Social Engineering Attacks (SEA)

Hi guys, recently I found an email whose mode is blackmail, as usual they use a technique called Social Engineering, which is trying to play with someone's emotions by leading their opinion into a situation that corners the victim, so that the victim is expected to panic and lose half of their common sense.. that way they can freely blackmail them, one example is like this.

From:  webmaster@pcplayground.com

Greetings!

I have to share bad news with you.
Approximately a few months ago I have gained access to your devices, which you use for internet browsing.
After that, I have started tracking your internet activities.

Here is the sequence of events:
Some time ago I had purchased access to email accounts from hackers (now, it is quite simple to purchase such thing online).
Obviously, I have easily managed to log in to your email account ( yourmail@gmail.com ).

One week later, I have already installed Trojan virus to Operating Systems of all the devices that you use to access your email.
In fact, it wasn't really hard at all (since you were following the links from your email inbox).
All genius is simple. =)

This software provides me with access to all the controllers of your devices (eg, your microphone, video camera and keyboard).
I have downloaded all your information, data, photos, web browsing history to my servers.
I have access to all your messengers, social networks, emails, chat history and contacts list.
My virus continuously refreshes the signatures (it is driver-based), and therefore remains invisible for antivirus software.

Likewise, I guess by now you understand why I have stayed undetected until this letter...

While gathering information about you, I have discovered that you are a big fan of adult websites.
You really love visiting porn websites and watching exciting videos, while enduring an enormous amount of pleasure.
Well, I have managed to record a number of your dirty scenes and montage a few videos, which show the way you masturbate and reach orgasms.

If you have doubts, I can make a few clicks of my mouse and all your videos will be shared with your friends, colleagues and relatives.
I have also no issues at all to make them available for public access.
I guess, you really don't want that to happen, considering the specificity of the videos you like to watch, (you perfectly know what I mean) it will cause a true catastrophe for you.

Let's settle it this way:
You transfer $1650 USD to me (in bitcoin equivalent according to the exchange rate at the moment of funds transfer), and once the transfer is received, I will delete all this dirty stuff right away.
After that we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me, I keep my word.

This is a fair deal and the price is quite low, considering that I have been checking out your profile and traffic for some time by now.
In case, if you don't know how to purchase and transfer the bitcoins - you can use any modern search engine.

Here is my bitcoin wallet: 14AhgtTrXKHGcUsWJRsshN3HPu64rLdx6

You have less than 48 hours from the moment you opened this email (precisely 2 days)._

Things you need to avoid doing:

• Do not reply to me (I have created this email in your inbox and generated the return address).
• Do not try to contact police and other security services. In addition, forget about telling this to your friends. If I discover that (as you can see, it is really not that hard, considering that I control all your systems) - your video will be shared to the public right away.
• Don't try to find me - it is absolutely pointless. All the cryptocurrency transactions are anonymous.
• Don't try to reinstall the OS on your devices or throw them away. It is pointless as well, since all the videos have already been saved at remote servers.

Things you don't need to worry about:

• That I won't be able to receive your funds transfer.
• Don't worry, I will see it right away, once you complete the transfer, since I continuously track all your activities (my trojan virus has got a remote-control feature, something like TeamViewer).
• That I will share your videos anyway after you complete the funds transfer.
• Trust me, I have no point to continue creating troubles in your life. If I really wanted that, I would do it a long time ago!

Everything will be done in a fair manner!

One more thing... Don't get caught in similar kind of situations anymore in the future!
My advice - keep changing all your passwords on a frequent basis

in Indonesian

Greetings!

I have to share some bad news with you.
About a few months ago I gained access to your device, which you use to surf the internet.
After that, I started tracking your internet activity.

Here is the sequence of events:
Some time ago I had bought access to an email account from a hacker (nowadays, it is quite easy to buy such things online).
Of course, I easily managed to log into your email account ( yourmail@gmail.com ).

One week later, I have installed a Trojan virus into the Operating System of all the devices you use to access your email.
In fact, it wasn't that hard at all (since you follow the link from your inbox email).
All clever things are simple. =)

This software gives me access to all your device controllers (e.g. your microphone, video camera, and keyboard).
I have downloaded all your information, data, photos, web browsing history to my server.
I have access to all your messengers, social networks, emails, chat history, and contact lists.
My virus constantly refreshes its signatures (it is driver-based), and therefore remains invisible to antivirus software.

Likewise, I guess now you understand why I remained undetected until this letter...

While gathering information about you, I found out that you are a big fan of adult websites.
You really like visiting porn websites and watching interesting videos, while having a lot of fun.
Well, I have managed to record some of your dirty scenes and montage some videos, showing how you masturbate and reach orgasm.

If you have any doubts, I can do a few clicks of my mouse and all your videos will be shared with your friends, colleagues and relatives.
I also have no problem at all in making them available for public access.
I guess, you really don't want that to happen, considering the specificity of the videos you want to watch, (you know exactly what I mean) it would cause real disaster for you.

Let's work it out like this:
You transfer $1650 USD to me (in bitcoin equivalent according to the exchange rate at the time of the funds transfer), and after the transfer is received, I will immediately delete all this shit.
After that we will forget about each other. I also promise to disable and remove all malicious software from your device. Trust me, I keep my promises.

This is a fair deal and the price is quite low, considering that I have been checking your profile and traffic for some time now.
If you do not know how to buy and transfer bitcoins - you can use any modern search engine.

This is my bitcoin wallet: 14AhgtTrXKHGcUsWJRsshN3HPu64rLdxB6

You have less than 48 hours from the time you open this email (exactly 2 days).

Things you need to avoid:

• Don't reply to me (I have created this email in your inbox and created the return address).
• Don't try to contact the police and other security services. Also, forget about telling this to your friends. If I find out that (as you can see, it's actually not that hard, considering I control all your systems) - your video will be shared publicly immediately.
• Don't try to find me - it's completely pointless. All cryptocurrency transactions are anonymous.
• Don't try to reinstall the OS on your device or throw it away. It won't do any good either, since all the videos are stored on a remote server.

Things you don't need to worry about:

• That I cannot accept your fund transfer.
• Don't worry, I will see it right away, once you complete the transfer, because I keep track of all your activities (my trojan virus has a remote control feature, like TeamViewer).
• That I will still share your video after you complete the fund transfer.
• Trust me, there's no point in me continuing to cause trouble in your life. If I really wanted to, I would have done it a long time ago!

Everything will be done in a fair manner!

One more thing... Don't get caught in a similar situation again in the future!
My advice - keep changing all your passwords regularly.

Lesson

Because basically I am an IT person and of course I learned this kind of underhanded tactic in college so it doesn't have any effect at all, the only thing I'm worried about is if this kind of attack is launched against ordinary people or maybe against your family or close relatives who are not IT people, so I hope this can be a reference so that friends can continue to increase their vigilance, share it with your close relatives so that those you care about don't become victims of these kinds of naughty people.

Attack Process Using Social Engineering

Out of 30 points, I only got 20 points. Here is my answer:

A hacker digs up as much information as possible about the target victim, including their relationships such as family, close relatives, etc. Then, let's say the hacker gets sensitive information such as their child's medical history, namely suffering from severe cancer, then the hacker takes advantage of this situation to trick the victim, or it can also be used to intimidate the victim so that they are forced to give up access information to important accounts / privileges to the hacker.

The answer above only got a score of 80% so it can be said to be less accurate, therefore, I suggest using the following answer, I quote from [1]: binus.

We can learn and know some types of attacks that use technical expertise to infiltrate computer systems that have been protected by sophisticated equipment. To maintain the network system in our company with sophisticated equipment, it requires a lot of money. But still, by implementing the latest and most sophisticated technology does not guarantee that our network is free from attacks or infiltration.

There is another type of attacker who can use tactics to exploit human weaknesses. They are social experts who exploit human psychological weaknesses. They use various media, including phone calls and social media. The attacker directly asks for the user name and password. There are several types of attacks using this social engineering, the most are phishing, pretext, bait, quid pro quo and Tailgating.

Phishing scams are probably the most common type of social engineering attack used today. Most phishing scams exhibit the following characteristics: They attempt to obtain personal information, such as names, addresses, and credit card numbers or other sensitive information. They typically use links or embedded links that take users to websites that appear legitimate, but are actually created by the attacker.

Additional - As I have experienced the following:

Pretexting is another form of social engineering where the attacker creates a scenario that looks good to the target, in this way they try to get personal information from the victim or target. This can happen over the phone or via email. Common types of attacks take the form of the scammer pretending that they need additional information from the target to confirm their identity.

Baiting is similar to a phishing attack. However, what distinguishes it from other social engineering is the promise of a reward in the form of goods or money to lure victims. Baiters may offer users or targets free music or movies that can be downloaded, if the victim is willing to provide confidential information to a particular site. Confidential information can be a username, password or credit card number. This type of attack is not limited to online schemes, attackers can also take advantage of human curiosity through the use of physical media. One form of this attack can be in the form of distributing free flash disks, once this flash disk is plugged into the USB on the computer it will install a keylogger.

How to Counter Social Engineering Attacks?

From 20 points, getting 20 points can be said to be accurate, here is my answer:

1. Never upload important data, daily activities, family photos on social media / on the internet.
2. Never give out personal information to someone you don't know.
3. Don't panic when you get a call from a new/unknown number.
4. Always cross check the truth of information.
5. Increase vigilance towards new people/new contacts and always verify information that can trigger panic.
6. Always pray to Allah SWT.

Reference:

[1]  https://mti.binus.ac.id/2017/06/08/social-engineering-attack/