On 3/22/2019 7:55 PM, Viktor Dukhovni wrote: > No. The scareware alerts are generally completely fake. They > are spammed indiscriminately to users the scammer knows nothing > about.
Viktor, that does not agree with my significant experience studying this particular spam threat. Yes, they are "fake" alerts in that they haven't hacked your PC but they do in fact have some information that they are extrapolating to scare people. What I see with many of the samples is that they are using passwords gained from massive attacks where passwords were leaked. These hacks have lead to user/email/password data easily available for gazillions of people on the darkweb. Haveibeenpwned.com can give you insight into this. I recommend you take a look. This is step #1, obtaining some real passwords and email addresses. Step #2 is they take this data and use the real passwords to email people. It's gives the scam a high psychological impact to trick targets into paying. People read and go "OMG, that is my password, I have been hacked" because they don't have unique passwords. Using this technique, they separate logic from emotion and get people to pay the ransom. That's an important thing in the execution of many cons. I'm giving a presentation for HIMSS on Mar 28 that we'll cover some of these bad actor techniques and how to combat them. It's free and I'd welcome your feedback and anyone else who would like to join. HIMSS is a great organization and I think even experts like you and those on this list will learn some things. Here's the information to register and attend: Topic: Bad Actors and the Security Risks of Social Media Date and Time: Thursday, March 28, 2019 2:00 pm, Eastern Daylight Time (New York, GMT-04:00) Event number: 927 552 095 Event password: DG#$&uJET1743 Event address for attendees: https://himss.webex.com/himss/onstage/g.php?MTID=e4a485adfd01c461169172190512e0fe9 <https://www.google.com/url?q=https%3A%2F%2Fhimss.webex.com%2Fhimss%2Fonstage%2Fg.php%3FMTID%3De4a485adfd01c461169172190512e0fe9&sa=D&ust=1553730640914000&usg=AFQjCNFd0Jzu7EB54S577WcKLM341au0nw>Program: HIMSS: Healthcare Cybersecurity Community Program address: https://himss.webex.com/himss/onstage/g.php?PRID=dbe3a254261c448fe25995d7d9d2e2bf <https://www.google.com/url?q=https%3A%2F%2Fhimss.webex.com%2Fhimss%2Fonstage%2Fg.php%3FPRID%3Ddbe3a254261c448fe25995d7d9d2e2bf&sa=D&ust=1553730640914000&usg=AFQjCNE5Cagh3_SMDcxS1rOrqLPca-Gg6g>Program registration password: The program has no registration password ------------------------------------------------------- Audio conference information ------------------------------------------------------- To receive a call back, provide your phone number when you join the event, or call the number below and enter the access code. Call-in toll-free number (US/Canada): 1-866-469-3239 Call-in toll number (US/Canada): 1-650-429-3300 Global call-in numbers: https://himss.webex.com/himss/globalcallin.php?serviceType=EC&ED=743596137&tollFree=1 <https://www.google.com/url?q=https%3A%2F%2Fhimss.webex.com%2Fhimss%2Fglobalcallin.php%3FserviceType%3DEC%26ED%3D743596137%26tollFree%3D1&sa=D&ust=1553730640914000&usg=AFQjCNHxuDYDF6P8xxy_CyDyxJ_EV-QWGA>Toll-free dialing restrictions: https://www.webex.com/pdf/tollfree_restrictions.pdf <https://www.google.com/url?q=https%3A%2F%2Fwww.webex.com%2Fpdf%2Ftollfree_restrictions.pdf&sa=D&ust=1553730640914000&usg=AFQjCNFEa-zxAltZcMVMj9XNBRIxOQqE2A>Access code: 927 552 095 Regards, KAM -- *Kevin A. McGrail* CEO Emeritus Peregrine Computer Consultants Corporation 10311 Cascade Lane Fairfax, VA 22032 http://www.pccc.com/ 703-359-9700 / 800-823-8402 (Toll-Free) 703-798-0171 (wireless) kmcgr...@pccc.com <mailto:kmcgr...@pccc.com> https://www.linkedin.com/in/kmcgrail
