Recently I was contacted by a couple who was hit with a torrent of emails that claimed that they had been watching porn and “pleasuring” themselves, and that a threat actor had installed remote access software and stolen their data. Right off the top, I was pretty sure that this was an extortion phishing scam. I’ve written about this many, many. times in the past. But I did agree to investigate it.
Let’s start with the email that they received. Which between the two of them they got 116 times over a five hour period:
Hello there!
Unfortunately, there are some bad news for you.
Some time ago your computer was infected with my private trojan, R.A.T (Remote Administration Tool), if you want to find out more about it simply use Google.
My trojan allows me to access all controllers of your computer, such as video camera, microphone and keyboard.
I have managed to download all your personal data, as well as web browsing history and photos to my servers.
That’s why I know your password: [PASSWORD REDACTED]
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I HAVE RECORDED SEVERAL KINKY SCENES OF YOU, WHERE YOU REACH ORGASM WHILE PASSIONATELY MASTURBATING!
If you still doubt my serious intentions, it only takes couple mouse clicks to share the video of you with your friends, relatives, all email contacts and on social networks.
All you need is $1500 USD in bitcoin (BTC) transfer to my account (bitcoin equivalent based on exchange rate during your transfer).
After the transaction is successful, I will proceed to delete everything without delay.
Afterwards, we can pretend that we have never met before.
In addition, I assure you that all the harmful software will be deleted from your computer.
Be sure, I keep my promises.
If you are unaware how to buy and send bitcoin (BTC) – Google: Where to buy bitcoin (BTC), to send and receive bitcoin (BTC), you can register your wallet for example here: www.blockchain.com
Or download: Exodus Wallet, from: www.exodus.com – with the software you can buy and send bitcoin (BTC).
My bitcoin (BTC) address is: [BTC Address Redacted]
Copy and paste my address, it’s (cAsE-sEnSEtiVE).
You are given not more than 48 hours after you have opened this email (2 days to be precise).
Everything will be carried out based on fairness!
Before I forget…moving forward try not to get involved in this kind of situations anymore!
An advice from me – regularly change all the passwords to your accounts and update your computer and browser.
So let’s unpack this scam. Which by the way isn’t new as this specific variant of this scam has been around for a while.
- The so called hacker has the password of the user. That’s to add some perceived legitimacy to the email. But chances are they don’t know anything more than that. Thus the first thing that you should do if you get one of these emails is to change the password to any email or online service that is associated with that email. And if you’re wondering how they got your email and password, it was likely part of a data breach. You can find out which one by going to haveibeenpwned.com and typing in your email address. It will likely come back with the fact that you’ve been part of a data breach that includes your email address and password.
- This email is leveraging the fact that watching porn and “pleasuring” yourself is seen as something negative. And having something like this would be embarrassing would it to be made public via a recording. This email also says is that the so called hacker installed RAT software on your computer. RAT stands for Remote Access Trojan. It’s a piece of software that can download your data, log your keystrokes and control your webcam and microphone. Now this software does exist. But if you have up to date and functional anti-virus software, it should be able to deal with it. And if you want a bit of extra security, cover up your webcam with a piece of tape.
- Thus there’s no way for the scammer to tie you to the money that they could get from you as Bitcoin is anonymous by design. Which means that they have no way to delete the data that they allegedly collected if you pay them. Which by extension means that they’re lying about having data on you.
- The English used in this email is poor. A hallmark of scam emails.
- I checked the Bitcoin address that was referenced in this email. It looks like four people have fallen for this scam based on the wallet having $6000 or so in it.
In this case, I did examine both computers in question and found no remote access trojans or anything else. I also ran their email addresses on haveibeenpwned.com and found that they had been part of several data breaches. Including a few that included that included the password that was referenced in the email. Thus I advised that they change their passwords to not only ensure their long term security, but to also ensure that if they get an email like this in the future that they will know it is fake immediately.
Oh yeah, the fact that this email was sent to them over 100 times is just stupid. Either the person behind this is new at this scam, or they are desperate. If you want to make sure that your scam email is ignored, this is a great way to make sure that it is ignored.
The fact is that this email is aimed at getting maybe a handful of people to fall for it. Because a scam doesn’t have to be successful in quantity to be successful. Don’t be that person. If you see an email like this in your inbox, delete it and move on with your life.
The Extortion Phishing Email #Scam Is Back… Let Me Tell You About It
Posted in Commentary with tags Scam on September 5, 2022 by itnerdRecently I was contacted by a couple who was hit with a torrent of emails that claimed that they had been watching porn and “pleasuring” themselves, and that a threat actor had installed remote access software and stolen their data. Right off the top, I was pretty sure that this was an extortion phishing scam. I’ve written about this many, many. times in the past. But I did agree to investigate it.
Let’s start with the email that they received. Which between the two of them they got 116 times over a five hour period:
Hello there!
Unfortunately, there are some bad news for you.
Some time ago your computer was infected with my private trojan, R.A.T (Remote Administration Tool), if you want to find out more about it simply use Google.
My trojan allows me to access all controllers of your computer, such as video camera, microphone and keyboard.
I have managed to download all your personal data, as well as web browsing history and photos to my servers.
That’s why I know your password: [PASSWORD REDACTED]
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I HAVE RECORDED SEVERAL KINKY SCENES OF YOU, WHERE YOU REACH ORGASM WHILE PASSIONATELY MASTURBATING!
If you still doubt my serious intentions, it only takes couple mouse clicks to share the video of you with your friends, relatives, all email contacts and on social networks.
All you need is $1500 USD in bitcoin (BTC) transfer to my account (bitcoin equivalent based on exchange rate during your transfer).
After the transaction is successful, I will proceed to delete everything without delay.
Afterwards, we can pretend that we have never met before.
In addition, I assure you that all the harmful software will be deleted from your computer.
Be sure, I keep my promises.
If you are unaware how to buy and send bitcoin (BTC) – Google: Where to buy bitcoin (BTC), to send and receive bitcoin (BTC), you can register your wallet for example here: www.blockchain.com
Or download: Exodus Wallet, from: www.exodus.com – with the software you can buy and send bitcoin (BTC).
My bitcoin (BTC) address is: [BTC Address Redacted]
Copy and paste my address, it’s (cAsE-sEnSEtiVE).
You are given not more than 48 hours after you have opened this email (2 days to be precise).
Everything will be carried out based on fairness!
Before I forget…moving forward try not to get involved in this kind of situations anymore!
An advice from me – regularly change all the passwords to your accounts and update your computer and browser.
So let’s unpack this scam. Which by the way isn’t new as this specific variant of this scam has been around for a while.
In this case, I did examine both computers in question and found no remote access trojans or anything else. I also ran their email addresses on haveibeenpwned.com and found that they had been part of several data breaches. Including a few that included that included the password that was referenced in the email. Thus I advised that they change their passwords to not only ensure their long term security, but to also ensure that if they get an email like this in the future that they will know it is fake immediately.
Oh yeah, the fact that this email was sent to them over 100 times is just stupid. Either the person behind this is new at this scam, or they are desperate. If you want to make sure that your scam email is ignored, this is a great way to make sure that it is ignored.
The fact is that this email is aimed at getting maybe a handful of people to fall for it. Because a scam doesn’t have to be successful in quantity to be successful. Don’t be that person. If you see an email like this in your inbox, delete it and move on with your life.
2 Comments »