Scammer email fun
#1
Scammer email fun
I sent a really rude reply to this scammer last night after a drink....
Today I get this reply to "Mr. Suq Madiq"
"Date: Tue, 4 Feb 2014 07:18:51 -0800
From: mackenzie01@rogers.com
Subject: Contact Cater Allen Private Bank
To: rocketscience442@hotmail.com
Goodday to you Sug Madiq
On behalf of my entire family i have now issued a letter of authority to my finance firm appointing you as our beneficiary and you are now the sole beneficiary to this fund totaling $2,000,000.00 USD for you and your family. also write to me as soon as the funds get to you please let me know."
etc. etc. etc.
Today I get this reply to "Mr. Suq Madiq"
"Date: Tue, 4 Feb 2014 07:18:51 -0800
From: mackenzie01@rogers.com
Subject: Contact Cater Allen Private Bank
To: rocketscience442@hotmail.com
Goodday to you Sug Madiq
On behalf of my entire family i have now issued a letter of authority to my finance firm appointing you as our beneficiary and you are now the sole beneficiary to this fund totaling $2,000,000.00 USD for you and your family. also write to me as soon as the funds get to you please let me know."
etc. etc. etc.
#2
Occasionally when I'm feeling like playing with these fools I will respond back to these scam emails using my Call of Duty screen name, Major Awhole. It always gives me a good laugh seeing their reply email addressed to the Major.
Chris
Chris
Last edited by hullinger; February 4th, 2014 at 10:08 AM.
#4
Let me start by saying keep really good File Backups!!!!
And your Backup system needs to be OFF during normal PC use.
Hit the Delete and don't anything a chance to cause great harm.
Last week my Company got hit with the CryptoLocker Ransomware virus. Our infection came in via a picture with the virus embedded.
It was first noted on ACCESS Database files.
However, it will KILL most files that you really care about.
Our Recovery was to roll the Corporate network back.
Most companies will not have the capability that we had.
Bill
https://www.us-cert.gov/ncas/alerts/TA13-309A
http://www.bleepingcomputer.com/viru...re-information
CryptoLocker will then begin to scan all physical or mapped network drives on your computer for files with the following extensions: *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, *.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c. When it finds files that match one of these types, it will encrypt the file using the public encryption key and add the full path to the file and the filename as a value under the HKEY_CURRENT_USER\Software\CryptoLocker_0388\Files Registry key.
When it has finished encrypting your data files it will then show the CryptoLocker screen as shown above and demand a ransom of either $100 or $300 dollars in order to decrypt your files. This ransom must be paid using Bitcoin or MoneyPak vouchers. It also states that you must pay this ransom within 96 hours or the private encryption key will be destroyed on the developer's servers.
How do you become infected with CryptoLocker This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.
And your Backup system needs to be OFF during normal PC use.
Hit the Delete and don't anything a chance to cause great harm.
Last week my Company got hit with the CryptoLocker Ransomware virus. Our infection came in via a picture with the virus embedded.
It was first noted on ACCESS Database files.
However, it will KILL most files that you really care about.
Our Recovery was to roll the Corporate network back.
Most companies will not have the capability that we had.
Bill
https://www.us-cert.gov/ncas/alerts/TA13-309A
http://www.bleepingcomputer.com/viru...re-information
CryptoLocker will then begin to scan all physical or mapped network drives on your computer for files with the following extensions: *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, *.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c. When it finds files that match one of these types, it will encrypt the file using the public encryption key and add the full path to the file and the filename as a value under the HKEY_CURRENT_USER\Software\CryptoLocker_0388\Files Registry key.
When it has finished encrypting your data files it will then show the CryptoLocker screen as shown above and demand a ransom of either $100 or $300 dollars in order to decrypt your files. This ransom must be paid using Bitcoin or MoneyPak vouchers. It also states that you must pay this ransom within 96 hours or the private encryption key will be destroyed on the developer's servers.
How do you become infected with CryptoLocker This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.
#8
Yea, these guys are like catnip to me.
First I get their name - not that I care.
Then I need to know their employer.
This is a merry-go-round.
Back to their Company.
Now I pull in the Kansas Attorney General statements.
ALWAYS useful to have their Complaint Form also.
Now you know they are violating the law by cold calling to 'Do Not Call' lists.
So stupid.
They keep trying to stay on their script.
But PC stuff has just gotten really bad.
My main preventools tools are:
Opera Web Browser
Firefox Web Browser
Free AVG Antivirus
Free Zone Alarm
Also, https://www.grc.com/freepopular.htm has really useful tools to check how open your PC might be.
First I get their name - not that I care.
Then I need to know their employer.
This is a merry-go-round.
Back to their Company.
Now I pull in the Kansas Attorney General statements.
ALWAYS useful to have their Complaint Form also.
Now you know they are violating the law by cold calling to 'Do Not Call' lists.
So stupid.
They keep trying to stay on their script.
But PC stuff has just gotten really bad.
My main preventools tools are:
Opera Web Browser
Firefox Web Browser
Free AVG Antivirus
Free Zone Alarm
Also, https://www.grc.com/freepopular.htm has really useful tools to check how open your PC might be.
Thread
Thread Starter
Forum
Replies
Last Post