Remove LAB Bot Amazon email scam By Will Wisser Posted on December 24, 2019 3 min read 0 2,845 Be leery of a new Bitcoin extortion scam doing the rounds which involves a scary LAB Bot cloud storage hack theme and impersonates Amazon billing support. What is the LAB Bot – email@example.com email scam? LAB Bot is a fictitious name of a hacking crew used as a scare element in a new massive email hoax. The first part of the spoof term stands for “Login And Backup” and supposedly denotes a malicious application that easily accesses a victim’s cloud storage, downloads their files, and transmits the data to the criminals without raising red flags. The misleading messages look like they come from Amazon, with their subject line saying: “[Amazon Delivery Support] [Notification] Authorization Form Customer ID [Support]”. This is part of the crooks’ strategy to feign legitimacy so that that victim at least reads the email. In fact, though, the stratagem is absolutely unrelated to the e-commerce giant. Although the sender’s email address displayed in the message is firstname.lastname@example.org (the spelling may vary), it actually comes from another source – here are some of the most frequently reported strings shown in the “From” field email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org The con artists in charge of this scam boil their brainwashing down to a purported compromise of the recipient’s cloud storage. This recent breach has presumably enabled the self-proclaimed hackers to get hold of the person’s data kept in the cloud. To prevent this information, including sensitive materials, from being leaked into the open Internet, the user is instructed to submit a ransom in Bitcoin to the black hats. There is no uniform size of the ransom demanded from the targets of this fraud. It’s in the range of 0.16 – 0.22 BTC, which is worth about $1,200 – $1,600. The alleged hackers provide a deadline for the payment, emphasizing that the LAB Bot malware is preconfigured to execute its mission in five days after the message is received unless the full amount of money is paid. What will happen otherwise? The malefactors try to convince the user that all their personal documents, photos, and videos – some of which could be “naughty” – will be made public. In particular, according to the email, the info will be sent to the victim’s social media contacts and colleagues. To know when the message was originally opened and perused, the wrongdoers claim to leverage email trackers. The email body in this blackmail scenario is as follows: Please do not ignore this message, as it refers to your account [recipient’s email address] and cloud storage. We are a group of data storage hackers. If you receive this message, we’ve already hack you. We are software developers (Login And Backup or often called LAB Bot). Frequently asked questions (FAQs) Q: What is the LAB Bot? A: LAB is an automated application made by Bot using a special API request; the API can download all the data or files that are related to your cloud storage and send it to our server automatically via hacked email access. Q: Definitely, you’ll think this is impossible! A: Smartphones, Apple, Windows, etc. All have cloud storage data. Like Google with Gdrive, Microsoft with OneDrive, Apple with iCloud, and all cloud storage directly connected to an email account. Q: Why should you care about LAB Bot? A: Lab Bot is automatically configured and has a five day grace period. On the fifth day, Lab Bot all cloud storage directly connected to an email account. Q: Why should you care about LAB Bot? A: Lab Bot is automatically configured and has a five day grace period. On the fifth day, Lab Bot will accomplish its final task. I.e., share backup data downloaded to the darknet forum publicly or to e-mail correspondence, contacts, social network, co-worker. (You certainly didn’t want everyone to see or know your private files (documents, nude photos, hot videos, or others). Precisely what should you do? To prevent all of this thing from happening, you need to send Bitcoin with the amount of 0.23275 Bitcoin – to my bitcoin wallet address. (if you didn’t know this, search ‘how to buy bitcoin’ on Google.) BTC address: [QR code] Scan the QR code with your phone to get the address. So, to stop the LAB Bot process, it’s only in one way; “make payments through Bitcoin in the amount of 0,23275 Bitcoin”. You have five days to make a payment, and the time will start when this message opened; LAB Bot will know if you’ve already read the letter because it uses e-mail trackers. Upon initial look-through, the LAB Bot Amazon email scam seems to resemble the rest of the Bitcoin frauds in circulation that are mostly copycats of one another. However, there are a few unique characteristics that make it stand out. First of all, sextortion isn’t as clearly implied here and the message is mostly about the victim’s personal information in general without a focus on embarrassing content only. Secondly, the swindlers use an all-new feature to let the recipients know which BTC address to send the funds to. It’s a QR code embedded right in the email. This approach doesn’t really narrow down the potential victim audience because most people either use a QR scanner app already or can easily install it anytime if they need it. Furthermore, the concise FAQ based structure is kind of a novelty on the email scam threat map. Whereas some people actually estimate the value of their in-the-cloud data as highly as that, falling for LAB Bot email scam and paying up to 0.22 Bitcoin for nondisclosure of the purportedly stolen data is a mistake. The entirety of information provided in this email is a bluff zeroing in on gullible users. As previously mentioned, the source email address is spoofed and has nothing to do with Amazon. Also, there is no such thing as the LAB Bot hacking group or application utilizing some super-secret API request that opens the door to any cloud storage. It is nothing but an element of the intimidation chain. All in all, if you receive this email you can safely ignore and delete it. There is just one little thing you might want to check, though. Your email address somehow ended up on the scammers’ list of potential victims. This could be an outcome of an earlier data dump ensuing from a breach of a major service provider’s network, or your computer may have been exposed to spyware that collected some PII (personally identifiable information) such as contact details. Use the steps below to ascertain that you’re good to go and no malicious code is lurking inside your machine. Automated removal of malware related to LAB Bot Amazon email scam Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following: 1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button Download email scam virus remover 2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.