If you received such a mail(See below), it means that cybercriminals have already collected your email address. Don't panic, this is just a trap to trick you. Here's an example of what the email might look like.
The email you received was sent from a fake email address. This means it wasn't actually sent from the address it appears to be from.
Even though your company uses a strong security system like Office 365 ATP (Advanced Threat Protection), this email was able to bypass it using the reputed email service provider.
When this email was received, security systems like VirusTotal (VT) didn't detect it as malicious (while writing this post). This is because the attackers may have used new or previously unknown techniques."
Key points:
- Email compromise: Your email address has likely been collected from previous data breaches or online activities.
- Phishing attempt: The email is a phishing attempt designed to trick you into clicking on links, downloading attachments, or revealing sensitive information.
- Spoofed email address: The email address shown is fake and doesn't belong to the sender.
- Bypassed security: The email was able to bypass sophisticated security measures, indicating a sophisticated attack.
- Evasion techniques: The attackers may be using new or previously unknown techniques to evade detection by security systems.
In simpler terms:
Imagine someone found your home address and is trying to trick you into opening a suspicious package. They might use a fake return address and try to make it look legitimate. Even though you have a strong security system at home, the package might still get delivered. This is similar to how this email was able to bypass your company's security.
Important Note: This explanation is for informational purposes only. Always exercise caution when dealing with any suspicious emails. Never click on links or open attachments from unknown senders. If you suspect a phishing email, report it to your IT department immediately.
X-BESS-REASON: bbl X-BESS-REASON-EXTRA: 175.117.27.170 Received: from [175.117.27.170] (unknown [175.117.27.170]) by mx4.eu-west-2a.ess.aws.cudaops.com; Wed, 09 Jan 2019 18:31:24 +0000 Message-ID: <003e> From: <cust> To: <cust> Subject: Your account has been hacked! You need to unlock. Date: 10 Jan 2019 11:03:17 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="ibm852" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-BESS-ID: 1547058684-889006-11704-54424-1 X-BESS-VER: 2018.16_20190108.1920 X-BESS-Apparent-Source-IP: 175.117.27.170 Hi, stranger! I hacked your device, because I sent you this message from your account. If you have already changed your password, my malware will be intercepts it every time. You may not know me, and you are most likely wondering why you are receiving this email, right? In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy (you know what I mean). While you were watching video clips, my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam. Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail. What I've done? I made a double screen video. The first part shows the video you watched (you have good taste, yes ... but strange for me and other normal people), and the second part shows the recording of your webcam. What should you do? Well, I think $645 (USD dollars) is a fair price for our little secret. You will make a bitcoin payment (if you don't know, look for "how to buy bitcoins" on Google). BTC Address: 1GjZSJnpU4AfTS8vmre6rx7eQgeMUq8VYr (This is CASE sensitive, please copy and paste it) Remarks: You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email). If I don't get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc. However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself. If you want to get proof, answer "Yes!" and resend this letter to youself. And I will definitely send your video to your any 17 contacts. This is a non-negotiable offer, so please do not waste my personal and other people's time by replying to this email. Bye!
