Jump to content
David H. Lipman

FYI: Email Blackmail Scam still current

Recommended Posts

This post is meant to be a FYI  on an email scam that can have text similar to that referenced below.

If you receive email similar to the following then please,  just delete it.  It's a scam.

If  a password that you have used is included in the email it does not mean your PC or email has become compromised.  It was most likely to have been found in a database whose contents were harvested from a Data Breach that was then sold and subsequently used in this scam.  They include the password to bolster that scam and make it more "credible".   If that is the situation, it is suggested that you change your email password to a new Strong Password just to make sure.

Additionally, you can enter your email address(es) in the following site and it will check to see if that email address is associated with a known breach.

https://haveibeenpwned.com/

 

Hi!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your account.

I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this,
transfer the amount of $780 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: ###########################################

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!

Please reference:
-----------------
US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims
US FTC Consumer Information - How to avoid a Bitcoin blackmail scam
MyOnlinesecurity - attempted-blackmail-scam-watching-porn
BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites
Malwarebytes' Blog - Sextortion emails: They’re probably not watching you
Malwarebytes Forum sample thread - Got strange threating email.

 

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar

Share this post


Link to post
Share on other sites
Posted (edited)

Here's another variant with a new twist.  Instead of the text of the email being in the body of the email, it is it a JPEG and embedded within the email body.

This is done to thwart Bayesian and other forms of email filters which block based upon content. 

155221823956.jpg.04bf33e9ac3013930b074b8aa187a610.jpg

Edited by David H. Lipman

Share this post


Link to post
Share on other sites
Guest BKShort

I received a similar email this morning.  What were the results of your case?  Did you pay, or ignore it?  Any consequences?

Share this post


Link to post
Share on other sites

Mind posting the email you received, with the full headers please?

Share this post


Link to post
Share on other sites

I received a similar email once, which is actually what prompted me to start taking cybersecurity more seriously. However, it was appended with some spiel about saying that the email had been edited in transit and translated by somebody else, and that it was safe, even recommended, to report to the authorities, and that if I did so then no harm would be done. I didn't respond to the email at all, though, and I do not recommend responding either. It's not only a bitcoin ransom scam, but also a phishing/data harvesting attempt to trick people into sending sensitive information in an encryptionless reply.

Share this post


Link to post
Share on other sites
3 hours ago, MysteryFCM said:

Mind posting the email you received, with the full headers please?

I have at this time 55 of these emails saved in a folder. Want them forwarded to you? I have ones dated Monday all the way back to 11-2018

Share this post


Link to post
Share on other sites
Posted (edited)

Amaroq_Starwind:

It is a not Phishing nor a data harvesting venture.  Its a multi-point generated, mass email broadcast venture exploiting people's worries, fears and anxieties about their Internet activity.  Hoping that a few scant recipients who are not well informed and don't follow current events will take the bait and pay the suggested price using crypto currencies.  Its nothing more that a cheap man's get rich scheme.

Edited by David H. Lipman

Share this post


Link to post
Share on other sites
Posted (edited)

 

Another example sent in graphic file form...

 

Picture9.thumb.png.ae689f1f8147c878f0742be766a70b43.png

Edited by David H. Lipman

Share this post


Link to post
Share on other sites
Quote

Hi, dear user of verizon.net

We have installed one RAT software into you device
For this moment your email account is hacked too.
I know your password for this account [name@verizon.net]: {redacted_password}

Changed your password? You're doing great!

But my software recognizes every such action. I'm updating passwords!
I'm always one step ahead....

So... I have downloaded all confidential information from your system and I got some more evidence.
The most interesting moment that I have discovered are videos records where you masturbating.

I posted EternalBlue Exploit modification on porn site, and then you installed my malicious code (trojan) on your operation system.
When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device.
After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose.

For the moment, the software has harvrested all your contact information from social networks and email addresses.
If you need to erase all of your collected data, send me $600 in BTC (crypto currency).
This is my Bitcoin wallet: 11NT1KhH##########FrT5fRkdZFmne

You have 48 hours after reading this letter.

 

After your transaction I will erase all your data.
Otherwise, I will send video with your pranks to all your colleagues and friends!!!

P.S. I'm asking you - not to answer this letter because the sender's address is fake, just to keep me incognito.

 

And henceforth be more careful!
Please visit only secure sites!

Bye,Bye...

 

Share this post


Link to post
Share on other sites

Another sample


i know ######## one of yŏųr pass words. Lets get straight to pųrposě. Nŏ persŏn hås paid mě to investigate you. Yoų dŏ not know me and yoų åre probably thinking why you're getting thіs e mail? 

 i plåced a software on thě 18+ vіds (porno) website and there's morě, you vіsited this sіte tŏ expěriěnce fųn (yŏu know what i mean). While you were watching vіdeos, your wěb browsěr begån opěratіng as å Remote cŏntrol Děsktŏp wіth a keylogger which providedme access to yoųr dіsplay screen and wěb camera. åfter that, my software gåthěred all yoųr contåcts from your Messěnger, Faceboŏk, as wěll as e-mail . and then і creatěd a double-screen viděo. 1st part shows the videŏ you were wåtchіng (you've got a nice taste: )), and second part displays the viěw of your cam, yeå its u. 

 Yŏu have two options. Why dŏnt we take a look at these sŏlutions in dětåils: 

 First choice іs tŏ disregard thіs e-mail. in this situatiŏn, i will send yŏur viděo recording to ěach of your your persŏnal contåcts and thus yŏu can easily imagine regarding the shåme that yŏu receіve. Not to mention if you åre in a rŏmantic rělationship,precisely hŏw іt will ěventually åffect? 

 Nųmber 2 solųtion will be to give me $1996. Let us namě it as a donatіon. іn this scenårio, i will asap discard your video fŏotage. Yŏu can go fŏrward yŏur dåіly rŏųtine like this never occurred and you never will hear back ågåin from me. 

 Yoų'll måke thě payměnt through Bitcoіn (if yŏu do not know thіs, seårch 'hŏw to buy bitcoіn' in Google). 

 BTC åddress to send to: 

 ################################### 
 [CaSe-SeNSіTіVe, cŏpy & paste іt] 

 Should you are lookіng at going to the police, well, this email cannŏt bě traced back to me. і havě taken carě ŏf my åctiŏns. і am not tryіng to chårge a fěě a lot, i woųld likě to be påіd fŏr. і've a special pixel in this email, and at this moměnt i know thåtyoų have reåd through this ě-mail. Yoų havě ŏne day in ŏrder tŏ pay. іf і do not rěceive the BitCoіns, i wіll definitěly send yŏur videŏ tŏ all of yŏur contacts including frіends and famіly, co-wŏrkěrs, and so ŏn. Nŏněthelěss, if i do gět paіd, i wіll destroythe vіdeŏ right awåy. Thіs іs the non:negŏtiåble offer, so dŏn't wåste my timě and yours by replyіng to thіs messåge. if you want tŏ have proŏf, reply with Yea! & і wіll send out your vіdeo recording tŏ your 8 contacts. 
         




 

Share this post


Link to post
Share on other sites
Posted (edited)

New email, still current

Hello!

I am a hacker who has access to your operating system.
I also have full access to your account.

I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this,
transfer the amount of $528 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: 1ELKdWgfed################pKSqcCjM

After receiving the payment, I will delete the video and you will never hear me again.
I give you 50 hours (more than 2 days) to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!

 

Edited by David H. Lipman

Share this post


Link to post
Share on other sites

Mine was analogical, but included links where I can "easily buy bitcoin" for my convenience. How thoughtful :)

 

Quote

 

Hello, I know your password: *

Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

I can send this video to all your contacts (email, social network), on the whole web, I can publish absolutly everything I found on your computer!

Only you can prevent me from doing this and you know that's no joke - you got the proof above!

Transfer exactly 900$ with the current bitcoin (BTC) price to my bitcoin address.

It's a very good offer, compared to all that horrible ***** that will happen if I publish everything!

You can easily buy bitcoin here: www.pax***.com , www.coin****.com , www.coin****.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my address, or create your own wallet first here: www.login.block*****.com/en/#/signup/ , then receive and send to mine.

My bitcoin address is: 12EM*******

Copy and paste my address, it's (cAsE-sEnSEtiVE)

I give you 3 days time pay.

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.

Next time update your browser before browsing the web.

 


Probably multiple groups of people copying this type of fraud and making just minor alterations to the original?

Share this post


Link to post
Share on other sites

Yes.  Many frauds are created, placed in a template and are subsequently sold or bartered.

 

Share this post


Link to post
Share on other sites

Is there a point in reporting these or would it be a complete waste of time?

Share this post


Link to post
Share on other sites

The email headers are forged and thus... pointless.

Share this post


Link to post
Share on other sites

They just keep coming...

 

Hi, how you doing ? 

We see nothing mischievous in pleasing yourself from once in a while. Certain things must be kept private, and if your relatives and
friends are confronted by it, this will be something to worry about. Something anyone would be badly put out by. 

This will strongly influence your personal life and wellbeing. For a certain period of time, we have been tracking your PC activity via 
a trojan virus that you had caught and that had infected your PC. You had been infected after clicking on an poster on one of our 
virus-infected pornographic websites. 

A trojan virus provides us with access to your PC and any device that is connected to it, whether via wifi or bluetooth. We have been
monitoring your screen and everything you have been doing - through a live feed - and you had no idea of us doing this. We also have access 
to your camera and microphone which we can switch on and off whenever we want. Any information that has been interesting or relevant to us
has been stored privately. For instance: contacts, social media, emails, etc. We have recorded a video where you can be seen pleasing
yourself, and we have added the video you was watching as an split screen footage. 

With one press of a button I can forward this video to all your contacts, social media, etc. If you want to prevent this from happening
transfer the amount of $750 to the following bitcoin address. Bitcoin wallet: 

1E4WMuN9jZ##############yL3LmoMek4HNEenh7hB 

Buying bitcoin is very easy and straightforward (usually verification is needed) through the following websites: 
www.coinbase.com 
www.localbitcoin.com 
www.coinmama.com 
www.bitit.io 
ww.bitpanda.com 
www.bittylicious.com 

The next moment after receiving money, I will erase all your data. We are very generous, so you have 5 days to process the payment. Failing 
to do so will leave you with the consequences that you have been made aware of. We don’t make mistakes. By the way, nothing can be more
stupid that reporting this, as it is absolutely unattainable to track this email, as these messages were processed through the external
server located in another country. These accounts have been hacked. If you make the stupid choice to do report this or contact anybody
about this message we will directly release your footage and forward it. Any other things we obtained that can possibly harm you will be
used against you too. We will get notified as soon as this email has been opened, from that moment the clock starts running. 

You have 5 days exactly, not a minute longer. 

Best Regards

 

Edited by David H. Lipman
Modified the code. White background was very difficult to read

Share this post


Link to post
Share on other sites

This is the email I received this morning - please tell me it is a scam :( From: I Know <IKnow91@4364.com> 
Sent: Wednesday, September 11, 2019 3:17 AM
To:

 

Subject: You got recorded - [password]

Hey, I know your password is: [password]

Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

I can send the video to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are, I can publish all I found on your computer everywhere!

Only you can prevent me from doing this and only I can help you out in this situation.

Transfer exactly 1000$ with the cryptocurrency Monero (XMR) to my Monero (XMR) address.

You can easily buy Monero (XMR) here: www.anycoindirect.eu/en/buy-monero , www.bitnovo.com/buy-monero-online-en , www.localmonero.co , or Google for other exchanger.
You can send the Monero (XMR) directly to my address, or download and create your own wallet first from here: www.mymonero.com , or simply create your online wallet here: www.cryptonator.com , www.freewallet.org , then receive and send to mine.

It's a very good offer, compared to all that horrible ***** that will happen if I publish everything!

My Monero (XMR) address is: 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQmhvbmBTJbpSXqZx82

Copy and paste my address, it's (cAsE-sEnSEtiVE), yes that's how the address looks like and you don't need to include payment-id or memo.

I give you 2 days to transfer the Monero (XMR).

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure you read it, my mailer script has been configured like that and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.

Next time update your browser before browsing the web!

 

 

Mail-Client-ID: 8247162308

 

Edited by AdvancedSetup
Removed active email links

Share this post


Link to post
Share on other sites
4 hours ago, angelajtu said:

This is the email I received this morning - please tell me it is a scam :( From: I Know <IKnow91@4364.com> 
Sent: Wednesday, September 11, 2019 3:17 AM
To:

 


Subject: You got recorded - [password]

Hey, I know your password is: [password]

Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

I can send the video to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are, I can publish all I found on your computer everywhere!

Only you can prevent me from doing this and only I can help you out in this situation.

Transfer exactly 1000$ with the cryptocurrency Monero (XMR) to my Monero (XMR) address.

You can easily buy Monero (XMR) here: www.anycoindirect.eu/en/buy-monero , www.bitnovo.com/buy-monero-online-en , www.localmonero.co , or Google for other exchanger.
You can send the Monero (XMR) directly to my address, or download and create your own wallet first from here: www.mymonero.com , or simply create your online wallet here: www.cryptonator.com , www.freewallet.org , then receive and send to mine.

It's a very good offer, compared to all that horrible ***** that will happen if I publish everything!

My Monero (XMR) address is: 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQmhvbmBTJbpSXqZx82

Copy and paste my address, it's (cAsE-sEnSEtiVE), yes that's how the address looks like and you don't need to include payment-id or memo.

I give you 2 days to transfer the Monero (XMR).

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure you read it, my mailer script has been configured like that and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.

Next time update your browser before browsing the web!

 

 

Mail-Client-ID: 8247162308

 

Yes, it's a scam, ignore it, commonly called 'sextortion'.  They feed on scaring you. I've gotten a few myself.

Share this post


Link to post
Share on other sites

Did you enter your email address(es) in the following site to check to see if that email address was associated with a known breach? 
That is most likely how they obtained your password and then used it in the cited email.

https://haveibeenpwned.com/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.