Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New Extortion Tricks: Now Including Your (Partial) Phone Number! - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Extortion Tricks: Now Including Your (Partial) Phone Number!

Barely a month after we saw extertion emails appearing with leaked passwords (New Extortion Tricks: Now Including Your Password!), we are now seeing extortion emails with partial phone numbers.

Like this example submitted by a reader:

For a couple of emails, we were able to verify that the digits of the partial phone number match the actual phone number of the owner of the destination email address.

We don't know yet what source is used by the extortionists that provides email addresses with partial phone numbers, but I think it is unlikely to be a data breach (like with the password extortion emails).

A classic data breach with phone numbers would contain full phone numbers, and I don't see why the extortionists would mask most of the digits.

They must have another source, and that's where we ask for your help: what ideas or remarks do you have?

We came up with possible sources like whois data or password reset mechanisms, like Gmail:

Please post a comment with your idea, and if you received a similar email, please consider submitting it.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

269 Posts
ISC Handler
What about people finder/reverse email lookup type websites? One of those sites one time showed me the first seven digits of my phone number.
Anonymous
From Alert Service <q3950173@126.com>
BTC Address:
1NQrcoefW8Ky33oEMC57vqD6KuFY4h7crS
Anonymous
I received a similar email with 4 matching digits at the end.

To the best of my knowledge, the only SMS password reset process that I use that displays 4 unmasked digits at the end is the Windows 10 store. The others use 2 digits.
Anonymous
Pretty sure it's google also. Every thirty days we have to re-register the device we are using to access our corporate email acct. Google uses our cell phone number to verify who we are. My company uses google for everything now. Since we switched to google there's been so many phishing attacks!
Anonymous

Sign Up for Free or Log In to start participating in the conversation!