In this article, we cover a phishing email starting with the following sentence:
on this day I hacked your OS and got full access to your account [email protected]
Such phishing emails aim to create feelings of desperation and fear. We want to combat this by ensuring you better understand how to deal with such issues.
Email users may receive this email regardless of hosting plan, content management system (CMS), email provider, spam filter, and other hosting features.
IMPORTANT: We are not security specialists. The information below may not be up-to-date best practices to combat phishing and other cyber attacks. We recommend contacting Sucuri for expert advice and a web-application firewall for better security.
Recommendations
We’re going to display the email in parts and offer recommendations for each section.
I have very bad news for you.
[Date] – on this day I hacked your OS and got full access to your account [email address].
You can check it – I sent this message from your account.So, you can change the password, yes.. But my malware intercepts it every time.
Truth: “Malware” is the abbreviation for malicious software. Scammers and bots can acquire your email address without hacking your computer or website. Is your email address on your website contact page, social media contact sections, or business card? Do you have domain privacy?
Solution:
- Remove your email account from public view, or only place it on sites that require completing reCAPTCHA to view it.
- Use a contact form, similar to security-oriented Contact Form 7 for WordPress, on your website instead to better filter spam.
- Create a different email account for administration tasks and for correspondence.
- Register your email addresses with HaveIBeenPwned.com for notifications on confirmed intrusions.
- Use a password manager and strong passwords instead of saving them within your browser. Most browsers do not encrypt saved login credentials by default.
Router
How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
Truth: While this is possible, you should contact your internet service provider (ISP) regarding vulnerabilities and assistance enhancing your home network router. A trojan [horse] is a file that looks legitimate but includes malware.
Solution:
- Contact your internet service provider (ISP) for assistance enhancing your home network router security, firewall settings if applicable, and ensuring your router firmware is up to date.
- Run antivirus and backup solutions on your location workstation and server. All customers can contact Live Support to request an account scan. VPS and Dedicated server administrators can do this with ClamAV Scanner.
- If you’re on a VPS or Dedicating server, update your ConfigServer Security & Firewall (CSF) or Cisco hardware firewall settings (if applicable).
Interested in upgrading your server security? Check out our VPS Hosting plans and be sure to bookmark our guide on VPS Security.
Backup
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
Truth: This is possible, regardless of your operating system, but a lot of factors determine its likelihood.
Solution:
- Create, and verify, backups for cPanel and local devices to an external location regularly.
- Use multi-factor authentication (MFA / 2FA) whenever possible.
Ransomware
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I’m talk you about sites for adults.
Truth: It is possible to capture activity between an user and website or server. This is called a man-in-the-middle (MITM) attack. This is a common issue with public Wi-Fi networks such as in airports and restuarants. This is also possible with users using Google search on a computer while logged in or an infected mobile device.
Solution:
- Navigate websites with HTTPS only, especially e-commerce sites.
- Consider using a virtual private network (VPN) for web browsing.
- Only use trusted Wi-Fi networks.
Remember, this article is meant to be primarily informative. Contact Sucuri for expert advice on how to secure your website.
Bitcoin
Pay ONLY in Bitcoins!
My BTC wallet: #########################You do not know how to use bitcoins?
Enter a query in any search engine: “how to replenish btc wallet”.
It’s extremely easy
Truth: Don’t search that phrase. As stated in the last truth above, If anyone has access to see your network activity, searching that phrase will show someone that you’re more susceptible to future phishing attacks.
Solution: Ignore this. If you have Bitcoin, check your payment history for theft.
Payment
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
Truth: There is no way to verify that any stolen data will be destroyed. The unfortunate truth is that if it was stolen, it has likely already been sold.
Solution: Ignore this.
Locked
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.
Truth: Many cyber attacks are triggered by a specific action such as specific date, time, or user action. This type of ransomware is called a logic bomb.
Solution:
- To be safe, use AV scanners to search for malware.
- Ensure you have up-to-date cPanel and device backups.
Security
I hope you understand your situation.
– Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
– Do not try to contact me (you yourself will see that this is impossible, I sent you an email from your account)
– Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
Truth:
- Searching for possible malware on your server and local devices is more important than worrying about what’s on a remote server.
- There may be useful information in the email header information. Live Support and our partners Sucuri can help you with this.
- Various security services, such as this article, can help you better understand how to better detect and combat phishing.
Solution:
- Ensure all software is up to date.
- Follow our guide to strengthen email authentication and mitigate email spoofing. Keep the email for a security specialist to review or delete it.
- Contact Live Support for an account scan and further security advice related to your hosting plan, installed CMS(s), Softaculous (VPS and Dedicated only), etc.
- Stay tuned for our article on how to detect phishing.
Honor
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker.
Truth: You are not the only person to receive this email.
Solution: Ignore the rest.
Antivirus
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just do my job.
Truth: We request you take cybersecurity seriously. Unfortunately, software cannot completely eliminate the possibility of phishing and other cyber attacks. The best way to mitigate cyber attacks is user awareness and training.
Solution: Stay alert when browsing the web and checking your email.
Questions?
Do you have more questions? Let us know below.
Do you have questions about how to secure your CMS? Check our Support Center. Have we not covered it yet, request it below or in our Community Support Center!
This article will be updated as we cover more related topics.