Tag Archives: Encryption

A dozen Crypto attempts today

Posted on by The Old Wolf

crypto

All of these arrived in my inbox today; many are duplicated versions of the same message with minor changes.

Dear info,
Cathleen Holcomb asked me to send you the attached Word document, which contains the final version of the report.
Please let me know if you have any trouble with the file, and please let Cathleen know if you have any questions about the contents of the report.
Kind regards
Alisa Harper
Managing Director
Notice that all of these emails begin with “Dear Info,” since the relevant address is “info@devnull.com.” This in itself should be a red flag.
Dear info:
Thank you for your email regarding your order of 21 June, and sorry for the delay in replying. I am writing to confirm receipt of your order, and to inform you that the item you requested will be delivered by 25 June at the latest. If you require more information regarding this order, please do not hesitate to contact me.
Also, our records show that we have not yet received payment for the previous order of 11 June, so I would be grateful if you could send payment as soon as possible. Please find attached the corresponding invoice.
If there is anything else you require, our company would be pleased to help. Looking forward to hearing from you soon.
Yours sincerely
Benjamin Martin
Chief Executive Officer
Information. A report. An invoice with request for payment. A spreadsheet. All looking innocuous and legitimate.
Dear info,
The reference you requested is attached.
Let me know if you have any questions.
Best regards
Erma Frederick
CEO
No matter how official emails like this look, you should verify every detail before proceeding.
Dear info,
Our records show that we have not yet received payment for the previous order #A-393685
Could you please send payment as soon as possible?
Please find attached file for details.
Yours sincerely
Jami Garrett
Mexico Key Account Director
Don’t open those attachments! They are almost certainly javascript files which will download an encryption virus or something equally vicious.
Be careful out there.
The Old Wolf has spoken.

Infect your computer from home!

Posted on by The Old Wolf
From: <my email address>
To: <my email address>

Subject: Cooperarion with a large firm

Hello!

We are looking for employees working remotely.

My name is [Audra|Joni|Gus|Emily], I am the personnel manager of a large International company. (I got four of these in my mailbox today).
Most of the work you can do from home, that is, at a distance.
Salary is $2500-$5000.

If you are interested in this offer, please visit Our Site

Best regards!

If you’re careless enough to click that link (disabled above), what you’ll be taken to is this:

http://yaseminalkaya.xyz/wp-content/plugins/easy-tables-vc/xxxxxx/lib/jquery-handsontable/test/jasmine/spec/settings/

whereupon your computer will promptly be infected with an encryption virus or some other evil chicanery.

Do not respond to emails like this, and do not click embedded links!

The Old Wolf has spoken.

Nine more Crypto Emails

Posted on by The Old Wolf

Today in the mail, another gush of spam emails, each one with a .zip attachment labelled “invoice” or “statement” or “employees” or some other innocuous title. Each one containing a .js (javascript) file which would download encryption software, corrupt my files, and demand a ransom. Please do not be victimized by these criminals.

From: Carole Middleton <MiddletonCarole95@bol.net.in>
Subject: [SPAM] Re: Chart of Accounts
hello info,
You may refer to the attached document for details.
Regards,
Norma Palmer

From: Beatrice Salinas <SalinasBeatrice75015@slotcarsdirect.co.uk> Subject: [SPAM] FW: vendors

Hi info
The attached spreadsheet contains bills. Please review
Regards,
Beatrice Salinas

From: Devon Garcia <GarciaDevon55@uid.uk.com>
Subject: [SPAM] Re:

Hi info,
As promised, the document you requested is attached\
Regards,
Devon Garcia

Subject: [SPAM] Emailing: Photo 05-11-2016, 98 43 44

Your message is ready to be sent with the following file or link attachments:
Photo 05-11-2016, 98 43 44
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments.  Check your e-mail security settings to determine how attachments are handled.

Note: How kind of them to warn me against viruses.

Subject: [SPAM] Emailing: Photo 05-12-2016, 64 94 68

Your message is ready to be sent with the following file or link attachments:
Photo 05-12-2016, 64 94 68
Note: To protect against computer viruses, e-mail programs may prevent ending or receiving certain types of file attachments.  Check your e-mail security settings to determine how attachments are handled.

From: Kareem Sweeney <SweeneyKareem2103@residenceferrucci.it>
Subject: [SPAM] Re:

hi info,
As promised, the document you requested is attached
Regards,
Kareem Sweeney

From: Kristine Brennan <BrennanKristine0377@lemmertzturismo.com.br>
Subject: [SPAM] build assemblies

hello info
Attached please find the build assemblies report for your review
Thank you.
Regards,
Kristine Brennan

From: Mable Ward <WardMable44090@cmsadv.com.br>
Subject: [SPAM] FW: invoices

Hi info
The attached spreadsheet contains employees. Please review
Regards,
Mable Ward

From: Milagros Wiley <WileyMilagros41@telefonica.de>
Subject: [SPAM] receive payments

hello info
Attached please find the receive payments report for your review
Thank you.
Regards,
Milagros Wiley

From: Norma Palmer <PalmerNorma3969@jpowerassembly.org>
Subject: [SPAM] Re: Chart of Accounts

hello info,
You may refer to the attached document for details.
Regards,
Norma Palmer

I post these only in case people out there are searching the web for similar messages.

Be clear: THESE MESSAGES CARRY ENCRYPTION VIRUSES. Do NOT open the attachments!

Be careful out there

The Old Wolf has spoken.

Ten Crypto-Emails in a Single Day

Posted on by The Old Wolf

Please, please, be careful out there. The Crypto-scammers are ramping up their game.

cryptowall-infographic-enews

Below are eight of the ten spam emails I received only today. Each one was equipped with its own attachment, which would have doubtless encrypted my entire computer.

1)

To: “redacted”
From: Norman Baldwin <BaldwinNorman31872@jawhar9.com>

Subject: Second Reminder – Unpaid Invoice

We wrote to you recently reminding you of the outstanding amount of $7096.64 for Invoice number #18268E, but it appears to remain unpaid.

For details please check invoice attached to this mail

Regards,
Norman Baldwin
Deputy Director of Finance

2)

To: “redacted”
From: Olive Booth <BoothOlive804@beamtele.net>

Subject: Re:

Hello, info

Please find the document file attached to this mail. The attached file contains transfers and invoices history of your bank account

Regards,

Olive Booth

3)

To: “redacted”
From: Greg Maynard <MaynardGreg93@agenciaH.com>
Subject: Re:

Good evening info,
As promised, I have attached the spreadsheet contains last 50 transaction and your account actual balance.
Regards,
Greg Maynard

4)

To: “redacted”
From: Dolly Browning <BrowningDolly48549@feoliveira.com>

Subject: RE: Outstanding Account

This is a reminder that your account balance of $5315.75 was overdue as of 25 April 2016.

Enclosed is a statement of account for your reference.

Please arrange payment of this account today or, if you cannot make full payment at this time, please contact us to make a payment arrangement that is mutually acceptable.
Regards,

Dolly Browning
CEO, Cafedirect

Have a nice day

Yeah, I’d have a really nice day if I opened your attachment and all my files were encrypted. Shove it where the sun don’t shine, fool.
5)
To: “redacted”
From: Clarissa Ewing <EwingClarissa61@betonfiguratie.nl>

Subject: Re:

Hello, info

Please find the document file attached to this mail. The attached file contains transfers and invoices history of your bank account.

Regards,
Clarissa Ewing

6)

Subject: Ticket
From: Alma cawley <Veronica344@gmail.com>

To: redacted

Content-Type: application/zip; name=”TICKET-T1153854633273.zip”
Content-Disposition: attachment; filename=”TICKET-T1153854633273.zip”
X-Attachment-Id: 90725767494-local0

 

7)

To: “redacted”
From: Guadalupe Oneal <OnealGuadalupe459@sanctuaryandcare.com>

Subject: FINAL NOTICE – OUTSTANDING ACCOUNT

Dear Client, We are writing concerning the amount of $3339.41 which was due to be paid on 01.05.2016 and, despite numerous requests for payment, remains outstanding. Details attached to this email. We demand that payment of the full amount be paid to us on or before 10.05.2016. If this account is not resolved by the specified date we reserve the right to commence legal proceedings to recover the debt without further notice to you, and you may be responsible for any associated legal fees or collection costs. If you wish to prevent this, please contact the undersigned as a matter of urgency and settle your account before the above date. Regards, Guadalupe Oneal Head of Finance UKGI Planning

 8)
To: “redacted”
From: Tad Whitney <WhitneyTad085@tecktranslations.de>

Subject: FINAL NOTICE – OUTSTANDING ACCOUNT
Dear Client, We are writing concerning the amount of $6958.82 which was due to be paid on 01.05.2016 and, despite numerous requests for payment, remains outstanding. Details attached to this email. We demand that payment of the full amount be paid to us on or before 10.05.2016. If this account is not resolved by the specified date we reserve the right to commence legal proceedings to recover the debt without further notice to you, and you may be responsible for any associated legal fees or collection costs. If you wish to prevent this, please contact the undersigned as a matter of urgency and settle your account before the above date. Regards, Tad Whitney Chief Technology Officer

Even if an email claims you owe them money, if it threatens you, even if it looks like a legitimate invoice, even if it comes from someone you think you know, NEVER open attachments – especially .zip files – without verifying what it is and who it comes from.

Working as I do for a first-rate cloud backup company, I have noticed a definite uptick in people calling in for help to recover their files after having everything they own encrypted, and being blackmailed for anywhere between $300 and $2000 to get their data back (and there’s no guarantee the criminals will send them a decryption key even if they pay.)

carbonite-logo

You may want to consider these folks. They keep up to 12 versions of your data, making you almost Crypto-proof. This article at the New York Times mentions them by name.

The internet has made it excruciatingly easy for human scum to perpetrate financial crimes on their victims. Please be careful and don’t become one of those victims.

  1. Never open attachments from unknown senders.
  2. Keep your anti-virus software up to date.
  3. Back up your data safely.

The Old Wolf has spoken.