Observations on a recently experienced ransomware scam
They are craftily worded, yet obviously English is not their first language. The first one came in with a subject line of a Password that I used on a different forum with a similar yet distinctly different username. Yep, I remember the password, it was unique to that site. I also remember the site came up as a site that was affected by Cloudbleed and the data leak was verified by https://cloudbleedcheck.com Although initially unnerving, it didn't take long to realize the threat was based on an abandoned password and an email address known to be in the wild.
The last email came in with my computer model as the subject. Equally unnerving. Then I realized I posted the computer model here in the forums and remembered that RFD was also subject to a data breach https://www.redflagdeals.com/latest-new ... ry-9-2017/ The commonality of data between the 2 breaches is simply my email address and two close but not identical user names. Everything the email author has used has come from linking the data contained in 2 known data breaches posted in the wild. Then doing a search of RFD.
Citing the computer model to expose my claimed suspicious internet activity is where they blew it. The computer in question is only used for one piece of business software that contains client data. That's it - security and privacy by design. Which tells me all the claimed activities on that computer are pure BS.
I'm hoping that by posting my observations this post might serve as a PSA to someone else that might be getting similar threats. My suggestion is to stop and think the emails out before you freak out or pay. My bet goes to the emails being a scam.