A strange spam
So, the other day, I got one of the strangest e-mails I think I've ever received. We've talked about the spams where the attacker uses a password found from a previous password breach, but this one was even stranger. In this case, the author promised to stop spamming me if I would send a payment to a specific cryptocurrency wallet. I'm not sure about the business model behind this. Needless to say, I didn't pay and I haven't yet looked to see if anyone has sent money to that wallet. What I did was add a new spamassassin rule to send e-mails like these straight to the bit bucket. Can any of of readers explain this one to me? I know that we as security professionals often (unfairly and inappropriately) joke about users being the weakest link in our security programs (probably worth a diary of its own at some point), but even my parents wouldn't fall for this one (or worst case, calling and asking me about it before they clicked). Have any of the rest of you seen this or any other really odd spam or extortion attempts? If you have specific e-mails you want to share with us use our contact form.
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
Reverse-Engineering Malware: Malware Analysis Tools and Techniques | Coral Gables | Nov 18th - Nov 23rd 2024 |
Comments
"I can pay you to stop the spam? sure how do I sigh up?"
There are some who just haven't been stung hard enough yet to learn, usually PHB types who manage to get someone else to deal with it after the fact if they are even aware there were consequences.
The effort to send those emails and setup the wallet to pay into it are trivial enough to be worth that small possibly getting a few payments from those few fools who still have more money than sense.
I have to deal with one person whom I could so see falling for that scam except that the cryptowallet would be their stumbling block. Now if only you were from the Ontario Pickering (or otherwise up in/near Toronto Oct 31st) we could chat further about this over drinks after the next TASK.to session.
Anonymous
Oct 6th 2018
6 years ago