So you know how those sextortion email scams work, right? They claim they've hacked ...

Why Nostr? What is Njump? Join Nostr

npub1vc…0axsh

2024-12-09 21:34:30 UTC

So you know how those sextortion email scams work, right? They claim they've hacked your computer or account and stolen embarrassing photos or videos of you that they will release if you don't pay a crypto ransom? Well, sometimes they aren't exactly lying about breaking into your account.

Lawrence Baldwin at MyNetWatchman.com just shared this screenshot of some email headers for a message that spammers are appending to the victim's email inbox AFTER they have already hacked and downloaded all of their messages and files.

Baldwin thinks the hackers are using credential stuffing to gain access to victim inboxes, and then using the IMAP "Append" command to just stuff the phishing or ransom message/payload directly into the mailbox. Complete end around to spam/malware filtering.

Of course, we've spent the past couple of years teaching people that these sextortion scams are just empty threats. But in this case, they're really not.

Author Public Key

npub1vc39pnjdqd77zzdxff4qyv8h3x0ey2mkx33c3vl8egr0a9ysxkxsk0axsh

Seen on

wss://relay.momostr.pink

Show more details

Published at

2024-12-09 21:34:30 UTC

Kind type

1 Short Text Note

Event JSON

{ "id": "a26c66c2529783e7adae631926330ff1abcf38b45361ad5b42d5970e8057e4c7", "pubkey": "662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d", "created_at": 1733780070, "kind": 1, "tags": [ [ "proxy", "https://infosec.exchange/@briankrebs/113625010728405416", "web" ], [ "imeta", "url https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/625/003/919/933/493/original/7514b1769b36e1ce.png", "m image/png" ], [ "proxy", "https://infosec.exchange/users/briankrebs/statuses/113625010728405416", "activitypub" ], [ "L", "pink.momostr" ], [ "l", "pink.momostr.activitypub:https://infosec.exchange/users/briankrebs/statuses/113625010728405416", "pink.momostr" ], [ "-" ] ], "content": "So you know how those sextortion email scams work, right? They claim they've hacked your computer or account and stolen embarrassing photos or videos of you that they will release if you don't pay a crypto ransom? Well, sometimes they aren't exactly lying about breaking into your account.\n\nLawrence Baldwin at MyNetWatchman.com just shared this screenshot of some email headers for a message that spammers are appending to the victim's email inbox AFTER they have already hacked and downloaded all of their messages and files. \n\nBaldwin thinks the hackers are using credential stuffing to gain access to victim inboxes, and then using the IMAP \"Append\" command to just stuff the phishing or ransom message/payload directly into the mailbox. Complete end around to spam/malware filtering.\n\nOf course, we've spent the past couple of years teaching people that these sextortion scams are just empty threats. But in this case, they're really not.\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/113/625/003/919/933/493/original/7514b1769b36e1ce.png\n", "sig": "1628a61c644113e5137b5d24da54f011b87b04d8a6efe6d62e562f2f1dd856e1bdbad1896cc4be9cebffbdc6791e76ecd72f5a1b3711a8390dd47182da32bebd" }