Above: Computer user with coffee. Photo courtesy DepositPhotos.
In my inbox there’s an email threatening to release incriminating videos of me to all of my email contacts unless someone gets paid. To the tune of US$3,000. In Bitcoin.
I really wanted to respond with an email saying “HAHAHAHAHAHAHA.” But I didn’t. I wrote this instead.
This email is a scam, and this is how it works.
The unique information about you is found in databases of compromised usernames and passwords. Most of them quite old. Paragraph by paragraph, this is how you are duped.
The email will be addressed to whatever is before the @ in your compromised email address, so if it’s your name, it will seem to have been personalised to you.
I am aware [old password redacted] one of your passphrase. Lets get straight to purpose. Absolutely no one has paid me to investigate you. You do not know me and you’re probably wondering why you’re getting this mail?
Why yes, I am, particularly since I haven’t used that password in the last ten years, but go on. At this point, it will seem that some of your personal information is in someone else’s hands, but it’s been there for some time and you’ve probably received an email warning you to change your password from the careless keepers of your digital profile, but it’s been so long ago that you’ve probably forgotten.
You probably have also received spam at that email address, but you’ve probably been routing it to a junk folder so you don’t see it anymore. You should feel compromised, but you were exposed, as it were, long ago.
actually, I placed a malware on the 18+ vids (pornographic material) website and you know what, you visited this site to have fun (you know what I mean). While you were viewing video clips, your browser started operating as a RDP having a keylogger which provided me access to your display screen as well as web cam. Just after that, my software program obtained your complete contacts from your Messenger, social networks, as well as e-mail . And then I made a double video. 1st part shows the video you were viewing (you’ve got a nice taste lmao), and second part displays the recording of your cam, yea its u.
So this is the hook, and you’re being reeled in slowly but surely. Just enough of this should seem familiar enough to make it seem probable and here in T&T there’s been at least one case of an unfortunate local man who had a video of himself released to the public while he was “having fun” while viewing a live feed of someone doing naughty things.
You get only 2 options. Lets analyze these options in particulars:
Very first choice is to disregard this message. In this scenario, I will send your actual video recording to every single one of your contacts and thus visualize concerning the humiliation you will see. And as a consequence in case you are in a romantic relationship, exactly how it can affect?
The clumsy, poorly translated English works well for this and if you have been in a situation that even marginally approximates the one being described, you’re probably going to worry a bit by now. Unfortunately, to seek help for this means that you’re also going to need to admit to some very personal behaviour that isn’t the sort of thing one discusses with a tech expert, someone who is probably a complete stranger to you.
Because you won’t do this, you’ll invent a story about someone who is extorting you and demanding payment for it.
Next choice would be to compensate me 3000 USD. We are going to describe it as a donation. In this case, I will straightaway remove your video footage. You could keep going on your way of life like this never took place and you would never hear back again from me.
And that payment is pretty hefty. Also, someone who gets paid by you isn’t going to disappear. They are going to find a way to get more money from you. You’ve also identified yourself as a mark for every other scammer who is keen to take your money. So, you know, don’t pay.
You’ll make the payment via Bitcoin (if you do not know this, search for “how to buy bitcoin” in Google).
BTC Address: [Bitcoin address redacted]
[case sensitive so copy and paste it]If you may be planning on going to the authorities, good, this mail can not be traced back to me. I have covered my actions. I am also not attempting to charge you much, I simply want to be paid for. You have one day to make the payment. I have a special pixel within this email, and right now I know that you have read this e-mail.
If I do not receive the BitCoins, I will, no doubt send your video recording to all of your contacts including friends and family, co-workers, and so forth. Having said that, if I receive the payment, I will destroy the recording right away. This is the nonnegotiable offer, therefore do not waste my personal time and yours by responding to this e mail. If you want evidence, reply Yes and I will send out your video to your 8 friends.
A good scam always begins with a demand for money and ends with a potent threat. Particularly one with just enough viable technical words to seem real. Given the T&T profile on searches for pornography on Google, this country is likely to be rich ground for exploitation.
So in short, then. This is a scam. Do not pay. Do not respond.
Brian Krebs of Krebs on Security has a recent post on the scam here.
Expect to see other scams resurfacing that tap into compromised databases of identifying information such as emails and passwords.
Use this website to check the status of your email security and make changes to older passwords accordingly.