Scam emails claiming that your account has been hacked are alarmingly common. These emails exploit fear, embarrassment, and urgency to pressure victims into transferring money, often in the form of cryptocurrency. A common scam starts with the subject line: “Your account has been hacked. You need to unlock.”
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Friday and Cyber Monday!
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: This is an affiliate link – your enrollment helps support this platform at no extra cost to you.
What Does the Scam Look Like?
Subject: Your account has been hacked. You need to unlock
Sender: Billy Harrington <info@azurepavillion>
Hello!
I have to share bad news with you. Approximately a few months ago, I gained access to your devices, which you use for internet browsing. After that, I have started tracking your internet activities.
Here is the sequence of events:
Some time ago, I purchased access to email accounts from hackers (nowadays, it is quite simple to buy it online).
I have easily managed to log in to your email account. One week later, I have already installed the Cobalt Strike "Malware" on the Operating Systems of all the devices you use to access your email.
It was not hard at all (since you were following the links from your inbox emails). All ingenious is simple.
This software provides me with access to all your devices controllers (e.g., your microphone, video camera, and all on it).
I have downloaded all your information, data, photos, videos, documents, files, web browsing history to my servers.
I have access to all your messengers, social networks, emails, chat history, and contacts list.
My virus continuously refreshes the signatures (it is driver-based) and hence remains invisible for antivirus software.
Likewise, I guess by now you understand why I have stayed undetected until this letter.
While gathering information about you, I have discovered that you are a big fan of adult websites.
You love visiting porn websites and watching exciting videos while enduring an enormous amount of pleasure.
Well, I have managed to record a number of your dirty scenes and montaged a few videos, which show how you masturbate and reach orgasms.
If you have doubts, I can make a few clicks of my mouse, and all your videos will be shared with your friends, family, and relatives.
Considering the specificity of the videos you like to watch (you perfectly know what I mean), it will cause a real catastrophe for you. I also have no issue at all with making them available for public access (leaked and exposed all data).
General Data Protection Regulation (GDPR): Under the rules of the law, you face a heavy fine or arrest. I guess you do not want that to happen.
Here is what you need to do - transfer the Bitcoin equivalent of 12000 USD to my Bitcoin account (that is rather a simple process, which you can check out online in case if you do not know how to do that).
Below is the Bitcoin account information (Bitcoin wallet):
1HLn1GNBvENxZH5r2mNAgEVwjySyRTZGKQ
Once the required amount is transferred to my account, I will proceed with deleting all those videos and disappear from your life once and for all.
Kindly ensure you complete the abovementioned transfer within 50 hours (2 days +).
I will receive a notification right after you open this email, hence the countdown will start.
Trust me, I am very careful, calculative and never make mistakes. If I discover that you shared this message with others, I will straight away proceed with making your private videos public.
Good luck!
- Fake Claims of Hacking
The scammer alleges that they have gained access to your email account and devices through malware or by purchasing access from other hackers. - Threats to Expose Sensitive Information
They claim to have recorded compromising activities (often fabricated) using your webcam or other devices and threaten to share this material with your contacts. - Demand for Payment
The email demands a payment, typically in Bitcoin, to prevent the supposed release of your private information. A countdown is often given to create urgency. - Technical Details to Appear Credible
The email may mention malware like “Cobalt Strike” or other tools to intimidate recipients and make the threat seem legitimate. - Warnings Against Reporting
Scammers caution victims against sharing the email with anyone, claiming they will release the sensitive information if the email is reported.
What is Cobalt Strike?
Cobalt Strike is a cybersecurity tool designed for penetration testing. It helps security professionals simulate real-world cyberattacks to test the resilience of networks. The software provides features like payload generation, command and control (C2) communication, and post-exploitation tools to mimic the actions of hackers.
However, cybercriminals often misuse it for malicious purposes. They use Cobalt Strike to deliver malware, maintain access to compromised systems, and exfiltrate data. Its stealth features, such as evading detection by antivirus software, make it a popular choice among attackers. Originally meant for ethical hacking, it highlights the fine line between testing defenses and exploiting vulnerabilities.
Email Header Analysis
Understanding email headers is crucial for identifying the source of scam emails. Here’s an analysis of the header details from the scam email:
Source Server: The email originated from static-185-95-84-74.sunucuhub.com
with the IP address 185.95.84.74
. This server appears to belong to a suspicious or unverified host.
Helo Address: The sender’s system introduced itself as static-84-74.corelux.net
, which may be a fake or compromised server.
Relaying Server: The email was relayed through vps2.webfruit.space
using secure email transmission (esmtpsa) with TLS encryption (TLS1.2
).
Envelope Sender: The email claims to be from <[email protected]>
, but this could easily be spoofed.
Sender IP address VirusTotal Score: 8/94
The sender’s IP address, 185.95.84.74, has a VirusTotal score of 8/94, indicating that 8 out of 94 security vendors flagged it as malicious or suspicious. A score of 8 is a strong indication that this IP is associated with potentially harmful activities, such as phishing or malware distribution. This reinforces the likelihood that the email is part of a scam. Always verify suspicious IP addresses using tools like VirusTotal to assess their reputation and avoid engaging with emails originating from flagged sources.
Why You Shouldn’t Fall for It
- No Evidence of Actual Hacking
The email lacks concrete proof, such as a specific password or verifiable detail about you. The threats are generic and designed to instill fear. - Claims Are Technically Improbable
- Modern operating systems and antivirus software make it difficult for malware to remain undetected for months as described.
- Webcam access typically requires explicit permission, making the claims of recorded activities suspect.
- Bitcoin Transactions Are Irrecoverable
Scammers use cryptocurrency because it is hard to trace and impossible to reverse once sent.
What to Do If You Receive Such an Email
Step 1: Do Not Panic
Remember, this email is likely a phishing attempt and not evidence of an actual security breach.
Step 2: Do Not Reply or Pay
Responding or paying only validates your email address as active, making you a target for future scams.
Step 3: Verify Your Account Security
- Change your email password and enable two-factor authentication (2FA).
- Scan your devices with updated antivirus software to ensure no malware is present.
Step 4: Blog the Sender
Mark the email as spam and block the sender’s address.
Bitcoin Wallet Address
The Bitcoin address provided in the scam email has been verified and shows no transactions to date. This suggests that the scammer’s attempt to extort money may not have been successful yet. It is also possible that the scammer is using this address as part of a broader campaign, hoping to intimidate multiple victims into making payments. The absence of transactions does not diminish the threat, as such tactics are designed to exploit fear and urgency. Verifying cryptocurrency addresses can provide insights into scam campaigns, and reporting them helps prevent potential victims from falling into the trap.
Final Thoughts
Scam emails like “Your account has been hacked. You need to unlock” prey on fear and lack of technical knowledge. Staying calm, taking practical steps, and understanding how these scams operate can protect you from falling victim. Always prioritise account security, and never hesitate to report scams to the authorities. Stay safe online!
1 post – 1 participant
Scam emails claiming that your account has been hacked are alarmingly common. These emails exploit fear, embarrassment, and urgency to pressure victims into transferring money, often in the form of cryptocurrency. A common scam starts with the subject line: “Your account has been hacked. You need to unlock.”
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Friday and Cyber Monday!
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: This is an affiliate link – your enrollment helps support this platform at no extra cost to you.
What Does the Scam Look Like?
Subject: Your account has been hacked. You need to unlock
Sender: Billy Harrington <info@azurepavillion>
Hello!
I have to share bad news with you. Approximately a few months ago, I gained access to your devices, which you use for internet browsing. After that, I have started tracking your internet activities.
Here is the sequence of events:
Some time ago, I purchased access to email accounts from hackers (nowadays, it is quite simple to buy it online).
I have easily managed to log in to your email account. One week later, I have already installed the Cobalt Strike “Malware” on the Operating Systems of all the devices you use to access your email.
It was not hard at all (since you were following the links from your inbox emails). All ingenious is simple.
This software provides me with access to all your devices controllers (e.g., your microphone, video camera, and all on it).
I have downloaded all your information, data, photos, videos, documents, files, web browsing history to my servers.
I have access to all your messengers, social networks, emails, chat history, and contacts list.
My virus continuously refreshes the signatures (it is driver-based) and hence remains invisible for antivirus software.
Likewise, I guess by now you understand why I have stayed undetected until this letter.
While gathering information about you, I have discovered that you are a big fan of adult websites.
You love visiting porn websites and watching exciting videos while enduring an enormous amount of pleasure.
Well, I have managed to record a number of your dirty scenes and montaged a few videos, which show how you masturbate and reach orgasms.
If you have doubts, I can make a few clicks of my mouse, and all your videos will be shared with your friends, family, and relatives.
Considering the specificity of the videos you like to watch (you perfectly know what I mean), it will cause a real catastrophe for you. I also have no issue at all with making them available for public access (leaked and exposed all data).
General Data Protection Regulation (GDPR): Under the rules of the law, you face a heavy fine or arrest. I guess you do not want that to happen.
Here is what you need to do – transfer the Bitcoin equivalent of 12000 USD to my Bitcoin account (that is rather a simple process, which you can check out online in case if you do not know how to do that).
Below is the Bitcoin account information (Bitcoin wallet):
1HLn1GNBvENxZH5r2mNAgEVwjySyRTZGKQ
Once the required amount is transferred to my account, I will proceed with deleting all those videos and disappear from your life once and for all.
Kindly ensure you complete the abovementioned transfer within 50 hours (2 days +).
I will receive a notification right after you open this email, hence the countdown will start.
Trust me, I am very careful, calculative and never make mistakes. If I discover that you shared this message with others, I will straight away proceed with making your private videos public.
Good luck!
Fake Claims of HackingThe scammer alleges that they have gained access to your email account and devices through malware or by purchasing access from other hackers.
Threats to Expose Sensitive InformationThey claim to have recorded compromising activities (often fabricated) using your webcam or other devices and threaten to share this material with your contacts.
Demand for PaymentThe email demands a payment, typically in Bitcoin, to prevent the supposed release of your private information. A countdown is often given to create urgency.
Technical Details to Appear CredibleThe email may mention malware like “Cobalt Strike” or other tools to intimidate recipients and make the threat seem legitimate.
Warnings Against ReportingScammers caution victims against sharing the email with anyone, claiming they will release the sensitive information if the email is reported.
What is Cobalt Strike?
Cobalt Strike is a cybersecurity tool designed for penetration testing. It helps security professionals simulate real-world cyberattacks to test the resilience of networks. The software provides features like payload generation, command and control (C2) communication, and post-exploitation tools to mimic the actions of hackers.
However, cybercriminals often misuse it for malicious purposes. They use Cobalt Strike to deliver malware, maintain access to compromised systems, and exfiltrate data. Its stealth features, such as evading detection by antivirus software, make it a popular choice among attackers. Originally meant for ethical hacking, it highlights the fine line between testing defenses and exploiting vulnerabilities.
Email Header Analysis
Understanding email headers is crucial for identifying the source of scam emails. Here’s an analysis of the header details from the scam email:
Source Server: The email originated from static-185-95-84-74.sunucuhub.com with the IP address 185.95.84.74. This server appears to belong to a suspicious or unverified host.
Helo Address: The sender’s system introduced itself as static-84-74.corelux.net, which may be a fake or compromised server.
Relaying Server: The email was relayed through vps2.webfruit.space using secure email transmission (esmtpsa) with TLS encryption (TLS1.2).
Envelope Sender: The email claims to be from <[email protected]>, but this could easily be spoofed.
Sender IP address VirusTotal Score: 8/94
The sender’s IP address, 185.95.84.74, has a VirusTotal score of 8/94, indicating that 8 out of 94 security vendors flagged it as malicious or suspicious. A score of 8 is a strong indication that this IP is associated with potentially harmful activities, such as phishing or malware distribution. This reinforces the likelihood that the email is part of a scam. Always verify suspicious IP addresses using tools like VirusTotal to assess their reputation and avoid engaging with emails originating from flagged sources.
Why You Shouldn’t Fall for It
No Evidence of Actual HackingThe email lacks concrete proof, such as a specific password or verifiable detail about you. The threats are generic and designed to instill fear.
Claims Are Technically Improbable
Modern operating systems and antivirus software make it difficult for malware to remain undetected for months as described.
Webcam access typically requires explicit permission, making the claims of recorded activities suspect.
Bitcoin Transactions Are IrrecoverableScammers use cryptocurrency because it is hard to trace and impossible to reverse once sent.
What to Do If You Receive Such an Email
Step 1: Do Not PanicRemember, this email is likely a phishing attempt and not evidence of an actual security breach.
Step 2: Do Not Reply or PayResponding or paying only validates your email address as active, making you a target for future scams.
Step 3: Verify Your Account Security
Change your email password and enable two-factor authentication (2FA).
Scan your devices with updated antivirus software to ensure no malware is present.
Step 4: Blog the SenderMark the email as spam and block the sender’s address.
Bitcoin Wallet Address
The Bitcoin address provided in the scam email has been verified and shows no transactions to date. This suggests that the scammer’s attempt to extort money may not have been successful yet. It is also possible that the scammer is using this address as part of a broader campaign, hoping to intimidate multiple victims into making payments. The absence of transactions does not diminish the threat, as such tactics are designed to exploit fear and urgency. Verifying cryptocurrency addresses can provide insights into scam campaigns, and reporting them helps prevent potential victims from falling into the trap.
Final Thoughts
Scam emails like “Your account has been hacked. You need to unlock” prey on fear and lack of technical knowledge. Staying calm, taking practical steps, and understanding how these scams operate can protect you from falling victim. Always prioritise account security, and never hesitate to report scams to the authorities. Stay safe online!
Article Link: Beware of “Your Account Has Been Hacked. You need to unlock” Scam Emails: Stay Safe Online – Malware Analysis, Phishing, and Email Scams
1 post – 1 participant
Read full topic