Be careful, I am the director of Europol, give me 400 euros or I tell all your family that you are watching child pornography: do you think this phishing scenario will never work? Well the thugs don’t agree with you.
We take the same and start again. On September 1, 2021, a Numerama reader received an email entitled “Courriel Europol”, from the name of the European agency specializing in the suppression of crime. Immediately, this email reminded us of a recurring phishing that usurps the identity of the French National Police and more precisely that of the brigade for the protection of minors. Bingo: Europol’s fake email uses exactly the same tricks to try to make the victims pay. A quick glance at the sender’s address “firstname.lastname@example.org” is enough to detect phishing. A real agency email would end with @ europol.europa.eu, not a generic Gmail address.
The message is expeditious: ” Bhello, please find attached the notice relating to a case concerning you and respond within the time limit mentioned “. The mention of a ” time limit “Don’t Exceed” serves to create a sense of urgency among the targets, to push them to click on the PDF document attached to the email.
The file in question attempts to pass itself off as an official letter from Catherine De Bolle, named after Europol’s real executive director, and even mimics her signature. Following a ” computer seizure of cyber infiltration “, Our reader would be prosecuted for” child pornography, pedophilia, exhibitionism, and cyber pornography “. Yes, you read that right : ” cyber pornography “.
Blackmail for public release
The mail informs in a confused way – but with an impeccable spelling – that our contact risks aggravated sentences for having committed these crimes ” using the Internet “. An alleged ” cyber policeman “Would have recovered” naked photos That our reader would have sent to minors.
Then the letter launches an ultimatum to its addressee, while detaching itself from any reality of the functioning of justice: ” You are requested to make your voice heard by email by writing us your justifications so that they can be investigated and verified in order to assess the penalties, within a strict 72 hours deadline. After this period, we will be obliged to send our report to Mrs Myriam Quéméner, deputy prosecutor at the Créteil high court and specialist in cybercrime to establish an arrest warrant against you, send it to the gendarmerie. closer to your place of residence for your arrest and to register you as a sex offender. Your file will also be transmitted to the media for distribution where your family and loved ones can see what you are doing in front of your computer. ”
It’s escalation: the letter asks for a trial by email, then threatens imprisonment and goes as far as blackmail for public distribution. The message is even punctuated with a ” now you are warned Completely improbable. To push the victims to believe in this incredible scenario, the thugs rely on two common tricks:
- The sense of urgency: by evoking an alleged delay of 72 hours after receipt of the email, they create a sense of urgency with the recipient. He should rush to prove his innocence, for fear that the threats will come true. In a panic, he’s less likely to dwell on the many inconsistencies in the situation.
- Precise details : in addition to the name of Catherine De Bolle, the letter also quotes the magistrate Myriam Quéméner. This advanced level of detail aims to give credibility to the subject. Problem: if Ms. Quéméner is indeed a lawyer specializing in cybercrime, she on the other hand left her functions at the Créteil tribunal de grande instance … in 2013. This anachronism is the sign that the model of the letter dates from this period, and would be reused without modification since.
Europol had communicated on the multiplication of this type of phishing usurping the identity of De Bolle in April 2021. The agency specified that the director does not ” would never directly contact members of the public requiring immediate action “And that” would not threaten individuals with the opening of a criminal investigation “.
Degree zero of cybercrime
This kind of blackmail scam is the zero degree of cybercrime. The people behind the subterfuge do not use flaws or malware, and they do not personalize the text of their phishing. Worse, they most likely recovered the text as is, and just copy and paste it.
Concretely, the thugs had only to recover a list of email addresses to which to send their spam. An extremely easy task, since several easily accessible forums are full of files of stolen email addresses to download (free or not). For example, our source address is part of a leak of 174 million emails from customers of mobile game publisher Zynga, dated 2019. Data from this kind of particularly exposed leak is then aggregated into lists, which further spreads the leaked email address.
Finally, the amateurism of criminals is good news. Before suffering damage, the target must follow the many stages of the scam, which are all opportunities to realize the subterfuge:
- Open phishing.
- Click on the PDF.
- Believe in the incredible scenario.
- Send an email to the address mentioned.
- Obtain an answer from the thugs and continue to believe in the scenario.
- Make a transfer of your own accord to a bank or PayPal account unrelated to Europol.
If the target stops before going all the way to the tack, it doesn’t risk anything. Still, for criminals, it only takes one person to make a transfer to be profitable, as the massive phishing operation will not have cost them anything. The emails are free, the phishing model too, the manipulation does not require any technical skills and they just have to respond to the few people they have phished. It is for this reason that this kind of scam has been coming back regularly for more than 10 years, and that it will probably continue to come back in the next 10 years.