So I get a better-than-average scam e-mail yesterday morning, one that I think I almost wished were true. I’ll adnotate it a bit only because it was that much more convincing than your run-of-the-mill Nigerian Prince:
From : Cortez Raff <firstname.lastname@example.org>
Subject : [Redacted username and password]
This is your badluck. I know that [redacted] is your pass word. Most importantly, I know your secret and I have evidence of it.i You do not know me and nobody paid me to look into you.
It is just your hard luck that I found your bad deeds. In fact, I actually placed a malware on the adult video clips (pornographic material) and you visited this site to experience fun (you know what I mean).ii While you were watching videos, your web browser began working as a Rdp (Remote desktop) that has a keylogger which gave me accessibility to your screen and also web cam.iii After that, my software collected your complete contacts from your social networks,iv and email.
After that I gave in much more hours than I probably should’ve exploring into your lifev and created a two screen video. 1st part displays the video you were viewing and second part displays the view from your webcam (its you doing dirty things).
Frankly, I want to forget about you and allow you to continue with your life. And my goal is to offer you two options that will accomplish this. These two option is to either ignore this letter, or perhaps pay me $8050.vi Let’s examine these two options in details.
Option 1 is to ignore this email message. Let me tell you what will happen if you select this path. I will, no doubt send your video recording to all of your contacts including family members, coworkers, etc. It won’t protect you from the humiliation your household will face when relatives and buddies uncover your unpleasant details from me.vii
Other Option is to make the payment of $8050. We will name this my “confidentiality charges”. Let me tell you what will happen if you choose this path. Your secret remains your secret. I will erase the recording immediately.viii You move on with your lifetime as though none of this ever happened.
At this point you must be thinking, “Let me call cops”. Let me tell you, I’ve taken steps to make sure that this mail can’t be tracedix time for me and yes it will not stay away from the evidence from destroying your daily life. I’m not planning to steal all your savings. I just want to get compensated for the time I place into investigating you. Let’s assume you have decided to generate all this vanish entirely and pay me my confidentiality fee. You’ll make the payment by Bitcoin (if you don’t know this, search “how to buy bitcoins” in google search)
Transfer Amount: $8050
Bitcoin Address to Send: 1M*2mrS7zCf37SBDdeus4e9Uy4ChUZsKFnH (You must Remove * from it then note it carefully)x
Expalin no-one what will you be utilizing the bitcoin for or they will often not give it to you. The procedure to acquire bitcoins will take a day or two so do not put it offxi I’ve a special pixelxii within this email, and right now I know that you have read through this mail. You now have 24 hours to make the payment.xiii If I don’t receive the Bitcoin, I will definately send out your video to your entire contacts including relatives, coworkers, and many others. You better come up with an excuse for friends and family before they find out. Nonetheless, if I receive the payment, I’ll erase the recording and all other proofs immediately. It’s a non-negotiable one time offer, so please do not ruin my time and yours. Your time has started. Well, my malware will be recording what action you’re taking when you are done reading this email. Swear to god, Should you choose something suspicious then I am going to send out your video to your family members, co-workers even before time ends.
From : Pete
Can you provide a screenshot of the “incriminating” evidence ?
Even if there was a 1% chance that the guy actually had the goods, why wouldn’t you want to see proof before zipping off a whole BTC ? You gotta call the bluff, y’know ?xiv Especially since I was already envisioning my 15 minutes of sexy fame. Alas, expecting a bit more of a back-and-forth, my response was followed by nothing but radio silence. Lame!
In the end, now 48 hours later, and entirely unsurprisingly in hindsight, it turned out that I was far from the only one receiving these e-blasts. But I have to say that I was more than a little disappointed with the level of customer service displayed by these scammers.
I guess that’s how you can tell the pros from the amateurs these days : communication.
___ ___ ___
- This is just so perfectly generic, isn’t it ? After grabbing your attention with ACCURATE, if old, usernames and password combinations, the scammer gets right to the point. We all have secrets, don’t we ? But of course, this is why you don’t reuse passwords online, they’ll almost inevitably be leaked at some point. [↩]
- Ah yes, that power of suggestion again. Another ancient scammer trick. Why actually hack your victim when you can just make them think they’re hacked ? [↩]
- Once the initial excitement died down, this was one of the fairly obvious clues of a scam. If/when I watch porn, the machine I typically use doesn’t even have a webcam, and nor do I enter passwords into my online machines, so what would a keylogger even pick up ? These are obviously highly unusual behaviours, which is why the scam undoubtedly worked on many who don’t take digital security quite as seriously. [↩]
- I also don’t have any “social networks,” at least not as commonly construed. [↩]
- Oh you did, did you ? [↩]
- This seems to be an above-average ask by a factor of 2-10x. Hey, who told this guy I can afford nice things ? [↩]
- Oh the shame card! Not a bad one, really. It hits at our most primitive neural centres, but unfortunately for this particular scammer, I can’t help but think that many of my personal contacts would be all too impressed by Pete’s split-screen show. I mean, they already think the girl’s lucky, but if they knew just how lucky… Plus, there’s not such thing as bad publicity. Ask Kim and Paris, y’know ? [↩]
- This requires just a weeee bit too much trust, honestly, which is why it generally doesn’t do to pay the ransomware. [↩]
- IP address 126.96.36.199 traces back to a Microsoft Azure corporate email server located in Vienna, Austria. Admittedly, that’s all I got. [↩]
- In all the ransonware scams that I’ve helped broker for friends in the IT industry whose clients can’t help but click the .jar attachments, the Bitcoin addresses have been previously used. This one wasn’t. [↩]
- Waitaminute! So this guy spent “much more hours than I probably should’ve exploring into your life” and he didn’t know that I’m into Bitcoin ? He honestly thinks that I need a tutorial on buying coins ??! This is really where it all fell apart for me, as it’s all too easy to see. [↩]
- LOL I would love to know what kind of meth you’d have to smoke to think that there is a “special pixel” on your screen leaking information to keyloggers. [↩]
- Others apparently got 48 hours, why was I being rushed ? [↩]
- Other (very dizaponting) bluff calls have to include the slanderous claim that I’m a silver spooner who did something other than invest his modest bar mitzvah gelt at an average rate of return of 40% p.a. for the past two decades. Is this lucky ? Sure. Did I still benefit from parental support in the meanwhile ? Of course. But that’s a very different claim from the one that I somehow squandered inherited wealth that I never really had – at least not in the material sense. Dunno why this shit’s so complicated. It’s all over these fucking pages. But boogeymen are fun, and none moreso than priviledged pricks who’ve had the world “given” to them on a platter and have barely managed to not fuck it up, like DJ Trump appears to the “ourdemocracists.” Too bad that’s not the always the case. Some of us really do have skillz. At least in some domains… [↩]