Jump to content
OpenSecurity.global
  • Recently Browsing   0 members

    No registered users viewing this page.

Recommended Posts

Hello OpenSecurity Fam! 

I’ve received yet another message from a friend who received a sextortion email - this was on Thursday. They were concerned because the email contained a legitimate password they use, as per my usual response I asked them to check HaveIBeenPwned.com to see if it may have been found from a breach - it was. Advised to change password(s) and enable MFA. 

My question is: besides checking WhoIs for the domain, using IntelTechniques toolset to search for the email, and google-fu’n the email; would you do anything further? Am I missing a step/responsibility of disclose to anyone, is there an org that takes submissions and shares out details? I’ll write a blog post shortly, but I want to share details as far as possible to help those who might have received. 

I also shared on the Twitterverse: 

 

Cheers 💜

Share this post


Link to post

In the past when dealing with dodgies I've gone to lengths to get IP addresses and from those reading my replies but the problem with the sextorsion emails i recieve is they dont need a reply, they're broadcasted spam with an address for you to pay if they get lucky with the fear, these emails usually propagate from other compromised email addresses or disposable ones : )

If you replied with, i'm trying to pay but it's sending me here (canary) there might be some milage in it, but other than your excellent password advice, how much time do you want to spend on these asshats, with the resources and visibility you have 

if there are domains  there are actions to take

if there are .onions there are other actions 

if there is just a bitcoin address ... just add that address to the spam folder 

 

one time, I was being scammed out of a lenovo w520, I ended up putting a fake website called 'trackages.co' as a fake parcel tracking website to tell the scammer i'm using this service they can see where it is with this uniq refrence number, the first time they hit it it was from a dial up in uganda, but the 2nd,3rd,4th time was blackberry in the UK ... handed that over to SOCA or whatever it was called at the time 🙂 - was fun. 

 

it's really about the context of the interaction, do they need to read a reply can you illicit further interactions, and can you trick them into clicking shit - the sextorsion emails ive seen i consider 'UDP' they dont care what you say back to them but might be worth trying !

... also if this was twitter, my response would be much more hurrendous. (i have a reputation to protect) 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Members online now

    No members to show

×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy