Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Internet Storm Center - Internet Security | DShield Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Last Daily Podcast (Tue, Aug 14th):New Sextortion Wave; Intel Puma; btlejack

Latest Diaries

New Extortion Tricks: Now Including Your (Partial) Phone Number!

Published: 2018-08-13
Last Updated: 2018-08-13 19:46:13 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Barely a month after we saw extertion emails appearing with leaked passwords (New Extortion Tricks: Now Including Your Password!), we are now seeing extortion emails with partial phone numbers.

Like this example submitted by a reader:

For a couple of emails, we were able to verify that the digits of the partial phone number match the actual phone number of the owner of the destination email address.

We don't know yet what source is used by the extortionists that provides email addresses with partial phone numbers, but I think it is unlikely to be a data breach (like with the password extortion emails).

A classic data breach with phone numbers would contain full phone numbers, and I don't see why the extortionists would mask most of the digits.

They must have another source, and that's where we ask for your help: what ideas or remarks do you have?

We came up with possible sources like whois data or password reset mechanisms, like Gmail:

Please post a comment with your idea, and if you received a similar email, please consider submitting it.


Didier Stevens
Senior handler
Microsoft MVP

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

A URL shortener handy for phishers
Aug 12th 2018
1 day ago by DidierStevens (0 comments)

Peeking into msg files - revisited
Aug 12th 2018
2 days ago by DidierStevens (2 comments)

Hunting SSL/TLS clients using JA3
Aug 10th 2018
4 days ago by Remco (0 comments)

What Do I Need To Know about "SegmentSmack"
Aug 8th 2018
6 days ago by Johannes (2 comments)

View All Diaries →

Latest Discussions

Pfsense Dshield Log sending Issue
created Aug 10th 2018
3 days ago by Anonymous (0 replies)

Splunk query returns fewer results than expected
created Jul 30th 2018
2 weeks ago by Anonymous (0 replies)

Threat Feed Feedback
created Jul 26th 2018
2 weeks ago by TravisMcW (0 replies)

Windows Long File Path
created Jul 19th 2018
3 weeks ago by Shishir (0 replies)

Windows Long File Path
created Jul 18th 2018
3 weeks ago by Shishir (0 replies)

View All Forums →

Latest News

View All News →

Top Diaries

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
1 year ago by Brad (6 comments)

Using a Raspberry Pi honeypot to contribute data to DShield/ISC
Aug 3rd 2017
1 year ago by Johannes (16 comments)

Detection Lab: Visibility & Introspection for Defenders
Dec 15th 2017
7 months ago by Russ McRee (2 comments)

Maldoc with auto-updated link
Aug 17th 2017
11 months ago by Xme (2 comments)

Second Google Chrome Extension Banker Malware in Two Weeks
Aug 29th 2017
11 months ago by Renato (0 comments)