Получил смешное письмо, первая часть:
Subject: Important information about your account: мой_аккаунт@gmail.com
Hello! This is important information for you! Some months ago I hacked your OS and got full access to your account мой_аккаунт@gmail.com On day of hack your account мой_аккаунт@gmail.com has password:
В данном случае свидетельств компрометации нет — пароль пустой.
Вторая часть — социальный инжиниринг, наслаждайтесь:
So, you can change the password, yes.. Or already changed... But my malware intercepts it every time. How I made it: In the software of the router, through which you went online, was a vulnerability. I used it... If you interested you can read about it: CVE-2019-1663 - a vulnerability in the web-based management interface of the Cisco routers. I just hacked this router and placed my malicious code on it. When you went online, my trojan was installed on the OS of your device. After that, I made a full backup of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts). A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock. But I looked at the sites that you regularly visit, and I was shocked by what I saw!!! I'm talk you about sites for adults. I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course! And I got an idea.... I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?). After that, I made a screenshot of your joys (using the camera of your device) and glued them together. Turned out amazing! You are so spectacular! I'm know that you would not like to show these screenshots to your friends, relatives or colleagues. I think $743 is a very, very small amount for my silence. Besides, I have been spying on you for so long, having spent a lot of time! Pay ONLY in Bitcoins! My BTC wallet: 1GLvEgpHZxBMhkcoUXP69owPTbHs51mHGe You do not know how to use bitcoins? Enter a query in any search engine: "how to replenish btc wallet". It's extremely easy For this payment I give you two days (48 hours). As soon as this letter is opened, the timer will work. After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically. If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys". I hope you understand your situation. - Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server) - Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated) - Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server. P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment! This is the word of honor hacker I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation. Do not hold evil! I just good do my job. Good luck.
Вопрос: как это работает? Как они узнают пароль, если вообще? Почему при рассылке пароль не проверяется?
P.S.: Никогда не менял пароль (даже после Heartbleed) — видимо и не нужно ;-)