should check is the integrity of the account’s filters. If unauthorised filters remain in place, the account is still compromised.

It is vital that you not gloss over an email account compromise as a “cost of doing business” and just carry on as usual after the inconvenience in your day. If you do not take all of the above steps your lack of action will come back to bite you in the buttocks, as Forrest Gump said. And this bite could cost your business in money, goodwill and business.

Another thing to consider is that the mail server’s control panel allows its users to designate any email account as a “domain admin”. We have always discouraged this, instead creating dedicated accounts for domain admins, but it’s a popular and widely used feature. However, consider this: If you designate bob@example.com as a “domain admin”, and Bob’s account is compromised, then the criminal behind the compromise will have access to all of the email accounts on the example.com domain. The results could be significantly more than just the inconvenience of having one email account compromised.

Something else for you to consider is how you can protect your employees from phishing emails. (Please see our “scams” section for many examples of scam emails, many of which are phishing emails.) Phishing emails try to get their recipients to click a link where they are asked to enter their email address and email password. Of course, none of us would be fooled by this, but many people a day are. How the page where people are asked to enter their log-in information looks depends on the nature of the email. If it was allegedly from a bank, the log-in page will be an exact copy of the log-in page for the bank they’re trying to present themselves as. If they’re trying to get your email password, everything will look like a webmail log-in page. It’s convincing. When you enter your log-in information, either nothing will happen, or your browser will be redirected to a legitimate webmail log-in page, but you won’t (of course) be logged in. In the meantime, your log-in information will be saved, and available for the scammer to use.

If this happens to you, you must immediately change the password on your account.

But back to the original question: How can you protect your company from your employees potentially falling for this phishing scam? One way is to not give your employees their email passwords. If they don’t have it, they can’t enter it in a phishing form. Of course, you need to weigh the advantages and disadvantages of this. A disadvantage is that you or your IT person will have to enter it for them when setting up their email account on their machine and/or phone, but the advantage is that they won’t be able to make the mistake of inadvertently providing their password.

If you haven’t recently, it’s probably a good idea to check the filters in your webmail account right now to confirm that you put them all there and that you still need them. And while you’re at it, change your email password too! Make sure it’s at least 12 characters long, includes upper- and lower-case letters, numbers and special characters. And use a password manager too. We use and strongly recommend KeePass.

Tags: compromise, control panel, domain admin, email filtering, encryption, fraud, malware, password, security, spam, viruses, webmail
Categories: Updated posts, Warnings
Comments Off

Significant recent spam activity

16 March 2022 02:30:11 +0000

In the last 48 hours we have seen a significant increase in the number of email accounts that have been compromised due to the virus infection of a large number of our clients’ machines and/or devices. In one case that we know of, one of our resellers stated that they “have a company wide nightmare [of] machines spamming each other and everyone they have ever talked to via email.” This is not good. They have been working with their client to get a handle on this, and as of Tuesday their time this issue seems to be under control for them.

However, since then we have had multiple other email accounts compromised on multiple domains. Please note that email accounts are “compromised” when the machine or device on which the account is configured is infected with a virus. This is not under the control of NinerNet, but you and your employees and colleagues. Please ensure that you have updated anti-virus programs or apps installed, and please do not open attachments from unknown senders. Even attachments from known senders must be treated with extreme care, because viruses tend to come from other infected machines, and they could be the machines or devices of people you know.

Some reminders for all clients:

Please ensure you have anti-virus software (or an app) installed on all machines (computers) and devices (phones/tablets),
Please only open attachments after they have been scanned for viruses,
Please be extra careful of attachments sent from unknown senders, and
NinerNet’s mail server scans incoming and outgoing messages for viruses, but if the vendor of the software isn’t aware of the existence of the virus it may get through. If you also have anti-virus software installed, then that additional scan could make the difference between a normal day and an expensive day you’d rather forget.

At this point it looks like we nipped these outbreaks in the bud, so our mail servers are not in any additional blacklists. However, please do contact NinerNet support if you have any issues with outgoing email, or if you have any questions.

Thank-you.

Tags: email, reputation, security, spam
Categories: Notices, Warnings
Comments Off

Yet another note about scam emails

19 May 2021 07:36:15 +0000

Phishing scam email, 2021-05-12.

The scam and phishing emails continue to come in. The most recent example is particularly aggressive. Please do not fall for it.

NinerNet would never send out an email this aggressive or threatening.

Please review our last two blog posts about these kinds of emails. They are all 100% scams.

Another one of these emails had this “from” field:

From: Domain@nc036.ninernet.net, Admin@nc036.ninernet.net

The footer of the emails also contains a note that states, “example.com Webmail Support”, where “example.com” is the domain in the recipient’s email address. This is all automated, and doesn’t make it any more legitimate.

If you have any questions or concerns, please do contact NinerNet support. Thank-you.

Tags: scams, security, spam
Categories: Warnings
Comments Off

Warning about sexual blackmail/extortion scam emails

13 April 2021 09:32:21 +0000

We have, in the past, warned of sexual extortion and blackmail emails. These reared their ugly heads in 2018, and have continued to circulate in various forms since. I have received them myself, and they are unnerving.

Today we warn you again, but with added urgency because we know of someone who has fallen for this scam. This is not unusual, because people fall prey to these scammers every day, but it is even more saddening when it’s someone you know.

Here is the email they fell for:

From: KJi
Sent: April 05, 2021 1:23 AM
To: Recipients
Subject: Evidences Against You

Hello,

It’s so shameful how people can’t be satisfied with their marriages.

We know you are cheating on your spouse and this has been backed-up with
evidences from your hacked mobile device for your fyi.

Just a little favor from you to me can go along way in esnuring things don’t
get bitter with your spouse finding out.

Kindly send an equivalent of 1200$ worth of bitcoin to this wallet
:bc1qt9fx8fz2fydy0q5h0ruvd30a7ujqxmx80hn3tn

Trust me, this is very little compared to what will happen if you don’t
cooporate with us and i believe you love your family no matter what.

In 48hrs time,if we don’t receive this token of 1200$ worth of btc from you,
you will receive pictures and screenshots via email and same will be sent to
your spouse as well.

Your time start counting now and note that any attempt to file a complaint
will not result to nohing as this e-mail cannot be traced and same as my
bitcoin id.

If, by any chance I find out that you have shared this message with anyone
else, I will make things go viral immediately

Rdgs,

KJ

Note all the spelling, grammatical and punctuation errors.

There is no way for this person to get their money back, as there is no way to find the scammer. And it is a scam; the sender does not have any “evidences”. It’s a shot in the dark, and the chances of their mass email finding someone who really is being unfaithful in their marriage — and are feeling guilty and don’t want to be outed — are actually pretty good!

Please take this warning seriously, and don’t be fooled by these emails. They are just scams. We strongly suggest that you circulate this information to your colleagues, co-workers, employees, family and friends. Knowledge is power against the scammers.

Tags: scams
Categories: Warnings
Comments Off

Compendium of scam emails

13 April 2021 09:26:41 +0000

Scam and “phishing” emails arrive daily by the truck load. We can’t send a warning every time we ourselves get a scam or phishing email. If we did, our own emails would become just noise in the background.

However, we present here eighteen screenshots of scam, spam and phishing emails that we have received or seen over the last four years. If you’re not sure what one of these emails look like, we encourage you to look these over. The approaches vary, but here are some common factors:

They advise you that your email account is over quota, and you must take some immediate action to prevent catastrophe — i.e., the loss of all your email.
Your email account is being closed or upgraded.
The webmail for your account is being upgraded, and you have to take action.
Your domain is being cancelled or expired within a few hours or a couple of days.
Payment for the renewal of your domain is overdue.
Wordy expiration notices that are unclear about what exactly is expiring and how it could theoretically affect you.
Domain SEO (search engine optimisation) notices made up to look like invoices for domain renewal.
Emails with links that disguise the true destination to which you are clicking. Always check the status bar in your email program or app — before you click, while hovering your mouse pointer over the link — to determine whether or not your browser will really be going to a domain you recognise — e.g., niner.net if you are a NinerNet Communications client.
Emails that try to sound like they come from your own company’s IT department, complete with copyright notices.
“Final” renewal notices that are a surprise.
Fine print at the end of the email that makes ludicrous statements that contradict the meat of the email, such as, “We do not directly register or renew domain names” or “THIS IS NOT A BILL” (in an email that looks like it’s a bill to renew your domain); “We have clearly mentioned the source mail-id of this email, also clearly mentioned our subject lines and they are in no way misleading” (in an email that tries to mislead you into paying what looks like an invoice).
Urgent server warnings, that aren’t urgent server warnings at all.

NinerNet Communications is judicious about how many emails we send out, and how often we do. We’re also careful to ensure that we use proper spelling and grammar. Our emails do not contain copyright notices and pages of meaningless legal notices. (Maybe they should, but currently they don’t. We’re real people who tend to believe that our clients are also real people with brains.) With that in mind, here is a non-exhaustive list of things you should look for to determine if an email you’ve received really is from NinerNet and if it’s legitimate:

Is it from an email address on the niner.net domain? (Configure your email program or app to show you the sender’s actual email address, not just their name.) If it’s not, it’s not from us and you can probably ignore it if it claims to be about your hosting or domain.
Does it try to scare you or make you angry, such that you might take immediate action? If it does, it’s definitely not from us.
Is it in HTML or “rich text”, with different colours and types of fonts, and does it contain images or things that look like buttons (especially that say “secure online payment”)? It’s very likely not from us.
Are there copyright notices in the email? Definitely not from us.
Does it flatter you with words such as “esteemed” or “valued”? Not from us. (You are esteemed and valued, for sure; we just don’t lay it on thick with you!)
Does the email address you by the name in your email address? For example, if your email address is accounts@example.com, does it address you as “accounts” as if that was your name? Not from us.
Does it ask for personal information or ask you to update or confirm personal information? Very likely not from us unless you’re a brand new client.
Look very carefully at the sender’s address. Does the font on your email program make some letters look like others? For example, if the sender looks like bob@example.com, are you sure his domain isn’t exarnple.com? With some fonts the “r” and the “n” together look like the “m” in “example”.

Of course, the above checklist can be applied to any email you receive, including emails that purport to be from your bank.

Attachments: Don’t open attachments from unknown senders or that you are not expecting, even from known senders. Also make sure you have anti-virus software installed.

Our automated notices telling you that your mail box is full, or close to it, are extremely brief and do not try to scare you or offer you links to “free upgrades” or anything like that.

If you click on a link in an email and enter information on a form — especially a password — and then realise that it’s a scam/phishing, immediately change that password. You should also contact NinerNet, or whoever that account is with, to inform them what has happened.

Finally, when we do send you an email to advise you of something that applies to all (or most) clients — such as server moves, upgrades, etc. — we include a link to our blog (blog.niner.net) so that you can confirm that information.

Below, then, are the eighteen screenshots of scam, spam and phishing emails. The first is particularly noteworthy, as it is a sexual blackmail/extortion scam that seeks payment via Bitcoin. It and similar emails will be the subject of our next blog post.

If you have any questions, please contact NinerNet support. Thank-you.

Sexual blackmail bitcoin email scam.

: Urgent server warning email scam.

: Mailbox over storage revalidation email scam.

: Mailbox is full email scam.

: Using old version email scam.

: Important domain seo notification email scam.

: Domain service cancellation scam.

: Upgrade account email scam.

: Secure online payment email scam.

: Domain service cancellation scam.

: Domain danger suspended scam.

: Pending unread messages email scam.

: Notice of final renewal domain scam.

: Domain cancellation notice scam.

: Closing old versions email scam.

: Mailbox upgrade quota email scam.

: New version webmail email scam.

: Check pending incoming email scam.

Tags: domain renewals, scams
Categories: Warnings
Comments Off

Scammers never sleep

31 December 2018 10:02:41 +0000

If you thought you could get a break from scammers over Christmas, think again. This one landed in our in box on Christmas day, as is clear from the date the countdown starts!

From: greatroadnorth.com is about to expire. <no-replay@renewal-service.info>
Reply-to: “greatroadnorth.com is about to expire.” <no-replay@renewal-service.info>
Subject: Domain Administrator
Date: Tue, 25 Dec 2018 17:52:19 +0000
Return-path: <01020167e67ef75e-d5d2ee16-fd2f-457e-9a8d-00dba3dc6492-000000@eu-west-1.amazonses.com>
X-spam-score: 2.125

Tucows Domains Inc.
====================
IMPORTANT NOTIFICATION
====================
greatroadnorth.com
Date: 2018-12-25

Dear Domain Administrator,

The Domain SEO-listing shown below are set for renewal and need to be processed in the next 48 hours.

No need to worry, please go to this link and follow the instructions:
renewal-service.info/greatroadnorth.com

Your product details are listed below:
====================

Product Name:
SEO-Renewal for greatroadnorth.com
Expire Time:
48 hours from 2018-12-25
Renewal cost per annum:
$69.00

====================
Amount due: $69.00

PAYMENT INFORMATION
Information on how to renew your domain can be found here:
renewal-service.info/greatroadnorth.com

This offer is only valid for 48 hours as a courtesy to let you know that your domain is expiring soon and this search engine optimization offer will expire.
Should your domain name expire, there is going to be a signifcant drop
in search engine services for your website, email and any other associated services.
This domain seo registration for greatroadnorth.com limited time offer will end in 48 hours from 2018-12-25.

Thank you!

Sincerely,
Renewal department

====================

Note:
You received this message because you elected to receive notification offers. Should you no longer wish to receive our offers, please unsubscribe here. If you have multiple accounts with us, you must opt out for each one individually.

Some characteristics of this spam/scam:

Your name (available from the WHOIS) will be in the subject, along with a flag emoji to draw attention to the email.
The name of your legitimate domain registrar (also available from the WHOIS) will be at the top of the email, even though they did not send the email.
There is the usual very close deadline (48 hours), after which the world will end for you and your domain.
The plain-looking links in the email mask tracking links to the domain wizz.netvalue.io.
The scammer makes the unusual claim that not sending them money will cause “a signifcant [sic] drop in search engine services for your … email”. This, of course, is absolutely false, as your email traffic is not tied directly to search engine traffic anyway.
Sent through the best and biggest “bulletproof” spam hosting service in the world: Amazon.

Given the fact that most gTLD registrars (including the ones we use) have not pubished WHOIS information since May 2018, these scams are being sent to old mailing lists compiled before publishing stopped, and are out of date. (For example, the domain that is the subject of this email no longer exists.) Changing the contact email address on your domain and shutting down the old address is something you should consider doing.

Tags: scams, spam
Categories: Warnings
Comments Off

Extortion scam email

24 July 2018 04:57:43 +0000

We have had a particularly nasty extortion email brought to our attention by two different clients in the last four days. Some research reveals that it has been around since at least late last year, but variants of extortion emails are almost as old as email itself. However, the personal nature of the current incarnation of these emails is alarming to those who receive it, even those with a clear conscience.

Unfortunately, as with most (if not all) scams, the scammers have been successful. In this case, because they demand payment of their ransom in Bitcoin, and the Bitcoin system allows public tracking of all transactions (just not the identities of the senders and receivers), researchers have been able to see that the Bitcoin addresses used in these scam emails have indeed received payments. A quick glance shows payments reaching into six figures (in US dollars) for some Bitcoin addresses (like bank account numbers, but not subject to the same scrutiny as happens when you open a bank account), and since it seems that few (if any) Bitcoin addresses have been used twice (although they are probably controlled by a small number of criminals), you can multiply that many times over.

One of the key features of the current round of emails that seem to have cropped up in the last week is the inclusion of a password that you may have used at some point in the past, both in the subject and the body of the email, to get your attention. This adds plausibility to the extortion attempt. However, keep in mind that huge databases of personal information are being breached by hackers all the time. The well-known tracking website “Have I Been Pwned” includes over five billion breached accounts (and growing) in its database. They compile their database from the raw data released by hackers after they penetrate the systems of the likes of LinkedIn, MySpace, Adobe, Ashley Madison and many others, so those databases are out there and will be forever. If a website or company you use was hacked and your password was stored by them in an unencrypted form, then there are databases out there that contain enough information to put together your email address and a password you have used, and possibly your name, address and phone number too. (Some people have received these extortion attempts via postal mail.) Do an old-fashioned mail merge and voila, you have an email message that could scare you into parting with anywhere from hundreds to tens of thousand of dollars in a vain attempt to keep a secret that a scammer made up in his or her own imagination.

As with all spam and scam emails, these are best ignored. They are just mass produced by the millions and fired out at the Internet shotgun-style.

Some have commented in the links we provide below that they have contacted the police about these emails (or letters) and received the cold shoulder. This is unsurprising. One of the benefits of computers is also one of their downsides; the fact that you can send an hilarious cat video to a few thousand of your closest friends is the same technology that allows scammers to multiply their own efforts considerably and with very little effort or expense. Your national police force probably already has this in their in tray, and when combined with other law-enforcement efforts it will probably rise to the top one day when they pull Guido over for speeding and realise that he is the mastermind behind all of this. Case closed.

There are many “top ten things you should do to remain safe on the Internet” lists out there. None will cover it all in only ten items, but here are some things for you to consider in the vein of the contents of these emails that we have reproduced below:

Don’t reuse passwords. If you consistently use the same email address and password for different websites, then when one of them is breached, all of your accounts are breached. Use a different password for every single website. It’s not that hard. Use a password manager like KeePass to generate and track random, complicated passwords that you will never remember and never need to remember.
Cover your webcam lens with an opaque cover when it is not in use. Some webcams include such a cover you can flip over the lens. If yours doesn’t, you can get a sticky cover that you can easily remove and reapply that doesn’t leave residue on the lens. We buy ours from the Electronic Frontier Foundation, but you can get generic ones or small metal covers you can install that you then slide to cover the lens (do a Web search for “webcam cover“), or you could use a sticky note or even a plaster / adhesive bandage.
Tell your friends and family. Friends don’t let friends pay bogus ransoms for bogus extortion attempts. Send them a link to this post at blog.niner.net/2018/07/24/extortion-scam-email

If you have any questions or concerns about this, please contact us and we will be happy to answer your questions. Thanks for your time.

Links to external websites with additional information documenting this scam

Reasonably Clever Extortion E-mail Based on Password Theft (16 July 2018)
Sextortion Scam Uses Recipient’s Hacked Passwords (12 July 2018)
My Bitcoin blackmail experience started with a well-written letter (10 April 2018)
Bitcoin Porn Blackmail Scam Reports Surge (12 March 2018) (Ironically, this post ends with a “helpful” affiliate link [for which the website is paid] to a website where you [the scammed individual] can buy Bitcoin to pay your ransom! How thoughtless of these morons.)
E-mail video scam (23 November 2017)
Extortion Phishing: So, closer to the point. You surfed the internet with porn, which I’ve placed with the virus … (1 September 2017)

The two emails brought to our attention are below. The wording is not identical, but the style and substance are the same and they seem to be written by the same person. In these emails we have masked our clients’ names, email addresses and passwords, of course.

Email 1

———- Forwarded message ———
From: Juliana Bradford <ydewillyfx@outlook.com>
Date: Mon, 23 Jul 2018 at 19:46
Subject: CLIENT NAME – PASSWORD
To: CLIENT EMAIL ADDRESS

I am well aware PASSWORD one of your passphrase. Lets get right to point. There is no one who has compensated me to investigate you. You do not know me and you’re most likely wondering why you’re getting this e-mail?

In fact, I actually setup a malware on the X streaming (pornography) web-site and do you know what, you visited this web site to experience fun (you know what I mean). While you were viewing videos, your internet browser began functioning as a Remote control Desktop that has a key logger which provided me accessibility to your screen and web camera. Right after that, my software collected all your contacts from your Messenger, social networks, as well as e-mailaccount. After that I created a video. First part displays the video you were viewing (you have a nice taste haha), and 2nd part displays the view of your cam, yea it is you.

You get two alternatives. Shall we read each of these choices in particulars:

First choice is to disregard this email message. In this scenario, I am going to send out your very own recorded material to every single one of your contacts and also just think concerning the awkwardness you will see. And consequently if you happen to be in an important relationship, just how it will eventually affect?

2nd alternative is to pay me $7000. Lets refer to it as a donation. Consequently, I most certainly will without delay discard your video recording. You could go on your daily life like this never occurred and you surely will never hear back again from me.

You will make the payment by Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google).

BTC Address to send to: 18sPsLXYDqKZnZ6Mb5xbYS168QFPYrQC75
[case sensitive, copy & paste it]

Should you are planning on going to the law enforcement, well, this mail can not be traced back to me. I have covered my actions. I am just not looking to ask you for money a whole lot, I simply want to be paid. I’ve a special pixel within this mail, and right now I know that you have read this message. You have one day to make the payment. If I do not receive the BitCoins, I will certainly send your video recording to all of your contacts including friends and family, co-workers, and many others. Nevertheless, if I do get paid, I will destroy the video right away. If you need proof, reply with Yea then I will certainly send out your video recording to your 7 friends. It’s a nonnegotiable offer and so please don’t waste my personal time & yours by responding to this message.

Email 2

——– Forwarded Message ——–
Subject: RE: CLIENT NAME – PASSWORD
Date: Thu, 19 Jul 2018 05:03:35 +0000
From: Antonio Simmons <jrcsxeugeniouks@outlook.com>
To: CLIENT EMAIL ADDRESS

I will directly come to the point. I do know PASSWORD is your pass word. More to the point, I am aware about your secret and I’ve evidence of your secret. You do not know me personally and nobody paid me to look into you.

It’s just your bad luck that I came across your bad deeds. Well, I placed a malware on the adult video clips (porno) and you visited this site to have fun (you know what I mean). While you were busy watching videos, your internet browser initiated operating as a Rdp (Remote desktop) that has a key logger which gave me access to your display screen as well as web camera. Right after that, my software program gathered your entire contacts from messenger, facebook, and mailbox.

Next, I put in more hours than I probably should’ve looking into your life and made a two view video. 1st part shows the video you were watching and second part shows the view from your web camera (its you doing dirty things).

Honestly, I am ready to forget all information about you and let you continue with your daily life. And I am going to present you 2 options that will make it happen. Those two option is with the idea to ignore this letter, or simply pay me $ 2900. Let’s explore these 2 options in more detail.

Option One is to ignore this email message. Let us see what is going to happen if you opt this option. I will certainly send your video to your entire contacts including family members, co-workers, and so forth. It does not shield you from the humiliation your self will face when family and friends discover your dirty details from me.

Option 2 is to send me $ 2900. We will call it my “privacy tip”. Now lets see what will happen if you choose this option. Your secret remains your secret. I’ll erase the recording immediately. You go on with your routine life that none of this ever occurred.

At this point you may be thinking, “I will complain to the police”. Let me tell you, I have covered my steps in order that this e mail cannot be linked to me plus it won’t prevent the evidence from destroying your lifetime. I’m not seeking to steal all your savings. I just want to get compensated for the time I placed into investigating you. Let’s assume you decide to produce all of this vanish entirely and pay me my confidentiality fee. You will make the payment via Bitcoin (if you don’t know how, type “how to buy bitcoins” on google search)

Amount to be paid: $ 2900
Bitcoin Address to Send to: 1GQK1MNV5N7B9pV8L63W7nGfChJkKp7ymq
(It is CASE sensitive, so you should copy and paste it carefully)

Tell nobody what you should use the bitcoin for or they may not provide it to you. The method to get bitcoin will take a short time so do not delay.
I’ve a specific pixel within this email message, and now I know that you’ve read this e mail. You have 24 hours to make the payment. If I don’t get the BitCoin, I will definately send out your video to your contacts including close relatives, colleagues, and many others. You better come up with an excuse for friends and family before they find out. Nonetheless, if I do get paid, I’ll destroy the video and all other proofs immediately. It’s a non negotiable offer, thus do not waste my personal time & yours. Your time is running out.

Tags: scams
Categories: Warnings
Comments Off

Reminder of domain renewal scams

12 February 2017 02:22:14 +0000

The scammers trying to separate you from your money never sleep and we’ve been meaning to send a reminder about that for a while now. Were prompted today by a couple of things: the first being a client who recently mistook one of these scams for a legitimate notice from NinerNet, and the second the receipt of four emails to us that arrived in quick succession in the span of 22 minutes this morning from the same scammers.

What these scams have in common is that they’re sent to the email address you use in your domain registration, and masquerade as domain renewal notices. The management of the WHOIS system — the database of domains and their owners — is a bone of contention among many, and after more than three decades ICANN has still not figured out how to make the WHOIS system useful for legitimate purposes while protecting domain owners from scams like these. We make five suggestions in the “Lessons to be learned” section of a rather long and detailed post from last year if you’re annoyed at the amount of spam you receive. One of those suggestions is not private domain registration, despite the fact that we can make money on that service.

The two particularly active scams that you should be aware of are these two:

You’ll note that the latter dates back to at least 2015. If the scam wasn’t working, they’d stop. Don’t be scammed!

If you have any questions or concerns, please let us know. Thanks.

Tags: domain renewals, scams
Categories: Warnings
Comments Off