Phishing Mail

I am A, an Exabee working at Exabytes.

I’m just an ordinary human who joins the crazy morning traffic to Exabytes Office in Payar Lebar every day to fulfill the mission of ‘Grow Your Business Online!’

What the…this is surely not a good start amid Monday Blues because I just received a similar email which I thought was some kind of love story, and moved it straight to the Junk folder. And I found a Big Bad Wolf Hiding “Phishing Mail” behind Exabytes Mail.

spot phishing mail

So, I grabbed a cup of coffee and started to perform an analysis.

GOSH! “Email [email protected] has been compromised!”

Look How I Met Big Bad Wolf in some Phishing Mails.

Email header + Content

All emails consist of an Email header and Email body.

Email header records every single relay point going through before it reaches your mailbox.

It is like how you trace your parcel from a courier service provider after purchasing something online.

 Received: from [12.12.12.123] (UnknownHost [12.12.12.123]) by mail.domain.com with SMTP;

Thu, 29 Oct 2018 06:17:21 +0800

Message-ID: <xxxxxx>

From: <[email protected]>

To:  <[email protected]>

Subject: account [email protected] is compromised

Date: 29 Oct 2018 06:00:12 +0800

 

phishing mail hacker

Suspicion 1: I know your password!

I’m a hacker who hacked your email and device a few months ago.

You entered a password on one of the sites you visited, and I intercepted it.

Of course you can/will change your password, or already changed it.

But it doesn’t matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

 

If you have my email account password, why didn’t you directly authenticate/relay over the mail server but instead sending from a third party host [12.12.12.123], and pretended that you know my password?

 

Phishing Spying

Suspicion 2: Spying on you!

Through your email, I uploaded malicious codes to your Operating System.

I saved all your contacts with friends, colleagues, relatives, and a complete history of visited websites.

I also installed a Trojan on your device and have been spying on you for a long time.

You are not my only victim. I usually lock computers and ask for a ransom.

But I was struck by the sites of intimate content that you often visit.

 

The spammer seems to put on more pressure.

If he/she is a real hacker that got “full access” to my laptop/desktop, then he/she should deploy a ransomware instead of sending a phishing mail, and wait for me to take the bait.

 


Phishing Scam photo

Suspicion 3: I made screenshot from your photos!

So, when you had fun on piquant sites (you know what I mean!), I made screenshot using my program from your camera device.

After that, I combined them with the content of the currently viewed site.

There will be laughter when I send these photos to your contacts! BUT I’m sure you don’t want this to happen.

 

My broken camera already stopped working for a some time and the website I frequently visit is exabytes.my. Now you really make me laugh, I get your joke! LOL!

 

Phishing Bitcon Scam

Suspicion 4: Pay me or Data gone!

Therefore, I expect payment from you for my silence.

I think $852 is an acceptable price for it!

Pay with Bitcoin.

My BTC wallet: 1DVU5Q2HQ4srFNSSaWBrVNMtL4pvBkfP5w

If you do not know how to do this – Search this on Google “how to transfer money to a bitcoin wallet”. It is not difficult.

After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.

 

It seems that you care about me more than I do regarding this data. You care about me so much that you provided me with the steps on how to make payment.

Wow, the last line sounds like a scene in Mission Impossible. Are you a fan of the box office?

 

Phishing Example

Suspicion 5: Time is running out! I’m coming now!

My Trojan have auto alert, after this email is read, I will know it!

You have 2 days (48 hours) to make payment. If this does not happen – all your contacts will get crazy shots from your dark secret life! Soon your device will be blocked too (also after 48 hours).

 

I read the similar email last week, did you not track that?

Email actually got a function called “Read receipts”. And why would you need to spend time writing a Trojan?

 

phishing wolf or husky

Suspicion 6: Do not be Silly!

Do not be silly!

Police or friends won’t help you for sure …

P.S. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope you understand your situation now.

Farewell.

 

Finally, I saw a meaningful line in the whole content…Yes, Do not be silly with such low level phishing mail, and I will sure help my friends by spreading this information ^^

Bye Mr. Spammer, good try!

For More Similar Post About Cyber Security and Scam Mails