I haven’t done one of these in a while because to be frank, there isn’t anything new on the extortion phishing email front. But I had a reader reach out to me to bring one to my attention that is new and different.
Here’s the email that you will get. It is titled “READ OR GO TO JAIL”:
Hi, I keep the whole story short.
Your device got infected with my private trojan, it gave me access to all your files, accounts and contacts.
Check the sender of this email, I sent it from your email account.
I stole all your data and then I removed my trojan again, to not leave any traces.
I KNOW EXACTLY ABOUT YOUR ILLEGAL ACTIVITIES!
It won’t take a long time to send your data with the proof of your activities to the police.
If you want to avoid jail time, send 1400$ in Bitcoin (BTC) to my address.
You can easily buy Bitcoin (BTC), just Google: “Where to buy Bitcoin (BTC)?”.
My address is: [REDACTED]
Yes, that’s how the address looks like, just copy and paste it, the address is (CaSe-SenSitiVE).
You are given not more than 4 days after you have opened this email.
Once I get the payment, I will remove everything, be sure, I keep my promises.
Next time keep your device updated with the newest security patches.
So let’s start with the fact that it was sent from the recipients email address. This is what is known as “email spoofing”. If you want to go into weeds about how this works, click here. But scammers will use this technique to convince you that you’ve been hacked, when in fact you have not been hacked. There are ways to stop this, but it requires you to have control of your own email server to implement a number of suggestions that are listed in the article that I linked to. But even that may not solve the problem. If you want to take additional steps to protect yourself from email spoofing, talk to your hosting company to see what they can do for you.
The next thing about the email is that he infected you with a trojan and then removed it to cover his tracks after stealing your data. This is meant to prey on all the stories about companies getting hacked and data being held for ransom. While that does happen, it isn’t happening in this case as any real threat actor would have not only provided you proof that you had been hacked, but they would not have contacted you in this manner. And if you are concerned about being infected with something or getting infected with something, use a trusted antivirus application or two to make sure you are clear. Or get a trusted IT professional to look at your computer.
Now about the part about going to jail. That’s to give you an incentive to pay the $1400 in Bitcoin that this scammer wants because nobody wants to have the cops knocking on their door. I’ll also point out that there is no way for this guy to know that you paid him because Bitcoin is anonymous. So that’s another hint that he’s lying. And checking the wallet that he had in the email, there was nothing in it. Which means that either he just started this scam, or he’s having no success if it has been around for a while.
Hopefully this allows you to recognize scams when they hit your inbox so that the only person who has a happy holiday is you.
Like this:
Like Loading...
Related
This entry was posted on December 12, 2022 at 1:38 pm and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
A New Email #Scam Is Making The Rounds Claiming That You Broke The Law…. Let’s Dive In And Have A Look At It
I haven’t done one of these in a while because to be frank, there isn’t anything new on the extortion phishing email front. But I had a reader reach out to me to bring one to my attention that is new and different.
Here’s the email that you will get. It is titled “READ OR GO TO JAIL”:
Hi, I keep the whole story short.
Your device got infected with my private trojan, it gave me access to all your files, accounts and contacts.
Check the sender of this email, I sent it from your email account.
I stole all your data and then I removed my trojan again, to not leave any traces.
I KNOW EXACTLY ABOUT YOUR ILLEGAL ACTIVITIES!
It won’t take a long time to send your data with the proof of your activities to the police.
If you want to avoid jail time, send 1400$ in Bitcoin (BTC) to my address.
You can easily buy Bitcoin (BTC), just Google: “Where to buy Bitcoin (BTC)?”.
My address is: [REDACTED]
Yes, that’s how the address looks like, just copy and paste it, the address is (CaSe-SenSitiVE).
You are given not more than 4 days after you have opened this email.
Once I get the payment, I will remove everything, be sure, I keep my promises.
Next time keep your device updated with the newest security patches.
So let’s start with the fact that it was sent from the recipients email address. This is what is known as “email spoofing”. If you want to go into weeds about how this works, click here. But scammers will use this technique to convince you that you’ve been hacked, when in fact you have not been hacked. There are ways to stop this, but it requires you to have control of your own email server to implement a number of suggestions that are listed in the article that I linked to. But even that may not solve the problem. If you want to take additional steps to protect yourself from email spoofing, talk to your hosting company to see what they can do for you.
The next thing about the email is that he infected you with a trojan and then removed it to cover his tracks after stealing your data. This is meant to prey on all the stories about companies getting hacked and data being held for ransom. While that does happen, it isn’t happening in this case as any real threat actor would have not only provided you proof that you had been hacked, but they would not have contacted you in this manner. And if you are concerned about being infected with something or getting infected with something, use a trusted antivirus application or two to make sure you are clear. Or get a trusted IT professional to look at your computer.
Now about the part about going to jail. That’s to give you an incentive to pay the $1400 in Bitcoin that this scammer wants because nobody wants to have the cops knocking on their door. I’ll also point out that there is no way for this guy to know that you paid him because Bitcoin is anonymous. So that’s another hint that he’s lying. And checking the wallet that he had in the email, there was nothing in it. Which means that either he just started this scam, or he’s having no success if it has been around for a while.
Hopefully this allows you to recognize scams when they hit your inbox so that the only person who has a happy holiday is you.
Share this:
Like this:
Related
This entry was posted on December 12, 2022 at 1:38 pm and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.