Back in July, I wrote about the sextortion scam that had been circulating for a while. A new wave was spreading, and I’d seen multiple people taking about it on my Facebook, so I figured putting pen to paper (I suppose today that is fingers to keyboard.) made sense. Today, my aunt reached out to share the latest scam email she's received, one that I’ve seen in my mailbox a few times this week, as well. So let’s take a look at that email.
Hello! I'm a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it. Your password from *****@******.*** on moment of crack: ***** Of course you can will change your password, or already made it. But it doesn't matter, my rat software update it every time. Please don't try to contact me or find me, it is impossible, since I sent you an email from your email account. Through your e-mail, I uploaded malicious code to your Operation System. I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources. Also I installed a rat software on your device and long tome spying for you. You are not my only victim, I usually lock devices and ask for a ransom. But I was struck by the sites of intimate content that you very often visit. I am in shock of your reach fantasies! Wow! I've never seen anything like this! I did not even know that SUCH content could be so exciting! So, when you had fun on intime sites (you know what I mean!) I made screenshot with using my program from your camera of yours device. After that, I jointed them to the content of the currently viewed site. Will be funny when I send these photos to your contacts! And if your relatives see it? BUT I'm sure you don't want it. I definitely would not want to ... I will not do this if you pay me a little amount. I think $833 is a nice price for it! I accept only Bitcoins. My BTC wallet: 1HQ7wGdA5G9qUtM8jyDt5obDv1x3vEvjCy If you have difficulty with this - Ask Google "how to make a payment on a bitcoin wallet". It's easy. After receiving the above amount, all your data will be immediately removed automatically. My virus will also will be destroy itself from your operating system. My Trojan have auto alert, after this email is looked, I will be know it! You have 2 days (48 hours) for make a payment. If this does not happen - all your contacts will get crazy shots with your dirty life! And so that you do not obstruct me, your device will be locked (also after 48 hours) Do not take this frivolously! This is the last warning! Various security services or antiviruses won't help you for sure (I have already collected all your data). Here are the recommendations of a professional: Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites! I hope you will be prudent. Bye.
The first thing that stands out to me is that the English skills of this scammer are subpar. My wife and I spent a good 15 minutes laughing as we read the first email I received. Also, if anyone is curious about the BTC wallets, they have never repeated. The four I’ve seen so far are:
- 1MD5rcJhECdDM1AGvdgstj6RrtbhBsE1e7
- 1BncH5WxBSYJ6mmcJC9bCRxQ6Z1evvtRxk
- 1PL9ewB1y3iC7EyuePDoPxJjwC4CgAvWTo
- 1HQ7wGdA5G9qUtM8jyDt5obDv1x3vEvjCy
According to BitRef, these wallets have received a combined 57 payments so far. My aunt reached out because the email seemingly came from her own email address. I wanted to address this. Email spoofing is as easy as caller ID spoofing, something my colleague Andrew wrote about recently. A lot of our technology is built around plain text protocols that depend on trust. All the scammer has to do is say, “Hi, I’m Tyler” to the mail server and the mail server will say, “Great, Nice to meet you Tyler, who do you want to email?”, to which the scammer replies, “I want to email Tyler.” Many of us have a buyer beware attitude when receiving email. You could call it recipient beware. We’ve had workplace training around phishing and scam emails, we work in tech and have done it ourselves in the past or we’ve seen one too many scam emails that we’re now cautious of everything we receive. We need to remember that these scams still work, and they work because a lot of people don’t have this awareness. They haven’t seen this enough to be distrustful of every email they receive. We assume that technology is harder than writing a fake address in the top corner of the envelope and dropping it in a mailbox, but in reality, that is exactly what these scammers are doing. So, when you receive a scam like this… ignore it. The attackers have obtained your password from older password breach databases. If you have any accounts still using that password, change them and make sure you use a different password for every account. If you can, enable two-factor authentication. It will save you at the end of the day. To those of us in cyber security, we need to stop disregarding these scams. I saw this in my spam folder three times and did nothing about it. I could have shared it on Facebook, warned my friends and family that this was circulating or written a post like this. We need to spread the truth when we can to prevent anyone we know (and even those we don’t know) from falling victim to scams like this.
