Here’s a new one for me. Google is being used to perpetrate an extortion phishing scam. Let me walk you through it. It starts with this email that you get in your inbox:
So I will give the threat actor credit for coming up with an email that looks convincing. But there’s one way to tell that this is not sent by Google. And that’s to check the email address that it was sent from:
By some strange coincidence, it’s the same email address that is referenced in the body of the email. Which shouldn’t be the case as this email should come from Google via a domain like @google.com or @googlemail.com for example. So upon seeing that, most people should immediately hit the delete button on this button. I’m not most people which means we’re going down the rabbit hole on this one. Upon clicking on the words “Disconnect email”, which for the record you should never ever do, I got this:
This is your classic extortion phishing scam. The whole point of the scam is to convince you that your PC has been hacked by some “God Tier” hacker and they’ve caught you “pleasuring yourself.” And to keep the video that he took of you supposedly doing this from getting out, you have to pay them. Usually I have seen the extortion part of this simply delivered by email. But I am guessing that because more and more spam filters on email servers are catching those emails, the threat actors have now resorted to this method to get directly to the user. I’ll admit that it’s crafty. And checking the Bitcoin wallet associated with this scam shows that seven people have fallen for the scam:
Here are the facts behind extortion phishing scams. There’s no way for the scammer to tie you to the money that they could get from you as Bitcoin is anonymous by design. Which means that they have no way to delete the data that they allegedly collected if you pay them. Which by extension means that they’re lying about having data on you. On top of that, the level of skill required to come up with some sort of trojan that is capable of doing the sort of things that they are describing would not be used in a low rent scam like this. They would more likely be used by nation states wanting to spy on people. Think the sort of stuff that the notorious NSO Group does on the iOS side of the fence. All of that should make hitting the delete button on any email that you get that has this type of scam very easy to do. It also makes closing the browser window that has anything like the image above also easy to do.
I will also make this observation. The website that hosts this page is in China. Does that make the threat actor Chinese? Who knows? They may actually be Chinese, or they could be from someplace else and are using a Chinese host to cover their tracks. At the end of the day it doesn’t matter. But it’s worth noting.
Having said all of that, if you’re concerned about this scam actually being real, and if you’re the least bit concerned about whether your system is compromised, consult a computer professional and have them check things over. They likely won’t find anything wrong. But if it gives you peace of mind, it’s worth it.