A few days ago I found in the Google results with the following ad:
Before entering I already knew where the hand came from but I went in to see what it was about and what I found was the following:
They also promoted the following page through advertisements:
It was clear that they were scammers looking for seized victims, but I contacted them through a form to see how they operated and in a few hours I received an answer:
They asked me what kind of research I needed to send me a quote and I invented a story for them to try to hack an email that I had created minutes before. His response was the following e-mail, it was sent to all victims who believe that their services were real:
They indicated the price, $ 150 to pay by Western Union, and also mentioned some extra services included. Quite ridiculous the message but many people unfortunately believe it and enter like a tray. In the end they ask me for the email to investigate and other information about the person … this reminded me of other scammers for the style that I had commented on last year.
I answered them with the data they needed and included a small image in the message to capture their IP, I already knew it from the email headers, but I wanted to have a little fun. The image was loaded from a domain that refers to this type of characters: muychantas.com/msn-detective.gif
Now he knew that he was a user of Windows and Internet Explorer 8, in addition to his IP he was from Argentina and used Megacable.
A few days passed and I did not answer anything, in the invented e-mail of the alleged victim to hack, I did not receive any type of message, nor phishing, nor Trojan, nothing … I thought that with the joke of the image he had realized that he had He was teasing, so I wrote him:
As if by magic, the guy responded right away saying that the requested research was already ready to be delivered, which was obviously not true:
Again I wrote to him asking him how to send the money and he replied with his details, now he also knew his name and even the home address (although possibly using a false identity):
So I wrote him a last message asking him for some proof of the hacked email, to see what he was doing, and he sent me the following:
The attached file is a jpg image, supposedly a capture of the investigated email:
The first thing I did was go through the Foca to see its metadata and I was edited with Photoshop CS5, curiously in the capture you can see the open program in the taskbar, also several windows of Paint, although the address of the victim on the page surely added it by modifying the source code in the browser.
I confirmed that he uses IE8, he is from Argentina and that he also likes to install bars of those that are useless, he has Facebook, he was working with the investigation email opened in another tab and downloading things with Ares … quite a professional investigator!.
As we see the way to cheat is quite simple and any user, with a minimum of common sense, should not fall for something like that. Remember that accessing someone else's email without their authorization it's a crimeSo don't do it or go looking for detectives to investigate other people's emails.