#[1]Krebs on Security » Feed [2]Krebs on Security » Comments Feed
  [3]Krebs on Security » Service Rents Email Addresses for Account
  Signups Comments Feed [4]alternate [5]alternate [6]alternate

  Advertisement
  [7][5.jpg]
  Advertisement
  [8][2.png]

  [9]Krebs on Security

  [10]Skip to content
    * [11]Home
    * [12]About the Author
    * [13]Advertising/Speaking

Service Rents Email Addresses for Account Signups

  June 6, 2023
  [14]0 Comments

  One of the most expensive aspects of any cybercriminal operation is the
  time and effort it takes to constantly create large numbers of new
  throwaway email accounts. Now a new service offers to help dramatically
  cut costs associated with large-scale spam and account creation
  campaigns, by paying people to sell their email account credentials and
  letting customers temporarily rent access to a vast pool of established
  accounts at major providers.

  The service in question — kopeechka[.]store — is perhaps best described
  as a kind of unidirectional email confirmation-as-a-service that
  promises to “save your time and money for successfully registering
  multiple accounts.”

  “Are you working on large volumes and are costs constantly growing?”
  Kopeechka’s website asks. “Our service will solve all your problems.”

  As a customer of this service, you don’t get full access to the email
  inboxes you are renting. Rather, you configure your botnet or spam
  machine to make an automated application programming interface (API)
  call to the Kopeechka service, which responds with a working email
  address at an email provider of your choosing.

  Once you’ve entered the supplied email address into the new account
  registration page at some website or service, you tell Kopeechka which
  service or website you’re expecting an account confirmation link from,
  and they will then forward any new messages matching that description
  to your Kopeechka account panel.

  Ensuring that customers cannot control inboxes rented through the
  service means that Kopeechka can rent the same email address to
  multiple customers (at least until that email address has been used to
  register accounts at most of the major online services).

  Kopeechka also has multiple affiliate programs, including one that pays
  app developers for embedding Kopeechka’s API in their software.
  However, far more interesting is their program for rewarding people who
  choose to sell Kopeechka usernames and passwords for working email
  addresses.

  Kopeechka means “penny” in Russian, which is generous verbiage (and
  coinage) for a service that charges a tiny fraction of a penny for
  access to account confirmation links. Their pricing fluctuates slightly
  based on which email provider you choose, but a form on the service’s
  homepage says a single confirmation message from apple.com to
  outlook.com costs .07 rubles, which is currently equal to about
  $0.00087 dollars.

  The pricing for Kopeechka works out to about a fraction of a penny per
  confirmation message.

  “Emails can be uploaded to us for sale, and you will receive a
  percentage of purchases %,” the service explains. “You upload 1 mailbox
  of a certain domain, discuss percentage with our technical support (it
  depends on the liquidity of the domain and the number of downloaded
  emails).”

  We don’t have to look very far for examples of Kopeechka in action. In
  May, KrebsOnSecurity [15]interviewed a Russian spammer named “Quotpw“
  who was mass-registering accounts on the social media network Mastodon
  in order to conduct a series of huge spam campaigns advertising scam
  cryptocurrency investment platforms.

  Much of the fodder for that story came from Renaud Chaput, a freelance
  programmer working on modernizing and scaling the Mastodon project
  infrastructure — including joinmastodon.org, mastodon.online, and
  mastodon.social. Chaput told KrebsOnSecurity that his team was forced
  to temporarily halt all new registrations for these communities last
  month after the number of new registrations from Quotpw’s spam campaign
  started to overwhelm their systems.

  “We suddenly went from like three registrations per minute to 900 a
  minute,” Chaput said. “There was nothing in the Mastodon software to
  detect that activity, and the protocol is not designed to handle this.”

  After that story ran, Chaput said he discovered that the computer code
  powering Quotpw’s spam botnet (which has since been released as open
  source) contained an API call to Kopeechka’s service.

  “It allows them to pool many bot-created or compromised emails at
  various providers and offer them to cyber criminals,” Chaput said of
  Kopeechka. “This is what they used to create thousands of valid Hotmail
  (and other) addresses when spamming on Mastodon. If you look at the
  code, it’s really well done with a nice API that forwards you the
  confirmation link that you can then fake click with your botnet.”

  It’s doubtful anyone will make serious money selling email accounts to
  Kopeechka, unless of course that person already happens to run a botnet
  and has access to ridiculous numbers of email credentials. And in that
  sense, this service is genius: It essentially offers scammers a new way
  to wring extra income from resources that are already plentiful for
  them.

  One final note about Quotpw and the spam botnet that ravaged Chaput’s
  Mastodon servers last month: Trend Micro just published [16]a report
  saying Quotpw was spamming to earn money for a Russian-language
  affiliate program called “Impulse Team,” which pays people to promote
  cryptocurrency scams.

  The crypto scam affiliate program “Project Impulse,” advertising in
  2021.

  Websites under the banner of the Impulse Scam Crypto Project are all
  essentially “advanced fee” scams that tell people they have earned a
  cryptocurrency investment credit. Upon registering at the site,
  visitors are told they need to make a minimum deposit on the service to
  collect the award. However, those who make the initial investment never
  hear from the site again, and their money is gone.

  Interestingly, Trend Micro says the scammers behind the Impulse Team
  also appear to be operating a fake reputation service called
  Scam-Doc[.]com, a website that mimics the legitimate Scamdoc.com for
  measuring the trustworthiness and authenticity of various sites. Trend
  notes that the phony reputation site routinely gave high trust ratings
  to a variety of cryptocurrency scam and casino websites.

  “We can only suppose that either the same cybercriminals run operations
  involving both or that several different cybercriminals share the
  scam-doc[.]com site,” the Trend researchers wrote.

  The ScamDoc fake reputation websites, which were apparently used to
  help make fake crypto investment platforms look more trustworthy.
  Image: Trend Micro.

  According to the FBI, financial losses from cryptocurrency investment
  scams [17]dwarfed losses for all other types of cybercrime in 2022,
  rising from $907 million in 2021 to $2.57 billion last year.

  This entry was posted on Tuesday 6th of June 2023 04:09 PM
  [18]Web Fraud 2.0
  [19]Impulse Scam Crypto Project [20]Kopeechka [21]Mastodon [22]Quotpw
  [23]Renaud Chaput [24]spam [25]trend micro

  Post navigation
  [26]← Ask Fitis, the Bear: Real Crooks Sign Their Malware

Leave a Reply [27]Cancel reply

  Your email address will not be published. Required fields are marked *

  Comment *
  _____________________________________________
  _____________________________________________
  _____________________________________________
  _____________________________________________
  _____________________________________________
  _____________________________________________
  _____________________________________________
  _____________________________________________

  Name * ______________________________

  Email * ______________________________

  Website ______________________________

  Post Comment

  Δ
  _____________________________________________
  _____________________________________________
  _____________________________________________
  _____________________________________________
  _____________________________________________
  _____________________________________________
  _____________________________________________
  _____________________________________________
  Advertisement
  [28][3.jpg]
  Advertisement

  Mailing List
  [29]Subscribe here

  Search KrebsOnSecurity
  Search for: ____________________ Search

  Recent Posts
    * [30]Service Rents Email Addresses for Account Signups
    * [31]Ask Fitis, the Bear: Real Crooks Sign Their Malware
    * [32]Discord Admins Hacked by Malicious Bookmarks
    * [33]Phishing Domains Tanked After Meta Sued Freenom
    * [34]Interview With a Crypto Scam Investment Spammer

  Spam Nation
  [35]Spam Nation

  A New York Times Bestseller!

  Thinking of a Cybersecurity Career?
  [36]Thinking of a Cybersecurity Career?

  Read this.

  All About Skimmers
  [37]All About Skimmers

  Click image for my skimmer series.

  Story Categories
    * [38]A Little Sunshine
    * [39]All About Skimmers
    * [40]Ashley Madison breach
    * [41]Breadcrumbs
    * [42]Data Breaches
    * [43]DDoS-for-Hire
    * [44]Employment Fraud
    * [45]How to Break Into Security
    * [46]Latest Warnings
    * [47]Ne'er-Do-Well News
    * [48]Other
    * [49]Pharma Wars
    * [50]Ransomware
    * [51]Russia's War on Ukraine
    * [52]Security Tools
    * [53]SIM Swapping
    * [54]Spam Nation
    * [55]Target: Small Businesses
    * [56]Tax Refund Fraud
    * [57]The Coming Storm
    * [58]Time to Patch
    * [59]Web Fraud 2.0

  The Value of a Hacked PC
  [60]valuehackedpc

  Badguy uses for your PC

  Badguy Uses for Your Email
  [61]Badguy Uses for Your Email

  Your email account may be worth far more than you imagine.

  [62]Donate to Krebs On Security

  Most Popular Posts
    * [63]Sextortion Scam Uses Recipient's Hacked Passwords (1076)
    * [64]Online Cheating Site AshleyMadison Hacked (798)
    * [65]Sources: Target Investigating Data Breach (620)
    * [66]Trump Fires Security Chief Christopher Krebs (534)
    * [67]Why Paper Receipts are Money at the Drive-Thru (530)
    * [68]Cards Stolen in Target Breach Flood Underground Markets (445)
    * [69]Reports: Liberty Reserve Founder Arrested, Site Shuttered (416)
    * [70]Was the Ashley Madison Database Leaked? (376)
    * [71]DDoS-Guard To Forfeit Internet Space Occupied by Parler (374)
    * [72]True Goodbye: 'Using TrueCrypt Is Not Secure' (363)

  Why So Many Top Hackers Hail from Russia

  Category: Web Fraud 2.0
  [73]Criminnovations

  Innovations from the Underground

  [74][shreddedID-copy-285x189.png]

  ID Protection Services Examined

  Is Antivirus Dead?
  [75]Is Antivirus Dead?

  The reasons for its decline

  The Growing Tax Fraud Menace
  [76]The Growing Tax Fraud Menace

  File 'em Before the Bad Guys Can

  Inside a Carding Shop
  [77]Inside a Carding Shop

  A crash course in carding.

  Beware Social Security Fraud
  [78]Beware Social Security Fraud

  Sign up, or Be Signed Up!

  How Was Your Card Stolen?
  [79]How Was Your Card Stolen?

  Finding out is not so easy.

  Krebs’s 3 Rules…
  [80]Krebs’s 3 Rules…

  ...For Online Safety.
  © Krebs on Security - [81]Mastodon

References

  Visible links
  1. https://krebsonsecurity.com/feed/
  2. https://krebsonsecurity.com/comments/feed/
  3. https://krebsonsecurity.com/2023/06/service-rents-email-addresses-for-account-signups/feed/
  4. https://krebsonsecurity.com/wp-json/wp/v2/posts/63900
  5. https://krebsonsecurity.com/wp-json/oembed/1.0/embed?url=https://krebsonsecurity.com/2023/06/service-rents-email-addresses-for-account-signups/
  6. https://krebsonsecurity.com/wp-json/oembed/1.0/embed?url=https://krebsonsecurity.com/2023/06/service-rents-email-addresses-for-account-signups/&format=xml
  7. https://www.magnetforensics.com/2023-state-of-enterprise-digital-forensics-incident-response/?utm_source=Krebs&utm_medium=Ad&utm_campaign=2023_Q2_State_of_Enterprise_Krebs
  8. https://www.panoptica.app/sign-up?utm_campaign=fy23q4_panoptica_ww_awareness_krebsonsecurity-ros-protection-starttoday_display&utm_source=krebsonsecurity&utm_medium=display&utm_term=protection-starttoday&utm_content=signup
  9. https://krebsonsecurity.com/
 10. https://krebsonsecurity.com/2023/06/service-rents-email-addresses-for-account-signups/#content
 11. https://krebsonsecurity.com/
 12. https://krebsonsecurity.com/about/
 13. https://krebsonsecurity.com/cpm/
 14. https://krebsonsecurity.com/2023/06/service-rents-email-addresses-for-account-signups/#respond
 15. https://krebsonsecurity.com/2023/05/interview-with-a-crypto-scam-investment-spammer/
 16. https://www.trendmicro.com/en_us/research/23/f/impulse-team-massive-cryptocurrency-scam.html
 17. https://www.fbi.gov/contact-us/field-offices/springfield/news/internet-crime-complaint-center-releases-2022-statistics
 18. https://krebsonsecurity.com/category/web-fraud-2-0/
 19. https://krebsonsecurity.com/tag/impulse-scam-crypto-project/
 20. https://krebsonsecurity.com/tag/kopeechka/
 21. https://krebsonsecurity.com/tag/mastodon/
 22. https://krebsonsecurity.com/tag/quotpw/
 23. https://krebsonsecurity.com/tag/renaud-chaput/
 24. https://krebsonsecurity.com/tag/spam/
 25. https://krebsonsecurity.com/tag/trend-micro/
 26. https://krebsonsecurity.com/2023/06/ask-fitis-the-bear-real-crooks-sign-their-malware/
 27. https://krebsonsecurity.com/2023/06/service-rents-email-addresses-for-account-signups/?utm_source=dlvr.it&utm_medium=twitter#respond
 28. https://mwise.mandiant.com/conf23?&utm_campaign=mwise-conference-2023&utm_source=hatch64&utm_medium=programmatic&utm_term=registration-early&utm_content=mwise-conference-2023_hatch64_programmatic-display_1240x110_registration-early_100-percent
 29. https://krebsonsecurity.com/subscribe/
 30. https://krebsonsecurity.com/2023/06/service-rents-email-addresses-for-account-signups/
 31. https://krebsonsecurity.com/2023/06/ask-fitis-the-bear-real-crooks-sign-their-malware/
 32. https://krebsonsecurity.com/2023/05/discord-admins-hacked-by-malicious-bookmarks/
 33. https://krebsonsecurity.com/2023/05/phishing-domains-tanked-after-meta-sued-freenom/
 34. https://krebsonsecurity.com/2023/05/interview-with-a-crypto-scam-investment-spammer/
 35. https://www.amazon.com/Spam-Nation-Organized-Cybercrime-Epidemic-ebook/dp/B00L5QGBL0/ref=dp_kinw_strp_1
 36. https://krebsonsecurity.com/2020/07/thinking-of-a-cybersecurity-career-read-this/
 37. https://krebsonsecurity.com/all-about-skimmers/
 38. https://krebsonsecurity.com/category/sunshine/
 39. https://krebsonsecurity.com/category/all-about-skimmers/
 40. https://krebsonsecurity.com/category/ashley-madison-breach/
 41. https://krebsonsecurity.com/category/breadcrumbs/
 42. https://krebsonsecurity.com/category/data-breaches/
 43. https://krebsonsecurity.com/category/ddos-for-hire/
 44. https://krebsonsecurity.com/category/employment-fraud/
 45. https://krebsonsecurity.com/category/how-to-break-into-security/
 46. https://krebsonsecurity.com/category/latest-warnings/
 47. https://krebsonsecurity.com/category/neer-do-well-news/
 48. https://krebsonsecurity.com/category/other/
 49. https://krebsonsecurity.com/category/pharma-wars/
 50. https://krebsonsecurity.com/category/ransomware/
 51. https://krebsonsecurity.com/category/russias-war-on-ukraine/
 52. https://krebsonsecurity.com/category/security-tools/
 53. https://krebsonsecurity.com/category/sim-swapping/
 54. https://krebsonsecurity.com/category/spam-nation/
 55. https://krebsonsecurity.com/category/smallbizvictims/
 56. https://krebsonsecurity.com/category/tax-refund-fraud/
 57. https://krebsonsecurity.com/category/comingstorm/
 58. https://krebsonsecurity.com/category/patches/
 59. https://krebsonsecurity.com/category/web-fraud-2-0/
 60. https://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/
 61. https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/
 62. https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MCCRKHWRX57HS
 63. https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/
 64. https://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/
 65. https://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/
 66. https://krebsonsecurity.com/2020/11/trump-fires-security-chief-christopher-krebs/
 67. https://krebsonsecurity.com/2022/06/why-paper-receipts-are-money-at-the-drive-thru/
 68. https://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/
 69. https://krebsonsecurity.com/2013/05/reports-liberty-reserve-founder-arrested-site-shuttered/
 70. https://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/
 71. https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/
 72. https://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/
 73. https://krebsonsecurity.com/category/web-fraud-2-0/
 74. https://krebsonsecurity.com/2014/03/are-credit-monitoring-services-worth-it/
 75. https://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/
 76. https://krebsonsecurity.com/category/tax-refund-fraud/
 77. https://krebsonsecurity.com/2014/06/peek-inside-a-professional-carding-shop/
 78. https://krebsonsecurity.com/2013/09/crooks-hijack-retirement-funds-via-ssa-portal/
 79. https://krebsonsecurity.com/2015/01/how-was-your-credit-card-stolen/
 80. https://krebsonsecurity.com/2011/05/krebss-3-basic-rules-for-online-safety/
 81. https://infosec.exchange/@briankrebs

  Hidden links:
 83. http://twitter.com/briankrebs
 84. https://krebsonsecurity.com/feed/
 85. https://www.linkedin.com/in/bkrebs/
 86. http://twitter.com/briankrebs
 87. https://krebsonsecurity.com/feed/
 88. https://www.linkedin.com/in/bkrebs/
 89. https://krebsonsecurity.com/wp-content/uploads/2023/06/scamdoc.png
 90. https://krebsonsecurity.com/2017/06/why-so-many-top-hackers-hail-from-russia/

You are viewing proxied material from 1436.ninja. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.