This week I received an interesting e-mail from myself while I was sleeping. I informed myself that an international hacking group had full control of my account, along with my messaging and social media accounts. This group claimed it had sifted through my messages and determined I had “little and big secrets” along with recordings from my web camera of me viewing porn sites. But rest assured, all I needed to do was to transfer $800 worth of bitcoin to a certain bitcoin wallet and the group would delete all the data without publishing it to all my contacts.
What a relief!
I immediately made the payment and lived happily ever after.
Just kidding.
But 24 hours later, that is exactly what 13 poor souls have done, netting this scammer $6,500 in a day. You can get an updated count on how many have fallen for this by checking their wallet here: https://bitref.com/14bXUoPwruptLamUfKTuMW39Qy1q4ohX9w
I am blessed to receive scam e-mails regularly, as do most other people. Unfortunately, scammers are getting better at what they do. For example, e-mails from my CEO asking to make payments are now written in good English and grammar. But I still know it is a scam (they still haven’t picked up on that he would write Norwegian to another Norwegian).
This scam, however, was the most advanced I have received so far.
Normally scam e-mails are easily identified as coming from bogus senders simply by clicking on the sender e-mail address. But in this case, both Apple Mail and Microsoft Outlook displayed it as if it actually was sent from my own account. Both e-mail programs were helpful enough to display my picture to confirm that this was in fact coming from myself.
Curious to how this could happen, I geeked out and reviewed the raw message header of the e-mail. It revealed that the message sender’s IP address was located in Saudi Arabia, and that it was not a permitted sender on our server.
It is easy for people who are not so tech savvy to actually believe the scammer’s statement “Now I have access to your accounts” when it is actually displayed as if they did send something from your account.
Software companies must do more to stop these scams. Both Apple’s and Microsoft’s e-mail programs could easily have done this check as well, and flagged it accordingly – instead of showing the message as if it was legitimately coming from my own account.
Software companies must take another look at their responsibilities in preventing scammers spreading their fraud to unsuspecting consumers.
We should also look into options for establishing efficient mechanisms for reporting fraudulent activity and blocking cryptocurrency wallets involved in such activities.
Avoiding harm is a key tenet in ACM’s Code of Ethics and Professional Conduct. https://www.acm.org/code-of-ethics – let’s do that.
Vik Bulletin 