Malicious emails: Infomaniak explains how they work

The leading Swiss web host confirms several cases of malicious email that arbitrarily attack email addresses found on the Internet. These particularly deceptive emails aim to extort and exploit personal information that has leaked onto the Web. Computers that have allegedly been hacked, theft of old passwords, threats to share intimate videos with all one’s contacts: everything is done to make their targets give in under pressure.

Infomaniak, which is among the leading hosts for private and professional email, is in a well-informed position to understand this phenomenon, reassure users and help them protect themselves.

What should you know about this type of malicious email?

This malicious spam cannot be attributed to any particular messaging service and is produced by organised fraudsters who likely operate from abroad. Like other types of attacks, this type of email manages to escape the detection of the most sophisticated antispam filters by hacking emails that are considered reliable.

These extortion attempts exploit two flaws. The first is technical, the second, and the most dangerous, is human.

Password theft

Websites, even the most important among them, get hacked every day. They include on-line stores, music streaming services, on-line gaming sites or any other site that handles user accounts. In these cases, databases containing members’ logins and passwords are compromised and can be revealed on the Internet. The breach of these data may also occur following spam. Users’ passwords and names are thus revealed and become accessible on the Web.

These logins fall into the hands of the authors of this malicious email, whether they are the perpetrators of the hacking or not. They use it to gather personal information and prepare their offence. The human flaw is exploited in the next phase.

Create fear to obtain money

The real mechanism of this malicious email lies in the plot. To trigger the payment of a ransom, the fraudsters establish a scenario that is supported by the personal information they have gathered previously. Through personal email that is made tangible by divulging the victim’s password, spammers lay a trap that is easy to fall into. They exploit the strategy of a lie wrapped in truth.

Supported by personal details, the fraudsters make their entire scenario plausible. In reality, it is false. It is only aimed at creating fear and guilt: two emotions that can make victims give in to the pressure of a demand for ransom.

This type of email may take the following form:

It appears that, (XXXXX), is your password. You may not know me and you are most likely wondering why you are getting this e mail, right?

in fact, I setup a malware on the adult vids (adult) web site and guess what, you visited this site to have fun (you know what I mean). During the time you were watching videos, your internet browser started out operating as a RDP (Team Viewer) which gave me accessibility to your screen and web camera. and then, my computer software obtained all of your contacts from the Messenger, Microsoft outlook, Facebook, in addition to emails.

What did I do?

I produced a double-screen video. Very first part shows the recording you were watching (you have got a good taste haha . . .), and 2nd part shows the recording of your webcam.

what exactly should you do?

Well, I think, $1000 is a reasonable price for our little hidden secret. You will make the payment by Bitcoin (if you don’t know this, search “how to purchase bitcoin” in Google).

Bitcoin Address: XXXXXXXXXXXXXXXX
(It’s case sensitive, so copy and paste it)

Very important:
You have 1 day in order to make the payment. (I have a unique pixel in this e-mail, and at this moment I am aware you have read this email message). If I don’t get the BitCoins, I will certainly send your videos to all of your contacts including family, co-workers, and so forth. Having said that, if I receive the payment, I’ll destroy the recording immidiately. If you’d like evidence, reply with “Yes!” and i’ll undoubtedly send your video recording to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by answering this message.

In the specific case of this attack, the authors pretend to have hacked the computer of their targets and captured intimate videos via their webcam. This blackmail closes with the threat of distributing these videos to the contacts in the victim’s address book if the ransom (in Bitcoins) is not paid within 24 hours.

What should you do if you are faced with this type of spam?

Even though they are addressed personally, these emails are sent to hundreds, even thousands, of web users. Again, the personal and direct tone aims to destabilise the victim.

If you should receive this type of email, we advise you not to answer it and delete it. Do not pay a ransom.

Then, immediately analyse your computer with a recognised anti-virus and modify your sensitive passwords.

If you have already answered this email or receive persistent reminders, interrupt the correspondence and delete the emails.

If you have paid a ransom, it may be necessary to file a complaint with the police. In this case, make sure you keep all the messages and receipts of the transaction.

How to avoid malicious email.

Above and beyond technical solutions, and because human weaknesses are exploited, the best protection is vigilance. Any unusual situation should raise suspicion. This suspicion must be to your benefit rather than to the sender’s. In any case, remain prudent.

Best practices to reduce the risks

• Use different passwords for each account: computers, email addresses and websites.
• Block automatic image downloading in your messaging software.
• Beware of unsolicited or unusual email from known and unknown senders. The theft of email addresses is frequently used to deceive the receivers of malicious email.
• In case of doubt, don’t act in haste and take the time to check the origin of the message by, for example, calling the author on the phone.
• Don’t open attachments with unknown extensions or which seem unsuitable for the context in which you receive them.
• Check suspicious URLs before clicking on them by copying them into a site like virustotal.com
• Register your email address and password on the haveibeenpwned.comwebsite to check if your logins have been involved in known data hacks. If necessary, you can create an alert to warn yourself.

It is worth mentioning that Infomaniak never asks users to enter their logins or any other personal information in an email (date of birth, address, bank details, etc.). Moreover, our clients are continuously informed of any threats in the service status and in the Manager.

Find out more

• Discover Infomaniak’s professional Mail hosting
• Register a domain name with a professional email address free of charge