New Hacking Scam

[gazumped 10,344]

There seems to be a new variation on the "You've been hacked" scam going around - one user DM'd me today in a bit of a panic,  so I thought I'd share just in case...

I've been getting emails for some time now from a variety of 'expert hackers' who have apparently been able to access my webcam and record me doing unspeakable things - the evidence for which will be sent to my contacts unless I send bitcoin to an anonymous web address.

- My web cam has been taped over for years,  and my time for unspeakable habits of any sort is usually reserved for sleeping and eating,  so it's an empty threat;  but if you have a bad conscience...  it's a nice bit of social engineering.

My recent contact had found a new note titled "Pay Attention - you've been hacked" - which included the same sort of explanation;  'we viewed all your notes, will post them online unless you pay bitcoin' yada yada...

The account Access Logs included lots of Russian-based access to the account,  so it appears that the password had been leaked* from somewhere and someone did have access to the account.

This user had already changed the account password,  so my advice was: go to the (internet fraud) cops / tell Evernote.

My advice to you,  dear reader,  would be:

1. If you haven't changed your Evernote password for a while,  do it now.  I did.  (I know that's a pain - your choice if you want to take the risk)
2. Use a different password for Evernote to anything else you might use elsewhere.  Have a look at password managers like Lastpass / Bitwarden if that's  a problem for you. (They remember passwords and generate secure strings like @tJsVmmQ8d)
3. Use 2FA - two factor authentication - to limit access to the account to you.
4. Sign up to https://haveibeenpwned.com/ with all your email addresses - I do not think that Evernote has any leaks,  but lots of other very large organisations do. If your password data leaks, bad actors will try that information on other sites to see what falls out...
5. Check the Access logs for any unusual activity and block any access you don't recognize.
6. Use Evernote's help pages on security

I'm sure I missed out some useful tips and tricks - please add -em below in the comments.

And the advice I gave above is still good:  you get one of these emails or find a note -

1. Go to the cops
2. Tell Evernote

... and tell us here,  obviously!! 🙂

EDIT:  My Webcam -

[Katarman 0]

Very useful info

Thank you

[Dave-in-Decatur 2,658]

Thanks, @gazumped. I just got one of those today, with the special feature of having all the text run together with meaningless letters between words, apparently trying to defeat a junk filter, which it did not. But my wife saw it and alerted me. It asked for a type of cash card rather than bitcoin. No Webcam on my old monitor, so no threat. But your warning did let me get oriented to what was going on very quickly.

However, it used my last name, which is part of the email address, and another very specific word that is part of the email password. That was alarming, and I changed the password right away.

Ecch. My prayer for these folks is always that they will be so stunningly unsuccessful at crime that they will have to turn to honest work to support themselves.

[PinkElephant 6,244]

This sort of scam is going on for quite a while now.

One way they seem to collect information is by websites they establish or capture. Then they use the „autofill“ function offered by many browsers to capture e-mail-address and other information like name and postal data. This is the stuff you Store in the browser because it is offered to you on perfectly legitimate websites, to avoid the hassle of typing it in time and again.

Better switch off the autofill function of your browser ! You can fill in the data easily by trusting them to your password manager, and then using the autofill function of the PW-manager instead the one of the browser. The PW-Manager will not release it before being authorized to do so.

[PinkElephant 6,244]

There are several potential culprits around the globe:

One is the lousy regime in North Korea. They do not give their own people any access to information, but seem to employ an army of up to 3.000 hackers. These guys work to fill the accounts of Mr.Mighty-Kim by Internet fraud. It is believed they are behind some of the newer threats in the field, like cryptominig Trojans and maybe even some ransomware.

The other empire of evil is Russia. Russian hackers will not be prosecuted as long as they „work“ outside of Russia. It is known from some Trojan software that it searches the IP of the computer where it „works“. If the IP is Russian, it deactivates himself. If not, it may roam freely, because the hackers are protected by authorities then. Probably they share a part of their „income“ like other law-biding citizens do.

Just two examples for what is happening in this shadowy world. Sorry Dave, these Cyber-Orks will not go out of business any time soon.

[Dave-in-Decatur 2,658]

Ecch again. Thanks for the information. No surprise about those two tyrannies. I saw a report recently about Russian disinformation farms setting up operations in one or two African countries, where people need the work and have no idea that the propaganda they are inserting into Facebook, Twitter, etc., to meddle with U.S. elections is not legitimate political expression.