Archive for Scam

Do Not Fall For This Canada Emergency Response Benefit Text Message Scam

Posted in Commentary with tags on May 1, 2020 by itnerd

There’s a text scam involving the new Canada Emergency Response Benefit (CERB) that is meant to help Canadians who lose their job due to the COVID-19 pandemic that has turned our planet upside down. I first started to hear about it when the Canada Emergency Response Benefit was rolled out, but today this hit home for me as I got one of these scam messages. I took a screen shot of it for you:

I blanked out the URL that was included in the message. But when I clicked it, it took me to a site that asked me to pick my bank and asked me to enter my banking credentials. Clearly this is a phishing scam as no Canadian Government agency would ever ask you for any personal information in this manner. I did some research and I found that some versions of this scam also ask you for your SIN (Social Insurance Number) and your passport number. There’s even a variant that tries to install malware on your computer. That makes this scam highly dangerous. Thus if you get one of these messages, delete it and don’t click on the link and keep yourself safe.

The Extortion Phishing Email Scam Is Back…. Here’s How You Can Avoid Being A Victim

Posted in Commentary with tags on March 16, 2020 by itnerd

Over the last few days, I have been getting one of those extortion phishing emails that I have written about in the past. In short it claims to know one of my passwords, and it claims to have embarrassing videos of me that were gained via a hack of my computer that will get sent to friends and family if I don’t pay the scammers in Bitcoin. In other words, it’s the usual scam that has been around for a while now. Here”s the email with some info changed to protect my privacy:

 

Subject: <My Name> <One of my Passwords>

Yοur ρasswοrd ιs <One of my Passwords>. Ι knοw a lοτ mοre thngs abοut yοu τhaη thατ.

How?

I ρlαced a malwαre oη τhe pοrη websiτe αηd guess what, yοu νisιted thιs web siτe το hανe fuη (you kηοw whaτ I meaη). While yοu were waτchιηg τhe νιdeο, your web browser αcted αs αη RDP (Remοte Deskτορ) αnd α keylogger, whιch ρroided me access tο yοur displαy screen αηd webcam. Rιght αfter τhατ, my sοfτware gathered αll yοur conτacτs from yοur Messenger, Faceboοk αccοunt, αηd email αccοuητ.

Whaτ exacτly did Ι dο?

I mαde a spliτ-screeη νιdeο. The fιrst ρart recοrded τhe νιdeo you were vιewiηg (yοu’e got αn exceρτional ταsτe haha), αnd τhe next parτ recorded yοur webcαm (Yeρ! t’s yοu \ dοiηg nαsτy τhings!).

What should you dο?

Well, Ι belιeνe, $2000 is α faιr prιce for our lιτtle secreτ. Yοu’ll maκe τhe paymeηt νιa βιτcoin τo the belοw αddress (if yοu dοη’τ know this, search “hοw το buy Βιtcοin” in Goοgle).

Βιtcoin Address:

REDACTED Bitcoin Address
(It is cAsE seηsiτινe, sο cοpy αηd ρaste ιt)

Ιmpοrτaητ:

You haνe 24 hours to mαke τhe paymenτ. (Ι hαve α uηique pιxel wιthiη thιs emαil message, aηd rιght now I know τhat yοu have read this emαιl). Ιf I don’t get τhe ρaymeηt, Ι wιll seηd your νιdeο το all of your cοnτacts, includiηg relaτιves, cowοrκers, aηd so forτh. Noηetheless, ιf I do get pαid, I wιll erase τhe video immediaτely. If you wαnt eνιdeηce, reρly wιτh “Yes!” αnd Ι will send your νιdeο recordιηg τo yοur fινe frieηds. This is α nοη-negotιable offer, so don’t wasτe my τιme and yοurs by reρlyiηg to this emαil.

<Alleged Name Of Hacker>

 

Now the email shows up in your inbox under multiple names with multiple email addresses and different bitcoin wallet addresses. And they may show up in your inbox four or five time a day. But the content is always the same. Including the weird letters in the text that you might have noticed. Now the password that they reference is likely to be one of your passwords. And they likely got it from a data breach that comprised email names, email addresses and passwords. You can find out which data breach by going to haveibeenpwned.com and typing in your email address. It will likely come back with the fact that you’ve been part of a data breach that includes your email address and password. But that’s all they know about you. The hope of the losers behind this scam is that this will be enough to get you to pay up.

The problem for the scammers is that this version of the extortion phishing scam will likely be ineffective.  I say that because they will literally spam you to the point that these emails will go straight to your junk filter after a while. By that I mean you may get five or six of these a day. With that sort of volume a corporate or ISP email filter will eventually catch on and filter these out. Or your email application may do the same thing, assuming that you don’t mark the first one that you get as junk, which means that every one of these emails after that one will just get tossed into your junk or spam email folder. The net result is that you’ll never see these emails. Thus making their scam ineffective. But if  you do see one or more of these emails pop up in your inbox, do yourself a favor and delete them. Something that I wish that I could do to the losers behind this scam and in the process make the world a better place.

Having said all of that, if you’re concerned about an email like this, and if you’re the least bit concerned about whether your system is compromised, consult a computer professional and have them check things over. Another thing I am strongly suggesting to my clients is that they change the passwords to things like email, online banking and the like as a preventative measure. That way if they get an email like this, they will know it is fake immediately.

Only about 1% of people who get an email like this pay up Thus these losers want you to be the 1% of people who fall for something like this because they make lots of money off that 1%. Don’t fall for this. Never respond to an email like this. Never pay up. Just ignore them and make sure that whatever password that they have isn’t in use by any of your online accounts. They are losers and don’t deserve your attention or more importantly your money.

 

SIM Swap Scams – How To Protect Yourself

Posted in Commentary with tags , on March 12, 2020 by itnerd

Right now the newest way for scammers to separate you from your money is the SIM swap scam. Here’s how the scam works.

  • A fraudster gathers personal details about the victim, either by use of phishing emails, by buying them from organised criminals, or by directly socially engineering the victim.
  • Once the fraudster has obtained these details, they then contact the victim’s mobile telephone provider. The fraudster uses social engineering techniques to convince the telephone company to port the victim’s phone number to the fraudster’s SIM. This is done, for example, by impersonating the victim using personal details to appear authentic and claiming that they have lost their phone.
  • Once this happens the victim’s phone will lose connection to the network and the fraudster will receive all the SMS and voice calls intended for the victim. This allows the fraudster to intercept any one-time passwords sent via text or telephone calls sent to the victim, and thus to circumvent any security features of accounts that are associated with the phone. Be they bank accounts, social media accounts, etc.

There have been a growing number of cases of this scam happening in Canada, US and other places. I have heard of bank accounts being drained and the take over of social media accounts. The most famous of these is the take over of Twitter CEO Jack Dorsey’s Twitter account a few months ago.

Clearly this is a scam that you need to keep an eye on due to the impact that it can have on your life. The question is, how do you protect yourself from being a victim? To help with that, I reached out to TELUS as they have programs to help Canadians protect themselves online. Most notably TELUS Wise. They were kind enough to point me to a number of tools on their website that can help guide consumers on how to protect themselves from scams in general. But they also provided a few tips specific to SIM swap scams:

  • Limit the amount of personal information about you online. Be careful to not click on phishing emails (and texts) that ask you to provide and/or validate private information.
  • Don’t add your phone number to any online accounts where it is not necessary.
  • Use strong and unique passwords for each of your accounts.
  • Set up authentication methods that aren’t text based only.
  • If you think something is awry and/or if you can’t make or receive phone calls on your device, contact your wireless provider immediately.
  • Report the fraud to your local police and the Canadian Anti-Fraud Centre at 1-888-495-8501. Notify your bank and credit card companies. Contact the two national credit bureaus to request a copy of your credit reports and place a fraud warning on your file (Equifax Canada Toll free:1-800-465-7166 and TransUnion Canada Toll free: 1-877-525-3823).

Besides the above, one other thing that I do recommend is that you set up a PIN or a security code with your wireless provider. That way if someone tries to access your account to try and pull off a SIM swap, they’ll run into a brick wall as they won’t have the PIN. TELUS offers this security feature (In fact, when I signed up with TELUS, I had to come up with a PIN on the spot), and I have to assume that other wireless providers do as well. Thus you should contact them to see how you can set this up on your account.

SIM swap scams are on the rise. But the good news is that by taking the above steps, you can reduce the risk that you will be a victim.

 

 

Here’s What To Expect From Today’s Rollout Of Tech To Block Nuisance Calls

Posted in Commentary with tags , on December 19, 2019 by itnerd

Today is the day that Canadian telcos at the request of the CRTC are to start blocking scam/nuisance calls. Or at least try to do so as I am dubious that this will really solve the issue. But pushing my own skepticism aside, here’s a quick primer as to what to expect from this effort.

What telcos like Bell and Rogers are going to do starting today is automatically block calls based on the caller ID information using the following criteria.

  • Numbers with more than 15 digits.
  • Numbers that can’t be dialed (such as a string of letters or 000-000-0000).

The net result is that calls from those types of numbers will no longer make your phone ring. Telus is doing something entirely different though.

As an alternative, telcos can offer subscribers “filtering services” that provide more advanced call-management features, which is what Telus is doing for its wireless customers. I was looking for details on that from Telus and couldn’t find anything online. Thus I  reached out to them for more information and this is what I got back via their Twitter support team:

Now here’s why any of these measures  isn’t going to make much of a difference from where I sit. This is only going to stop the low skilled scammers who for whatever reason can’t spoof numbers. Meaning that they don’t forge their Caller ID information to make it look like the call is coming from a real number such as a government agency or the police in order to make you more likely to answer the call. And the majority of nuisance calls that most of us get are spoofed. Thus all that these efforts are likely to do is to thin the herd of scumbags just a tiny bit. Now spoofed numbers are to be addressed by the end of September of 2020 by the rollout of additional tech to stop spoofing. But as I’ve written about previously, I am still dubious that even those efforts will make nuisance calls go away. But one could argue that any effort to cut down on the number of nuisance calls is better than making zero effort whatsoever.

I’d love to know if you notice a difference in terms of the number of nuisance calls that you get. Please leave a comment with your observations or reach out to me on Twitter with what you see.

 

 

THREE New Extortion Phishing Scams Are In The Wild

Posted in Commentary with tags on April 28, 2019 by itnerd

It’s been a while since I have written about extortion phishing scams. But three new ones have appeared and one of them is potentially dangerous.

Let’s start with the dangerous one. The scumbags behind this one are now utilizing a new extortion email campaign that claims the recipient’s phone was hacked, includes a partial phone number of the recipient, and further states that they created videos using the recipient’s webcam. Here’s an example:

@It seems that, 14, *last two digits your phone-
\You may not know me and you are probably wondering why you are getting this e mail, right?-

!actually, I setup a malware on the adult vids (porno) web-site and guess what*
@you visited this site to have fun (you know what I mean).(
^While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop)(
&having a keylogger which gave me accessibility to your screen and web cam.*
@after that, my software program obtained all of your contacts, phone and email.\

_What did I do?(

!I backuped phone. All photo, video and contacts.+
!I created a double-screen video./
&1st part shows the video you were watching (you’ve got a good taste haha . . .)$
%and 2nd part shows the recording of your web cam.=

+exactly what should you do?/

#Well, in my opinion, 809$ is a fair price for our little secret.\
=You’ll make the payment by +Bitcoin% (if you do not know this$ search !how to buy bitcoin& in Google)._

-Bitcoin^ Address:

<BITCOIN ADDRESS REDACTED>

%(It is cAsE sensitive, so copy and paste it)*

%Important:
!You have 45 hours in order to make the payment.\
%(I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message)-
\If I do not get the !BitCoins+
%I will certainly send out your video recording to all of your contacts%
@Having said that, if I receive the payment, I’ll destroy the video immidiately._
)If you need evidence, reply with “Yes!*

-If I find that you have shared this message with someone else$
)the video will be immediately distributed.=

Now the person who got this email told me that the last two digits of his phone number were accurate. Thus he wondered if he had been hacked. But I can say that after examining his computer and phone, that he had not been hacked. But clearly this is a new method to convince the recipient that they have been hacked and it has replaced displaying a password to do the same thing.

The thing is, it’s really easy to get the last two digits of someone’s phone number. The most logical way that these scammers are getting these numbers is via it may password or account recovery functionality such as the one from Gmail or the one from Microsoft. There have been data leaks in the past that only contained partial phone numbers as well, But the bottom line is that you have not been hacked.

The second is aimed at companies. It’s pretty low level and not very sophisticated. Here’s a copy of what one of my clients got:

FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!

We Hacked You Infrastructure.
We Caught Possible Communication.
We Backuped Available DATA And DOCUMENTS.
That you trusting our words, we send this mail to you with YOUR account.

After analyzing documents. We see your Illegal activity. HIDING TAXES.

That we do NEXT.
I want two (2) Bitcoin

if you don’t pay fees. To my wallet Bitcoin.

<BITCOIN ADDRESS REDACTED>

We want send this Documents and Proofs to your Tax Departament.
And in this time Your network will be DDoS.
Read that in this link
https://en.wikipedia.org/wiki/Denial-of-service_attack

This is our guarantee, that you don’t clean evidence and build a protection policy.

If you don’t pay by in 7 days, attack will start.
Yours service going down permanently and price to stop will increase to Four (4) BTC,
Price will go up one (1) BTC for every day of the attack.

This is not a joke.

Our attacks are extremely powerful – sometimes over 1 Tbps per second.
And we pass CloudFlare and others remote protections!
So, no cheap protection will help.

Prevent it all with just Two (2) BTC
To my wallet Bitcoin.

<BITCOIN ADDRESS REDACTED>

Pay strict sum. This is your identification. And we will know that its you.
AND YOU WILL NEVER AGAIN HEAR FROM US!

Bitcoin is anonymous, nobody will ever know
you cooperated.

Time started after open this mail.
To track the reading of a message and the actions in it, I use the facebook pixel.
Read that in this link
https://www.facebook.com/business/help/898185560232180?helpref=faq_content

There’s nothing here that is interesting. Such as passwords that the user has used, or a partial phone number like the previous scam. Thus this scam is purely trying to take advantage of the fact that a company might not have paid their taxes. And that they can track that you opened this email using Facebook Pixel. Which for the record when I examined the email it showed no evidence that Facebook Pixel was in use. #Fail. I seriously doubt that this will get this scammer anything.

Finally, there are new scams that utilize QR codes to direct you to their Bitcoin wallet so that you can pay them. The QR code has the amount that you have to pay as well which is kind of clever.

I took screenshots of the text that the recipient gets:

6a0133f264aa62970b0240a44295f3200c-800wi.png

Below that is a QR Code that goes to a Bitcoin wallet . I am not reposting the QR code as I don’t want to give these scumbags any more time than I need to. Other than that, it’s the usual extortion phishing scam that we’ve seen for the last little while.

If you come across any of these scams, you know what to do. Simply delete them and move on with your life.

It Seems That One Ring Scams Are Back

Posted in Commentary with tags on March 22, 2019 by itnerd

I was at a client location today when my iPhone rang. It was a 408 number which is out of  San Jose CA. Seeing as I have a number of companies that I deal with in that corner of the planet, I answered the phone but heard nothing on the other end. So I hung up. Ten seconds later the same number calls back. Again I answered it but again I heard nothing on the other end so I hung up. No further calls came.

Now I was tempted to phone them back. But then I remembered that I wrote about this scam which is called the “one ring” scam before and you can see that story here. But in short, the scam counts on you phoning the number back because you’ll then be billed a pile of money a minute. Now the last time I had heard of this scam, the calls were coming from the country codes of 235 (Chad), 232 (Somalia), 269 (Comoros), strangely 573 (A Missouri area code, but it is possible that it is country code 57 which is Colombia) and 267 (Botswana). So having a number coming from a US area code would be a new angle to this scam. Thus out of an abundance of caution, I reached out to my cellular provider which is TELUS with this:

Their reply came within minutes:

Now this is a great response to my question. Not only did TELUS get back to me quickly and confirm that this was likely a Wangiri or One Ring scam. But they also provided me with a resource so that I could be educated on how to protect myself. Now that is top shelf service. Kudos to TELUS for that.

In any case, since I did not phone the number back, which means that I should be in the clear. But as a just in case thing I blocked the number. Though I strongly suspect that the number was spoofed which means that blocking the number may not make any difference as the spoofed number will likely change.

I’m going to keep a close eye on my next phone bill at the end of the month to ensure that nothing in terms of spurious charges makes it way on there. And I will be on guard for further attempts to execute this scam. You should be on guard as well as clearly the “one ring” scam is back. And to help to keep you safe, I will not only point to my original story on this, but to the write up by TELUS as both have tips to protect yourself.

A Follow Up To The Latest Extortion Phishing Scam Emails

Posted in Commentary with tags on January 22, 2019 by itnerd

You may recall that I have done a pair of stories a new extortion phishing scam that was brought to my attention. Now while the emails themselves are kind of lame. I decided to delve into them a bit more to figure out where they were coming from. One of the things that I did was look at the headers of the emails in question as they have all sorts of useful information. In the second one, I saw this:

Received: ⁨from mx.c.anonymousobserver.ga ([159.203.72.137]:56230) by [RECEIVING EMAIL SERVER REDACTED] with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from <raguel-195@c.anonymousobserver.ga>) id 1glTYW-0005Bn-25 for nerd@theitnerd.ca; Mon, 21 Jan 2019 01:59:44 -0500⁩

Received: ⁨from [127.0.0.1] (mx.c.anonymousobserver.ga [127.0.0.1]) by mx.c.anonymousobserver.ga (Postfix) with ESMTP id 43jhwd5F8Lz502M for <nerd@theitnerd.ca>; Mon, 21 Jan 2019 06:49:04 +0000 (UTC)⁩

And in the first one, I saw this:

Received: ⁨from mx.d.anonymous-hacking.ga ([178.128.117.242]:39250) by [RECEIVING EMAIL SERVER REDACTED] with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from <leon_287@d.anonymous-hacking.ga>) id 1gkLCk-00077y-5l for nerd@theitnerd.ca; Thu, 17 Jan 2019 22:52:28 -0500⁩

Received: ⁨from [127.0.0.1] (mx.d.anonymous-hacking.ga [127.0.0.1]) by mx.d.anonymous-hacking.ga (Postfix) with ESMTP id 43gmN72blHz4fXV for <nerd@theitnerd.ca>; Fri, 18 Jan 2019 03:17:42 +0000 (UTC)⁩

I bolded the most relevant parts of this which is the sending servers .They are different. But not as much as you would think. I then ran a whois command on both domains unsurprisingly, they came back very similar:

screen shot 2019-01-22 at 5.47.35 pmscreen shot 2019-01-22 at 5.47.53 pm

So Gabon is on the west coast of Central Africa. Located on the equator. But the key thing is that both domains appear to be registered to the “Agence Nationale des Infrastructures Numériques et des Fréquences” which according to this LinkedIn page (translated into English) does this:

The National Agency for Digital Infrastructures and Frequencies (ANINF), a government agency in Gabon, is an instrument that is part of the national strategy for digital development in Gabon.

The ANINF declines, through its sovereign missions, by the development of digital infrastructure throughout the national territory, the harmonious management of the frequency spectrum, the coherent development of e-Government applications, management and control resources related to IT, audiovisual and telecommunication investments in the Republic of Gabon.

That’s interesting. But I don’t see a government agency running an extortion phishing scam. Though anything is possible I suppose. But what this agency does serve up .ga domain names according to this page. So what I think is going on is someone is registering what are essentially “disposable” domains to run the scam. They then set up an email to send out these scam emails. That’s kind of crafty. Who’s doing this? I haven’t got a clue. But I figure that bringing this to light will make it more difficult for the whomever is behind it to try this again.

A Reader Gets A Second Extortion Phishing Email From The Same Group Of Slimeballs

Posted in Commentary with tags on January 21, 2019 by itnerd

It seems that the person who sent me this extortion phishing email got a follow up to that. And it isn’t particularly creative. And like the last one a warning as some contents may be a bit graphic for some:

LAST WARNING [EMAIL ADDRESS REDACTED] !

You have the last chance to save your social life – I am not kidding!!

I give you the last 72 hours to make the payment before I send the video with your masturbation to all your friends and associates.

The last time you visited a erotic website with young Teens, you downloaded and installed the software I developed.

My program has turned on your camera and recorded your act of Masturbation and the video you were masturbating to.

My software also downloaded all your email contact lists and a list of your Facebook friends.

I have both the ‘[FILENAME REDACTED].mp4’ with your masturbatio and a file with all your contacts on my hard drive.

You are very perverted!

If you want me to delete both files and keep your secret, you must send me Bitcoin payment. I give you the last 72 hours.

If you don’t know how to send Bitcoins, visit Google.

Send 2000 USD to this Bitcoin address immediately:

[BITCOIN ADDRESS REDACTED]

(copy and paste)

1 BTC = 3470 USD right now, so send exactly 0.581065 BTC to the address above.

Do not try to cheat me!

As soon as you open this Email I will know you opened it.

This Bitcoin address is linked to you only, so I will know if you sent the correct amount.

When you pay in full, I will remove both files and deactivate my software.

If you don’t send the payment, I will send your masturbation video to ALL YOUR FRIENDS AND ASSOCIATES from your contact list I hacked.

Here are the payment details again:

Send 0.581065 BTC to this Bitcoin address:

—————————————-

[BITCOIN ADDRESS REDACTED]

—————————————-

You саn visit the police but nobody will help you.

I know what I am doing.

I don’t live in your country and I know how to stay anonymous.

Don’t try to deceive me – I will know it immediately – my spy ware is recording all the websites you visit and all keys you press.

If you do – I will send this ugly recording to everyone you know, including your family.

Don’t cheat me! Don’t forget the shame and if you ignore this message your life will be ruined.

I am waiting for your Bitcoin payment.

Raguel

Anonymous Hacker

P.S. If you need more time to buy and send 0.581065 BTC, open your notepad and write ’48h plz’. I will consider giving you another 48 hours before I release the vid, but only when I really see you are struggling to buy bitcoin.

Now I know it’s the same slimeball or group of slimeballs behind this because both emails came from the same domain which is d.anonymous-hacking.ga. Except that the domain doesn’t exist. So that’s a lie. I’ll be doing some work to find out the real source of this today and post an update. The rest of this email is a near carbon copy of the last one. Except that it is signed as follows:

Raguel

Anonymous Hacker

If you post your name, how can you be anonymous? I get it is likely a fake name. But that seems pretty dumb as it affects the credibility of this email. Seeing as its not credible, it’s yet another scam email that you should delete should you receive it. Expect an update when I trace back where these slimeballs are from.

UPDATE: Another thing that I noted is that the the above email and the one that came before it have different Bitcoin addresses in them. So that makes the sentence “This Bitcoin address is linked to you only, so I will know if you sent the correct amount.” is another lie as you would think they would be the same. It also further highlights that this email is bogus.

UPDATE #2: Here is an update to this story with additional details.

 

This Is A Really, Really Lame Extortion Phishing Email Attempt

Posted in Commentary with tags on January 19, 2019 by itnerd

A lot of the extortion phishing emails that people send me are well crafted. This isn’t one of them. Here we go with this latest one:

Dear Maureen Prigent

Now we аre reаllу clоsе-  ( uQH  ) frоm vps numero:3447
_____________________________________________________________

Wе will nоt laugh аt уоur weaknеsses. Rеаd this lettеr attеntivеlу. Mу сrew will not ruin уоur lifе if yоu go tо а dеаl with us.

You cаn find a lоt of vаrious rulеs аbоut seсuritу on thе intеrnet: using vpn , download aсtual аntivirus bаsе; hide web сameras with a adhesivе tаpe… In your оpinion it is nоt neсessary.

I cоunted morе than 900 victims that were infeсtеd bу my private сomputеr wоrm.

It was implеmented оn fаked sitе with flash plug-in. Usеrs instаlled everything and didnt surmise something bad, as you knоw this plug-in shоuld bе installed on all deviсеs tо plаy vidеo files.

Yоu wеrе not eхceptiоn and now alsо havе big prоblеms.

My built-in pаrser rеsponded tо уour requests for pоrn sites. Dirесtlу аftеr the plaу buttоn was pushеd thе maliсious sоft асtivаted thе wеb-cаmera to catсh yоu саressing yоur bоdy. Latеr mу virus sent the link of thе video thаt уou opеned оn yоur сomputer. With fоrmgrabber demolished historу and got аll passwords frоm yоur social mediа that werе visited sinсе lаst Monday. I mаdе а соpу of thе сontасt list of уour friеnds, cоllеgues and relаtivеs.

Lеt’s sum up the results: I got vid with уоu paying with уourself, contасt list with уour friends, соlleguеs and rеlativesаnd rеcord which yоu оpened on the cоmputеr.

You cаn help уоurself just send mе 500 unitеd stаtеs dоllars in btс сrуptоcurrenсy.
Pay hеre –

[BITCOIN ADDRESS REDACTED]

Think better: bе a star аmоng friends оr pау this little sum not tо lоse уоur hаbitual life.
Yоu cаn сomplаin cоps, but thеу саn not find us. I use bоt nеtwоrk, alsо we livе аbrоаd. IP in a heаder is nоt mine.
If уou hаvе sоme prоblеms write mе bаck.
Think twice.

I can’t even begin to describe how bad this is. Forget the grammar which is horrific and shambolic. The name that I left intact at the start of the email isn’t even the name of the person who sent me this email. There’s nothing here that would convince anyone one to pay up. Whomever came up with this email is really, really, stupid. At the end of the day, this is yet another scam email that you should delete should you receive it. And to those who wrote this email, I have a message for you. You suck.

Happy Friday! Here’s Another Extortion Phishing Email For You

Posted in Commentary with tags on January 18, 2019 by itnerd

I have yet another extortion phishing email that I would like to share with you. This particular one is not very sophisticated and not all that good. Which illustrates that the people behind it aren’t all that bright. But it may still fool someone into handing over their hard earned money to a low rent loser who doesn’t deserve it. So here it is. And a warning. This particular email may be a bit graphic for some:

THIS IS NOT A JOKE – I AM DEAD SERIOUS!

Hi perv,

The last time you visited a p0rnographic website with teens, you downloaded and installed software I developed.

My program has turned on your camera and recorded the process of your masturbation.

My software has also downloaded all your email contact lists and a list of your friends on Facebook.

I have both the ‘[NAME OF USER REDACTED].mp4’ with your masturbation as well as a file with all your contacts on my hard drive.  

You are very perverted!

If you want me to delete both the files and keep the secret, you must send me Bitcoin payment. I give you 72 hours for payment.

If you don’t know how to send Bitcoins, visit Google.

Send 2.000 USD to this Bitcoin address immediately:          

[BITCOIN ADDRESS REDACTED]

(copy and paste)

1 BTC = 3,580 USD right now, so send exactly 0.564038 BTC to the address provided above.

Do not try to cheat me!

As soon as you open this Email I will know you opened it.

 This Bitcoin address is linked to you only, so I will know if you sent the correct amount.

When you pay in full, I will remove the files and deactivate my program.

If you don’t send the payment, I will send your masturbation video to ALL YOUR FRIENDS AND ASSOCIATES from your contact list I hacked.

Here are the payment details again:

Send 0.564038 BTC to this Bitcoin address:

—————————————-

[BITCOIN ADDRESS REDACTED]

—————————————-

You саn visit police but nobody will help you. I know what I am doing.

I don’t live in your country and I know how to stay anonymous.

Don’t try to deceive me – I will know it immediately – my spy ware is recording all the websites you visit and all keys you press. If you do – I will send this ugly recording to everyone you know, including your family.

Don’t cheat me! Don’t forget the shame and if you ignore this message your life will be ruined.

I am waiting for your Bitcoin payment.

If you need more time to buy and send 0.564038 BTC, open your notepad and write ’48h plz’. I will consider giving you another 48 hours before I release the vid       

Anonymous Hacker

So, they’re trying to use the same playbook of using shame and embarrassment to get you to pay up. The low rent losers behind this email don’t offer up any proof and it looks like a form letter of sorts as the name of the video is the user name of the email address that this email was sent to. The only thing different is that they use explicit language and introduce the implication that the victim was looking at teen porn which is illegal in most places on Earth, or at least frowned upon. But beyond all of this, this is yet another scam email that you should delete should you receive it. And a message for the low rent losers behind this scam email. Your email is a #fail and nobody will fall for it. Especially after this post starts to circulate.

UPDATE: These same scumbags sent the reader in question a second email. Click here to see it.