The Extortion Phishing Email Scam Is Back…. Here’s How You Can Avoid Being A Victim

Over the last few days, I have been getting one of those extortion phishing emails that I have written about in the past. In short it claims to know one of my passwords, and it claims to have embarrassing videos of me that were gained via a hack of my computer that will get sent to friends and family if I don’t pay the scammers in Bitcoin. In other words, it’s the usual scam that has been around for a while now. Here”s the email with some info changed to protect my privacy:

 

Subject: <My Name> <One of my Passwords>

Yοur ρasswοrd ιs <One of my Passwords>. Ι knοw a lοτ mοre thngs abοut yοu τhaη thατ.

How?

I ρlαced a malwαre oη τhe pοrη websiτe αηd guess what, yοu νisιted thιs web siτe το hανe fuη (you kηοw whaτ I meaη). While yοu were waτchιηg τhe νιdeο, your web browser αcted αs αη RDP (Remοte Deskτορ) αnd α keylogger, whιch ρroided me access tο yοur displαy screen αηd webcam. Rιght αfter τhατ, my sοfτware gathered αll yοur conτacτs from yοur Messenger, Faceboοk αccοunt, αηd email αccοuητ.

Whaτ exacτly did Ι dο?

I mαde a spliτ-screeη νιdeο. The fιrst ρart recοrded τhe νιdeo you were vιewiηg (yοu’e got αn exceρτional ταsτe haha), αnd τhe next parτ recorded yοur webcαm (Yeρ! t’s yοu \ dοiηg nαsτy τhings!).

What should you dο?

Well, Ι belιeνe, $2000 is α faιr prιce for our lιτtle secreτ. Yοu’ll maκe τhe paymeηt νιa βιτcoin τo the belοw αddress (if yοu dοη’τ know this, search “hοw το buy Βιtcοin” in Goοgle).

Βιtcoin Address:

REDACTED Bitcoin Address
(It is cAsE seηsiτινe, sο cοpy αηd ρaste ιt)

Ιmpοrτaητ:

You haνe 24 hours to mαke τhe paymenτ. (Ι hαve α uηique pιxel wιthiη thιs emαil message, aηd rιght now I know τhat yοu have read this emαιl). Ιf I don’t get τhe ρaymeηt, Ι wιll seηd your νιdeο το all of your cοnτacts, includiηg relaτιves, cowοrκers, aηd so forτh. Noηetheless, ιf I do get pαid, I wιll erase τhe video immediaτely. If you wαnt eνιdeηce, reρly wιτh “Yes!” αnd Ι will send your νιdeο recordιηg τo yοur fινe frieηds. This is α nοη-negotιable offer, so don’t wasτe my τιme and yοurs by reρlyiηg to this emαil.

<Alleged Name Of Hacker>

 

Now the email shows up in your inbox under multiple names with multiple email addresses and different bitcoin wallet addresses. And they may show up in your inbox four or five time a day. But the content is always the same. Including the weird letters in the text that you might have noticed. Now the password that they reference is likely to be one of your passwords. And they likely got it from a data breach that comprised email names, email addresses and passwords. You can find out which data breach by going to haveibeenpwned.com and typing in your email address. It will likely come back with the fact that you’ve been part of a data breach that includes your email address and password. But that’s all they know about you. The hope of the losers behind this scam is that this will be enough to get you to pay up.

The problem for the scammers is that this version of the extortion phishing scam will likely be ineffective.  I say that because they will literally spam you to the point that these emails will go straight to your junk filter after a while. By that I mean you may get five or six of these a day. With that sort of volume a corporate or ISP email filter will eventually catch on and filter these out. Or your email application may do the same thing, assuming that you don’t mark the first one that you get as junk, which means that every one of these emails after that one will just get tossed into your junk or spam email folder. The net result is that you’ll never see these emails. Thus making their scam ineffective. But if  you do see one or more of these emails pop up in your inbox, do yourself a favor and delete them. Something that I wish that I could do to the losers behind this scam and in the process make the world a better place.

Having said all of that, if you’re concerned about an email like this, and if you’re the least bit concerned about whether your system is compromised, consult a computer professional and have them check things over. Another thing I am strongly suggesting to my clients is that they change the passwords to things like email, online banking and the like as a preventative measure. That way if they get an email like this, they will know it is fake immediately.

Only about 1% of people who get an email like this pay up Thus these losers want you to be the 1% of people who fall for something like this because they make lots of money off that 1%. Don’t fall for this. Never respond to an email like this. Never pay up. Just ignore them and make sure that whatever password that they have isn’t in use by any of your online accounts. They are losers and don’t deserve your attention or more importantly your money.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: