Funny story: Someone was trying to forex scam people in a game I play. They wanted people to download whatsup, telegram, etc to "discuss the details in training them to trade in forex and earn money l, but they have to pay him for it".

So I went on an adventure:

1/
So first issue was getting him to communicate in a way that would cause an opsec failure. Thus I return to the ancient technology known as emails 😉. I convince him that I dont understand technology and can only email, he gives me his email I write him and wait...

2/
Here is the email exchange, I get him to reply back which then let's google pull what his name is that is linked with that email account. So now I have his name but where can I go from here? Let's checkout his profile photo and then compare that with social media...

3/
Im sure by now your asking well how did I know you check social media? Well I put that email into a few of the online looking services and for free found out it was linked with a social media account.

4/x
So I went digging first I checked Facebook, I couldn't find a direct hit with that photo. So I moved onto Instagram...

Only 5 accounts into the list and I strike paydirt. That's the same exact photo from the email hmmmm....

5/x
Now returning to Google with the insight I now gained i have social media handle to look for. I wonder if there is anymore accounts associated with this username? And thus I found his Twitter.

6/x
Thus far I have this.
His name: Daniel Munachi
Location: Lagos, Nigeria
Potential Birth Month and Day: October 27th
Social media handles: muna__ex, munasmastery, munas.mastery
Email: danielnwanmah147@gmail.com
Phone: +2349090711278

7/x
From here I hit a brick wall I couldn't figure out much more to pivot on to gather additional data. So I confronted him (sadly no screenshots it was in global chat in game which scrolled away this AM). I backup the profiles with @waybackmachine and call it a success.

8/x
Way back machine links:
web.archive.org/web/*/https://…
web.archive.org/web/2020091405…

Im hoping with what I said to him in game and how direct my responses were regarding his actions that it either caused him to feel guilt or fear. Hopefully to divert him from future crime.

9/x
As for myself I learned not only do these scams target people on social media, phones calls and texts but also in video games. That my InfoSec knowledge can help be used as a shield for those even in games and that a single opsec failure while doing crime can nail you.

10/10

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Dodge This Security

Dodge This Security Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @shotgunner101

1 Nov 19
New Blog Post: Hancitor + COM Objects

Recently, Hancitor incorporated the use of COM to spawn IE and download stage 2 payloads. While many may have not understood the true risk of what the Hancitor campaign stumbled into it, its very dangerous.

dodgethissecurity.com/2019/11/01/han…
Specifically, my research partners and myself around 1 year ago theorized that COM objects if used to spawn IE could be used to get around/through proxy servers in environments. Proxy servers have provided a severely overestimated layer of protection.
Organization's security teams have come to assume that "Since the malware doesn't know the proxy details, auth mechanism or have user credentials callouts will fail". However, this is a faulty assumption as with COM objects + IE you can automatically get that information!
Read 14 tweets
20 Aug 19
So who want's IP Addresses of systems that attempted to login into my HitBTC account which I created but never used 🤣😂?

IP Addresses:
153.232.149.239
185.235.131.105
203.136.13.19
187.171.201.77
98.143.144.2
165.169.174.210
176.106.45.201
202.70.85.125
197.149.17.17
62.212.188.42
41.140.246.88
110.74.219.225
179.52.122.34
37.142.114.193
160.178.223.115
165.16.19.79
188.217.221.129
5.189.206.237
46.161.61.238
95.85.71.33
2.38.147.66
183.83.134.16
194.156.124.136
95.160.185.241
201.64.22.50
61.7.170.251
193.93.192.62
83.171.253.29
185.251.71.184
41.43.129.58
115.87.202.131
1.0.132.253
180.244.235.96
125.24.194.93
37.144.21.183
2.135.134.18
60.116.152.149
93.190.204.241
124.195.222.252
88.185.198.45
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!