New Round of Extortion emails
I've just received one of the new types of extortion emails doing the rounds. Similar to the sextortion campaigns you are familiar with like "you've been recorded visiting porn sites etc etc etc pay in bitcoin..." this one advises that it has come from a hacker and that I was compromised by a drive-by-download and he has been watching me and creating a profile. It looks like this:
Hovering over this email it takes you to a non SSL based website called preplanjourney.site.
The site root is just a default CentOS page
and we can see by visiting the admin page for the site, the attacker(s) are using an interspire email marketing platform to send out the Phishes.
I modified the unique identifier, detonated the link and all I received was a message stating that I wasn't referenced in the database, meaning its not a generic phishing page for each person but assigning each unique URL to each person.
By now you should be familiar with what to look out for to identify a phish (especially if you have purchased my book) but if you are not sure...
So if you have received one of these emails, its fake and can be disregarded but nonetheless never click on any links described unless you know what you are doing.
Until next time, stay #hackproof!