« Another Day, Another Apple ID Phish | Main | The Extortion Trick Must Be Working »

July 12, 2018

I reported back in April 2018 that an extortion scam was running around the email highways. Another one arrived today that might freak the bejeezus out of recipients because the message sender claims to have one of your passwords. Here's the message (with one word removed):

I know, [redacted], is your password. You do not know me and you are most likely thinking why you're getting this e mail, right?

actually, I actually setup a malware on the adult videos (porn material) website and you know what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your browser began operating as a RDP (Remote control Desktop) having a key logger which provided me access to your display screen as well as cam. after that, my software collected all of your contacts from your Messenger, social networks, as well as email.

What exactly did I do?

I created a double-screen video. 1st part displays the video you were watching (you have a nice taste lmao), and next part shows the recording of your web cam.

What should you do?

Well, I believe, $2900 is a fair price tag for our little secret. You will make the payment by Bitcoin (if you don't know this, search "how to buy bitcoin" in Google).

BTC Address: 171GatjRZ9SpnrgKnTJuYsuDcA1gQwjVbJ
(It is cAsE sensitive, so copy and paste it)

Important:
You now have one day in order to make the payment. (I've a unique pixel in this message, and right now I know that you have read through this email message). If I do not get the BitCoins, I will, no doubt send out your video to all of your contacts including family members, co-workers, and many others. Nonetheless, if I do get paid, I'll erase the video immidiately. If you really want proof, reply with "Yes!" and I definitely will send your video recording to your 12 contacts. This is the non-negotiable offer, and so please do not waste my time and yours by replying to this email message.

Other than the password business, the thrust of the message is the same as before: the "crook" claims to have installed malware on the recipient's computer that tracks browsing activity at a porn site and records the user's activity from the computer's built-in camera. It's easy for me to know this is a scam because I don't visit porn sites and my computer is protected by anti-virus software (I know, it's not always perfect, but it's better than nothing).

So what about the password thing?

It is well known that thousands of web servers have been hacked over the years, many of them yielding login credentials to the hackers. You can find dozens of databases/lists of username/password/email address combinations scattered around the web. It's a major reason you should not re-use the same credentials on multiple sites to prevent break-ins to multiple accounts you have created. Note that even a complex password created by password management software won't help in this case, because the hacker has grabbed that complex password from the hacked site. Using a different password for each site minimizes the potential for disaster. (Hackers will try stolen credentials on thousands of web sites to find access.)

It turns out that the username/password combo "revealed" in this crook's message was an old one that I used on a few non-critical sites (i.e., sites that did not contain any valuable personal information) in the early days. I have since updated all my passwords for critical sites to randomized strings that even I can't remember. I'll be in trouble if I should be captured like James Bond and strapped to a table where a laser slowly approaches my genitals to extract the secret passwords.

Just be aware: one or more of your login credentials are out in the public web for crooks to see. That's how they can try to get into your head with scam messages, such as this one.

One more note about this message. In the final paragraph, the crook claims to have included a "unique pixel" in the message that lets him know you've read the message. Unfortunately for him, the message was sent only in plain text (not HTML) form, so there was no remote image request made. And even it there were, I have my email client set to not automatically load remote content for all messages. These so-called beacon images are still used in HTML-formatted messages to confirm your email address as being actively viewed.

Protect yourself as best you can so you won't blow a gasket when you receive a scam email like this one.