On 3/22/2019 7:54 PM, Kevin A. McGrail wrote:
On 3/22/2019 7:55 PM, Viktor Dukhovni wrote:
No. The scareware alerts are generally completely fake. They
are spammed indiscriminately to users the scammer knows nothing
about.
Viktor, that does not agree with my significant experience studying
this particular spam threat. Yes, they are "fake" alerts in that they
haven't hacked your PC but they do in fact have some information that
they are extrapolating to scare people.
What I see with many of the samples is that they are using passwords
gained from massive attacks where passwords were leaked. These hacks
have lead to user/email/password data easily available for gazillions
of people on the darkweb. Haveibeenpwned.com can give you insight into
this. I recommend you take a look.
<clipped>
I can confirm that password information in such emails can be correct,
implying a successful fishing attack somewhere. I have received many of
these messages with what was a correct password for an old account that
fortunately is no longer valid.
