ESET, a leading proactive threat detection company, identified an extortion campaign via email with a message that has as its subject” Your account has been pirated “and that makes the victim believe that the mail was sent from his own account.
From the ESET Research laboratory The campaign was detected through the mail and it has the peculiarity that the message that arrives to the user was sent from his own account, which leads the victim to assume that the attacker has access to his account. This campaign is still active.
Through an intimidating message, the user is made to believe that his computer has been infected with a Trojan (malicious program that simulates being a defenseless application) and that the attacker possesses his confidential information. The final goal of the mail is a scam, where a payment is requested to the potential victim.
The key to the campaign is in the direction from which the mail is sent. By means of a technique known as spoofing (it allows the falsification of some feature of a computer communication), the attacker makes believe to the victim that the Mail has been sent from his own mail account.
The impersonation technique is used when an authentication mechanism is not included. “If the appropriate precautionary measures are not taken when configuring email services, anyone can send counterfeit emails, which at first glance seem to come from a legitimate address or domain, but not really correspond to the issuer.”said Cecilia Pastorino, specialist in computer security at ESET Latin America.
The aim of this type of campaign is to have an economic purpose. In exchange for deleting the confidential information allegedly obtained by the attacker, a payment is requested by sending Bitcoins. At the time of the investigation, the wallet counted on 0.35644122 Bitcoins, equivalent to little more than 2,400 dollars.
“This extortion is a Social engineering campaign that seeks to deceive users to make a payment. From ESET’s research lab, we recommend not answering emails of this style and understanding that this is a hoax; Of course, the attackers must not be paid either. “”said Cecilia Pastorino. “It is also a good idea to ignore these kinds of messages and apply best practices in the use of e-mail with other recommendations, such as changing passwords on a regular basis, using security solutions on computers, as well as Enable dual-authentication options available on different Internet services. “