PC-Forums


Ransomware Spam

Wooster

  • Administrator
  • Sr. Member
  • *****
    • Posts: 414
on: December 28, 2018, 08:17:43 PM
I hadn't seen this one before last week, when I was going through my occasional spam folder check to see if anything legit was in there.

It's a ransomware job that cites the last 4 digits of your mobile phone number in the title and goes on to say that they've hacked your phone and recorded you watching porn...so send bitcoin or else.

It's instantly recognisable as shite for most of us, but it's an interesting tactic.  :smiley:
They're using Two-Factor Authentication as a way of leveraging money.

They don't have access to anything, but if they can hit on an email address using 2FA, try to sign in and say they forgot the password, then part of 2FA on some systems will ask you to fill out your phone number, the last 4 digits of which they'll show as a reminder.

That in hand they'll then send an email claiming they've hacked your phone, passing the last 4 digits from 2FA as 'proof'.


Crafty Arseholes.


Fambly Guy

  • Guest
Reply #1 on: December 28, 2018, 09:54:53 PM
part of 2FA on some systems will ask you to fill out your phone number, the last 4 digits of which they'll show as a reminder.

They just fooled you Woosty old boy. That's not really 2 point auth.
A two point auth will send you a text to your preregistered  number, not ask for it, despite having the same last four digits (fly agreed).

Luckily it was in your spam and you were expecting it. Else you might have been hacked  :cheesy:




Glamdring

  • Administrator
  • Sr. Member
  • *****
    • Posts: 251
Reply #2 on: December 28, 2018, 11:22:24 PM
There's always someone who falls for it.

I've only ever had one ransomware thingie. A fake one thankfully, sorted with a System Restore. No idea how I got it. No, not porn.


Fambly Guy

  • Guest
Reply #3 on: December 28, 2018, 11:59:06 PM
There was a ransomeware plate on Dickson's Real Deal last night. I was hoarse shouting at the TV  "take the deal, take the deal!"  :grin:


Wooster

  • Administrator
  • Sr. Member
  • *****
    • Posts: 414
Reply #4 on: December 29, 2018, 01:23:21 AM
part of 2FA on some systems will ask you to fill out your phone number, the last 4 digits of which they'll show as a reminder.

They just fooled you Woosty old boy. That's not really 2 point auth.
A two point auth will send you a text to your preregistered  number, not ask for it, despite having the same last four digits (fly agreed).

Luckily it was in your spam and you were expecting it. Else you might have been hacked  :cheesy:

I did say it's part of the password recovery procedure on some systems using 2FA.
(Not the standard login procedure for a new or unknown device when you know the password and it sends a text confirmation code that needs to be entered.)

eBay is a likely candidate.
On the login page you can click on 'Text a Temporary Password' (you don't need to do anything else)
The next screen asks you to enter an email address so that they can text a password to the associated mobile number
..and the screen after that shows (for example):
Quote
Text a single-use code
The number we have for ??????.????@????????.com is +XX XXXXXX1234.
Let us text you a code so you can sign in without your password.
Mobile charges may apply.

MS and Google only reveal the last 2 digits.  :wink:


« Last Edit: December 29, 2018, 01:41:57 AM by Wooster »


Fambly Guy

  • Guest
Reply #5 on: December 29, 2018, 01:57:20 AM
But you said they will ask you to fill out your phone number.  I don't get it.
That should have been done prior.


Fambly Guy

  • Guest
Reply #6 on: December 29, 2018, 02:01:51 AM
Just seen the enter your phone number for a temp password... feck.

Wid a fuck!


Wooster

  • Administrator
  • Sr. Member
  • *****
    • Posts: 414
Reply #7 on: December 29, 2018, 02:05:33 AM
eBay aren't doing anything wrong here and it's not a vulnerability.
(MS, Google and loads if others use the same partial reveal for recovery)
The spammers are just exploiting the system to make it look like they have more information than they actually do.

What they have is your address and the last four digits of an 11(?) digit phone number.
It looks like a lot of detail though, which will probably be enough to scare quite a few people into paying up.  :shocked:

I knew it was a scam because I don't watch porn on my phone..... The screen is too wee for me to make out any details.  :laugh:
« Last Edit: December 29, 2018, 02:08:33 AM by Wooster »


richietog

  • Full Member
  • ***
    • Posts: 206
Reply #8 on: December 29, 2018, 02:52:16 PM
That's an interesting ransomware

I doubt if they can ever fool me into believing any of the stuff they put on those ransomware.