Attack Techniques: “I Already Hacked You” Scams
网络骗子常通过伪造技术问题或隐私威胁来诈骗钱财。例如,他们会伪装成技术支持人员或声称获取了受害者的隐私视频,并要求支付赎金以删除证据。这些骗子通常会利用之前的数据泄露信息来增加可信度,并通过伪造发件人地址等手段进一步迷惑受害者。提醒大家提高警惕,避免上当受骗。 2025-2-20 16:5:14 Author: textslashplain.com(查看原文) 阅读量:23 收藏

Scammers often try to convince you that you’ve already been hacked and you must contact them or send them money to prevent something worse from happening. For example, a tech scammer might show a web page that says your PC has a virus and you need to call them or download their program to “fix” it.

Another common scam is to send the user an email telling them that their devices were hacked some time ago and the attacker has recorded videos of the victim engaged in embarrassing activities.

The attacker usually includes some “hook” to try to make their claims seem more credible. In some such scam emails, they’ll include a password previously associated with the email address, gleaned from a dump from an earlier data breach. For example, I got multiple scam emails citing my account’s password from the 2012 breach of LinkedIn:

In today’s attack, the bad guy simply forges the return address to my own email address, hoping I’ll believe this means that they already have access to my account:

Under the hood, Hotmail knows that this return address was forged:

Authentication-Results: spf=fail (sender IP is 195.225.99.200) smtp.mailfrom=hotmail.com; dkim=none (message not signed) header.d=none;dmarc=fail action=none header.from=hotmail.com; Received-SPF: Fail (protection.outlook.com: domain of hotmail.com does not designate 195.225.99.200 as permitted sender) receiver=protection.outlook.com; client-ip=195.225.99.200; helo=willishenryx.com; Received: from willishenryx.com (195.225.99.200) by BL6PEPF00022575.mail.protection.outlook.com (10.167.249.43)

The attacker typically promises the victim that they’ll delete the incriminating videos if the victim pays a ransom in cryptocurrency:

There are various tools that can be used to look up traffic to crypto-currency addresses, and while the address in today’s scam is idle, I’ve previously encountered scams where the attackers had been sent thousands of dollars by several victims. :(

Stay safe out there…

-Eric

Impatient optimist. Dad. Author/speaker. Created Fiddler & SlickRun. PM @ Microsoft 2001-2012, and 2018-, working on Office, IE, and Edge. Now working on Microsoft Defender. My words are my own, I do not speak for any other entity.


文章来源: https://textslashplain.com/2025/02/20/attack-techniques-i-already-hacked-you-scams/
如有侵权请联系:admin#unsafe.sh