December 11, 2018

Good day, welcome to another bulletin from Breaking Scams…

Scam, just in…

This week I have had a flurry of emails that remind me of how bad phishing and scams can get. This latest scam is known as “sextortion” as it attempts to con you out of money by holding you to ransom. Here are some of the details of the emails that landed on my desk this week.

 

The Scam Theme

I received several emails around the same theme:

  1. The scammer warned me I had visited an adult website that was infected with malware;
  2. This malware switched on my PC camera and took photos of me in a compromising position;
  3. On top of this, an indecent act I supposedly committed, was captured on camera; and,
  4. My personal data, including contacts list, was also stolen

 

The Scam Demand

Each scam email I received, demanded payment, in bitcoin, of between $560 to $1100. The email provided a bitcoin wallet address to transfer the bitcoin to. Payment had to be received within a specified number of hours (one email expecting payment within 30 hours of receipt)

I checked out two of the bitcoin wallet addresses provided and noted that one of the wallets had four recent transactions of received bitcoins, whilst another had no transactions.

 

The Scam Threat

The threat was a simple one – pay up, or the scammer will contact your friends and family and “send dirt to аll yоur cоntaсts”.

The scammer also attempts to scare you out of informing the police.

 

The Reality of the Sextortion Scam

These sorts of scams, although laughable, can actually cause some people great anxiety. Our private lives are that, private. However, even if you have been to age-restricted websites the chances of this being a real ransom threat are minimal. Let’s look at the threat in more detail with some questions you might be asking:

 

But they have my email address?

Massive data breaches in recent years have meant that many email addresses are up for sale on the dark web. Your email address will likely be one of many millions being used for sextortion scams. The scammers use a scattergun approach, knowing that even if only 1 person in 100,000 transfers the ransom, they will at least make several thousand dollars.

You can find out if your email address has been exposed during a number of the big data breaches by using the HaveIBeenPwned website run by security guru, Troy Hunt.

 

Should I email the scammer back?

You may be tempted to get angry at the scammer and email them back. Don’t waste your time. This type of action may even lead to the scammer targeting you and running surveillance on you and your organisation for a later phishing attack using a different scam.

 

Should I pay the ransom?

There is a very minimal chance this is a real ransom attempt. If you pay, this will only act as an opener to continue to ransom you further.

 

Sextortion scam email example 1

Hi, my prey.

This is my last warning.

I write you since I embed a malware on the web site with porno which you have viewed.

My trоjan capturеd аll yоur private datа аnd switched оn yоur cаmеra whiсh reсоrdеd the act of yоur sоlitary sеx. Just аfter thаt thе trojаn sаved your contаct list.

I will еrasе thе comprоmising videо rесоrds аnd infоrmаtiоn if yоu send me 1100 EURO in bitcoin.

This is addrеss for рayment : 1PTGiBdKsZdHxBm4961tTToqiA7B8fy3ZN

I givе you 30 hоurs aftеr you оpеn my mеssage fоr mаking thе рaymеnt.

Аs sооn аs yоu reаd the message I’ll sее it right awаy.

It is not nесessаry tо tеll mе that you hаve sent mоnеy tо me. This address is соnnected tо you, my system will erasеd autоmaticаlly аfter transfеr cоnfirmаtion.

If you nееd 48h just Oреn thе сalсulatоr on your dеsktop аnd prеss +++

If yоu don’t pay, I’ll send dirt to аll yоur cоntaсts.

Lеt mе rеmind yоu-I sее whаt you’rе doing!

Yоu cаn visit thе pоlicе officе but аnybody сan’t helр yоu.

If you try to dесеive mе , I’ll know it immediаtely!

I dоn’t livе in yоur cоuntry. So аnyоnе can nоt track my lоcation еven for 9 months.

bye. Don’t fоrgеt аbоut thе shame аnd to ignоre, Your life can be ruined.

Sextortion scam email example 2

Good day.

You went on the site with porn which was managed by my virus.

Once you taped on a play button my system took root in your OS and turned on your web camera through java script file to record your self-abuse.

After that my system collected logs of your social networks with your browser history to copy the contaclist of your friends.

For my silence send 560 dollars in bitcoin.

Use this bitcoin address 167v8Q5U1SPxjJQAAnp3R72L4puFFCpoZh

You have 28 h after reading my letter to complete the transaction.

The police will not help you. unreal to track my location.

 

Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:

 Sextortion Scam Notice

There has been a recent spate of emails attempting to ransom individuals for, apparently, using adult websites. The emails are poorly composed and will not use your name or other personal details (although there have been occasions where they could even address persons by name). The ransom payment is usually demanded in bitcoin, and a bitcoin wallet address is provided for the payment.

If you receive an email of this nature, ignore it.

DO NOT:

  • Pay the ransom
  • Reply to the email

If you receive a sextortion email and are concerned, you can report it to Action Fraud, The National Fraud and Cyber Crime Reporting Centre.

 

Don’t forget to share this with your colleagues and friends and help them stay safe.

 


Let’s keeping breaking scams!

Share this: