The IT Nerd

I have yet another extortion phishing email that I would like to share with you. This particular one is not very sophisticated and not all that good. Which illustrates that the people behind it aren’t all that bright. But it may still fool someone into handing over their hard earned money to a low rent loser who doesn’t deserve it. So here it is. And a warning. This particular email may be a bit graphic for some:

THIS IS NOT A JOKE – I AM DEAD SERIOUS!

Hi perv,

The last time you visited a p0rnographic website with teens, you downloaded and installed software I developed.

My program has turned on your camera and recorded the process of your masturbation.

My software has also downloaded all your email contact lists and a list of your friends on Facebook.

I have both the ‘[NAME OF USER REDACTED].mp4’ with your masturbation as well as a file with all your contacts on my hard drive.  

You are very perverted!

If you want me to delete both the files and keep the secret, you must send me Bitcoin payment. I give you 72 hours for payment.

If you don’t know how to send Bitcoins, visit Google.

Send 2.000 USD to this Bitcoin address immediately:          

[BITCOIN ADDRESS REDACTED]

(copy and paste)

1 BTC = 3,580 USD right now, so send exactly 0.564038 BTC to the address provided above.

Do not try to cheat me!

As soon as you open this Email I will know you opened it.

 This Bitcoin address is linked to you only, so I will know if you sent the correct amount.

When you pay in full, I will remove the files and deactivate my program.

If you don’t send the payment, I will send your masturbation video to ALL YOUR FRIENDS AND ASSOCIATES from your contact list I hacked.

Here are the payment details again:

Send 0.564038 BTC to this Bitcoin address:

—————————————-

[BITCOIN ADDRESS REDACTED]

—————————————-

You саn visit police but nobody will help you. I know what I am doing.

I don’t live in your country and I know how to stay anonymous.

Don’t try to deceive me – I will know it immediately – my spy ware is recording all the websites you visit and all keys you press. If you do – I will send this ugly recording to everyone you know, including your family.

Don’t cheat me! Don’t forget the shame and if you ignore this message your life will be ruined.

I am waiting for your Bitcoin payment.

If you need more time to buy and send 0.564038 BTC, open your notepad and write ’48h plz’. I will consider giving you another 48 hours before I release the vid       

Anonymous Hacker

So, they’re trying to use the same playbook of using shame and embarrassment to get you to pay up. The low rent losers behind this email don’t offer up any proof and it looks like a form letter of sorts as the name of the video is the user name of the email address that this email was sent to. The only thing different is that they use explicit language and introduce the implication that the victim was looking at teen porn which is illegal in most places on Earth, or at least frowned upon. But beyond all of this, this is yet another scam email that you should delete should you receive it. And a message for the low rent losers behind this scam email. Your email is a #fail and nobody will fall for it. Especially after this post starts to circulate.

UPDATE: These same scumbags sent the reader in question a second email. Click here to see it.

This latest email based extortion phishing scam is designed to tug on your heartstrings. But don’t be fooled. It is a scam and the low life scumbags behind it don’t deserve any of your money. Here’s the latest scam email that a reader forwarded to me:

Hello,

As you can see from the subject of this email your account has been compromised, you can also see i have sent you this email from your own account to show you i have full access to it. I also know one of the passwords you used to use was [PASSWORD REDACTED]. Read this FULL email to find out what to do and what happened.
You visit adult websites on a regular basis. One of these websites was injected with a backdoor i created. This backdoor installed itself onto your system giving me FULL access to it. I have downloaded all your files, contacts, information, etc.
Furthermore from time to time i activated your camera and recorded some videos and took some shots of you while you “satisfied” yourself watching adult content. Don’t be alarmed, read on and i will tell you what to do.

I reside in a country where it is very hard to support my family, this is why i do this, you are not targeted by me, you just visited the wrong site at the wrong time.

I could send all the nasty videos and pictures along with all the information of all the sites you visit and all your files to all your contacts, friends and family but i don’t think you want me to do that. This will have a very negative impact on your social life, infact this will end your social life, imagine the disgrace! So read on and find out what to do.

When you opened this email my system activated a timer, from now on you have 8 hours to make a donation of $550 or 480€ to this bitcoin address: [BITCOIN ADDRESS REDACTED] (copy paste this, it is case sensitive).
If you don’t know how to use bitcoins use any search engine, it is very easy and there are alot of websites selling bitcoins instantly using your debit or credit card.

Think of this as a donation for me to support my loved ones.

My system will monitor the given bitcoin address for any transactions. If you do this within the given timeframe my system will automatically delete the videos, pictures and information i have of you and the backdoor will close itself and you will never hear from me again and you can go on living your life like this never happened.
If you don’t do this my system will automatically send all information of the websites you visit, all the videos i recorded and the pictures i took to all your loved ones, contacts and friends when the timer ends. Furthermore your system will lock up and you will never be able to use it again! Don’t let this happen, remember the impact this will have on your social life!

It does not matter how many times you change your passwords, my backdoor will always grant me access to your system.

Try to think of this as a contribution for somebody trying to feed his family. I am sorry i have to do this but i will do whatever it takes to support my family.

Your time is counting!

Good luck!

Now the only “proof” that they provide is the fact that the scumbags behind this allegedly have sent this from your email address and the password that was allegedly used at the time (which in this case was changed many years ago). When I examined the email I discovered that while it does display the email address of the targeted individual, it was actually sent from a server called slot0.ghdajkghet.tk which is located in Tokelau, a territory of New Zealand located in the South Pacific as opposed to GoDaddy which is where the email of the targeted individual was actually hosted. As for the part of needing to do this to support their family, even if that were true it is not an excuse to engage in criminal behavior as this is what this scam is. The bottom line is that if you get an email like this, delete it and move on with your day. And if you want to see the numerous variants of this scam, click here as I have documented as many as I can to ensure that you don’t become a victim.

So these extortion phishing scams are continuing to pop up because clearly the loser scumbags behind these scams have nothing better to do during this holiday season. I just got this scam email from a reader which scores low on the originality scale as it is similar to this one that I told you about a few days ago:

Hi, stranger!

I know the [PASSWORD REDACTED}, this is your password, and I sent you this message from your account.

If you have already changed your password, my malware will be intercepts it every time.

You may not know me, and you are most likely wondering why you are receiving this email, right?

In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy

(you know what I mean).      

While you were watching video clips, my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.

Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.          

What I’ve done?

I made a double screen video.

The first part shows the video you watched (you have good taste, yes … but strange for me and other normal people), and the second part shows the recording of your webcam.

What should you do?

Well, I think $742 (USD dollars) is a fair price for our little secret.

You will make a bitcoin payment (if you don’t know, look for “how to buy bitcoins” on Google).

BTC Address: [BTC ADDRESS REDACTED]

(This is CASE sensitive, please copy and paste it)

Remarks:

You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).

If I don’t get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.

However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.

If you want to get proof, answer “Yes!” and resend this letter to youself.

And I will definitely send your video to your any 10 contacts.

This is a non-negotiable offer, so please do not waste my personal and other people’s time by replying to this email.

Bye!

The reader said that this was sent from his email address. That way it looks like his account had been hacked. But just like that last extortion phishing scam email that I reported on, it was being sent from another email server. In this case, it was in Poland. Thus this is clearly a scam and the email should be instantly deleted. The fact is that scumbags who are behind these emails shouldn’t be able to get their hands on your money. And if everyone who got these emails deleted them and didn’t pay these losers, these emails would stop hitting your inbox instantly. Thus if you get one of these emails, simply delete them and continue with your day.

Things on the extortion phishing scam front have been quiet for a while. But I now have a series of new emails that show that this scam may be getting a bit more sophisticated. Which in turn makes them far more dangerous. Take this one that a client of mine got today:

Hello!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your account: On moment of hack your account has password: [PASSWORD REDACTED]

You say: this is the old password!
Or: I will change my password at any time!

Yes! You’re right! But the fact is that when you change the password, my trojan always saves a new one!

I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $739 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).

My bitcoin address (BTC Wallet) is: [BITCOIN ADDRESS REDACTED]
After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best wishes!

Now when I examined this email, a casual computer user will notice that it came from their email address. Thus giving the impression that what the email is saying is true. But I had a look at the source code behind the email to see where it really came from. You see, when an email hits your inbox, it has all sorts of information in it that you can’t see but is really useful. Including where it came from. In the case of this specific email, the specific part of the source code that I care about looks like this

Return-path: <nobody@nowhere.com>
Envelope-to: nobody@nowhere.com
Delivery-date: Fri, 21 Dec 2018 07:13:40 -0500
Received: from static-166-195-87-188.ipcom.comunitel.net ([188.87.195.166]:25630)
	by srv2.deathstar.net with esmtp (Exim 4.80.1)
	(envelope-from <nobody@nowhere.com>)
	id 1gaJgR-00053w-KH
	for nobody@nowhere.com; Fri, 21 Dec 2018 07:13:40 -0500
Message-ID: <5C1CEA9F.4000909@nowhere.com>
Date: Fri, 21 Dec 2018 13:29:03 +0000
From: <nobody@nowhere.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: "password" <nobody@nowhere.com>
Subject: Security Scam Warning.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

If you are interested in seeing this info on your computer, this Google search can help you with that. Just pick something that matches the email client that you are using, be it Outlook, Apple Mail, or Thunderbird or whatever you happen to be using. Now I’ve changed some of the more sensitive info so that it doesn’t trace back to anyone but the scumbag scammers. But I was able to quickly determine that this email came from someplace other than the client’s email server because of this that I have highlighted in bold:

Received: from static-166-195-87-188.ipcom.comunitel.net ([188.87.195.166]:25630) by srv2.deathstar.net with esmtp (Exim 4.80.1) (envelope-from <nobody@nowhere.com>) id 1gaJgR-00053w-KH for nobody@nowhere.com; Fri, 21 Dec 2018 07:13:40 -0500

Now if this hacker has truly hacked this customer, the two items that I put in bold should match because those are the server that sent the email and the server that received the email. Both should match if the account was hacked. But they don’t match which means that this is a scam. And the server in question which is static-166-195-87-188.ipcom.comunitel.net as far as I can tell is in Spain.

This version of this scam is clearly meant to scare people into thinking that their email account has been hacked. But in reality it hasn’t been. Thus if you get one of these messages, I would look at the source info the way I did to confirm if you have been hacked or not. Chances are that you haven’t been hacked and you can simply delete this email and not pay the scumbags behind this scam a dime.

This scam joins the list of the last last eleven extortion phishing scams that I have been telling you about over the last few months. Sigh. Total #Fail.

The fake tech support scams that seems to be centered in India is something that I’ve been tracking for a while now. And I am overjoyed that Indian Police at the prompting of Microsoft have finally done something about the scumbags related to this scam:

New Delhi police have arrested 63 suspects in the last two months working and operating 26 call centers that were engaging in tech support scams, posing as tech support staff at Microsoft, Google, Apple, and other major tech companies. The raids on Delhi-based call centers have taken place over the last two months, Microsoft said. Police first raided 10 call centers and arrested 24 people in October, and then raided 16 other call centers and made 39 more arrests this week.

Microsoft said its staff received over 7,000 victim reports associated with the 16 call centers raided this week, from over 15 countries. Users reported paying between $100 and $500 for unnecessary tech support services and products. The raids resulted in the seizure of substantial evidence including call scripts, live chats, voice call recordings and customer records from tech support fraud operations, Microsoft said. The Delhi police’s crackdown on tech support call centers came after Microsoft filed legal complaints earlier this year. Microsoft has been collecting customer complaints about tech support scams since 2014, via its “Report a technical support scam” portal.

Hopefully this is a sign of things to come as if I were the Indian government, I would be embarrassed that scams like these were operating within the country.

Now if the Indian authorities will do something about the Canada Revenue Agency scams where the scumbags are completely unrepentant.

Over the last little while, there’s been nothing new on the extortion phishing scam front. In fact, I even Tweeted about the lack of action:

It's strange….. I've now gone weeks without getting a tip about some extortion phishing scam where the sender claims to have seen you watch porn. Perhaps this scam is over and done with?

— The IT Nerd (@The_IT_Nerd) November 26, 2018

Well, that was yesterday. And clearly the Internet Gods heard me because today I got a tip about a new version of this scam. And I have to admit, it’s got one creative element in it:

Hi, my prey.

This is my last warning.

I write you because I attached a trojan on the web site with porno which you have viewed.
My trojan сaрturеd аll yоur рrivаtе datа and switchеd оn your cаmеrа which reсorded thе асt of yоur sоlitary sex. Just аftеr thаt thе trojan saved your соntact list.
I will erase the cоmpromising vidеo rеcords аnd infоrmatiоn if yоu send mе 500 EURO in bitcoin.
 
This is аddrеss for pаyment :  [Bitcoin Wallet Address Redacted]

I give yоu 30 hours аftеr yоu oреn my mеssage for making thе раymеnt.
As sооn аs you rеad the mеssagе I’ll sеe it right awаy.
It is not nеcessary tо tell me thаt you havе sent money to me. This аddress is сonnесtеd to yоu, my system will erаsеd аutomaticаlly after trаnsfеr сonfirmаtion.
If you nеed 48h just Оpеn thе саlculаtor оn yоur desktоp аnd prеss +++
If yоu don’t рay, I’ll sеnd dirt to аll yоur соntасts.      
Lеt mе remind yоu-I seе whаt you’re doing!
You can visit the pоliсe offiсе but аnybody сan’t hеlр you. 
If you try to deceive mе , I’ll knоw it immеdiatеly! 

I dоn’t livе in yоur соuntry. So аnyоne can nоt trаck my lосatiоn even for 9 months.
bye. Dоn’t forgеt аbout thе shame and tо ignorе, Yоur life саn be ruined.

So, while a lot of the content is recycled and not particularly new, I will give the scumbags points for creativity because of this:

If you nеed 48h just Оpеn thе саlculаtor оn yоur desktоp аnd prеss +++

In the absence of serving up a password which would give the scam email some degree of perceived legitimacy, the losers behind this email give off the impression that they can actually see you. I have to admit that this is pretty crafty and might fool a less sophisticated user. Other than that, it’s the same playbook as the last last ten extortion phishing scams that I told you about in the last few months. Sigh. #Fail. If you get one of these emails, simply delete it and move on with your day.

Wow. It’s been almost two weeks since I have written about an extortion phishing email. But tonight I’m writing about a brand new one. Here it is for your reading pleasure:

Dear user of [DOMAIN REDACTED]!

I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.
– Password from account [EMAIL ADDRESS REDACTED]: [PASSWORD REDACTED] (on moment of hack).

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.

Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.

At the moment, I have harvested a solid dirt… on you…
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

I know what you like hard funs (adult sites).
Oh, yes .. I’m know your secret life, which you are hiding from everyone.
Oh my God, what are your like… I saw THIS … Oh, you dirty naughty person … 🙂

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!

So, to the business!
I’m sure you don’t want to show these files and visiting history to all your contacts.

Transfer $837 to my Bitcoin cryptocurrency wallet: [BITCOIN WALLET ADDRESS REDACTED]
Just copy and paste the wallet number when transferring.
If you do not know how to do this – ask Google.

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am “working” with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my server).

Good luck!

Now the user who forwarded this email to me knew that his was fake because the email that was being quoted in the letter was one that was used almost six years ago. So he suspected that his loser was full of it. I’ll add to this by talking about the exploit that he used, or supposedly used which was CVE-2018-0296. If you read the vulnerability it says this:

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques.

In English, the attacker could overwhelm a Cisco security appliance with bogus data, perhaps take it down entirely, and perhaps view sensitive data. That sounds like a way to steal a password. But this exploit was disclosed in 2018. Which makes it kind of implausible that this was used six years ago. Not impossible. But implausible. But the fact is that they added this to give this email some sense of legitimacy that the scumbags behind this email hope will fool the less technically savvy. Other than that, it’s the same playbook as the last last nine extortion phishing scams that I told you about in the last few months. Sigh. If you get one of these emails, simply delete it. It’s bogus.

While I am waiting to see what happens with that last extortion phishing email that I got my hands on and decided to have some fun with, I have another one for your reading pleasure:

Hi.. .

This won\’t take too much of your study time, and so right to the point. I obtained a footage of you makin\’ mayo while at the pornweb site you\’re stopped at, because of an incredible arse software program I have was able to put on a couple of websites with that sort of content material.

You press play and all the cams and a microphone start recording in addition it saves every damn detail from your computer, just like contact information, passkey and crap like that, guess exactly where i obtained this e-mail from?) So now we all know who my goal is to deliver that to, just in case you aren\’t going to negotiate this along with me.

I am going to place a account address down below so that you can send me 350 $ within Three dayz maximum via bitcoin. Notice, it\’s not that large of a sum to cover, suppose that makes me not that terrible of a man.

You are allowed to complete whichever the shit you want to, yet in case i will not see the total amount within the time period stated over, well… u by now know what could happen.

Therefore it\’s under your control right now. I\’m not going to move through everything and crap, simply ain\’t got time for that and you possibly know that internet is filled with emails like this, therefore it\’s as well your final choice to believe in this or not, there is just a proven way to discover.

The following is my btc wallet address- [BITCOIN ADDRESS REDACTED]

Have fun and just remember that wall clock is beating)

What was interesting is that this one used an email address that was spoofed from the University Of Sudbury. That implies that they have a bit of an IT security problem that they should address. Like right the hell now. I’ve reached out to them to let them know about that by the way. It also had a secondary domain that routes to a sample website but no clear owner. So I can’t contact the owner of that domain to give them a heads up. Other than that, there’s really nothing remarkable about this email. It looks like some guy who isn’t particularly skilled trying to  cash in on this craze of extortion phishing emails.

And by the way, this is now the ninth variant of this scam. But the last eight extortion phishing scams that I told you about in the last few months, there’s nothing worth investigating further. Instead, I’ll just put this out there so that if you get it, you can ignore it.

I’ve been tracking these extortion phishing emails for some time now and I have another one for you. But this one is different. Let me start with the text of the email:

Good evening,
 
we don’t think that it’s wrong to pleasure yourself from time to time.
Certain things are just best kept private, if your relatives and friends are confronted by this it will be something to worry about.
Something any person would be totally embarrassed with.
And will be having serious affects to your personal life and wellbeing.
For a period of time we have been monitoring your computer trough a trojan virus that has been installed by yourself and has infected your computer.
You have been infected by clicking on an advert on one of our infected pornographic websites.
A trojan virus gives us access to your computer and any device that is connected to it, whether it is trough wifi or bluetooth.
We have been monitoring your screen and everything you have been doing, trough a live feed, without you being aware of this.
We also have control over your camera and microphone which we can switch on and off whenever we want.
Any information that has been interesting or relevant to us has been stored privately.
For example: contacts, social media,emails,etc.
We have recorded a video where you can be seen pleasing yourself, and we have added the video you was watching as an split screen footage.
With one press of a button I can forward this video to all your contacts, social media, etc.
If you want to prevent this from happening transfer the amount of  750$ to the following bitcoin address.
 
Bitcoin address: [Bitcoin address redacted]
 
Buying bitcoin is very easy and straightforward ( usually verification is needed) trough the following websites:
http://www.coinbase.com
http://www.localbitcoin.com
http://www.coinmama.com
http://www.bitit.io
http://www.bitpanda.com
http://www.bittylicious.com
 
 
 
As soon as payment has been submitted your details and video footage will be deleted.
We will give you a timeframe of 5 days to make this payment.
Failing to do so will leave you with the consequences that you have been made aware of.
We don’t make mistakes.
Reporting this is useless, it is impossible to track this email address and these emails have been sent via an external server abroad.
These accounts have been hacked.
If you make the stupid choice to do report this or contact anybody about this message we will directly release your footage and forward it,
any other things we obtained that can possibly harm you will be used against you too.
We will get notified as soon as this email has been opened, from that moment the clock starts running.
You have 5 days exactly  not a minute longer.
 
With kind regards

So this email doesn’t offer up any proof like a password or anything of the sort that I’ve come across in some of the other scam emails. But I did note this:

If you note, there’s a question mark at the bottom of the page. That’s where a graphic is supposed to go. Sometimes people who send out email will use a small graphic to determine if the email has hit your inbox or if you’re read it. You can read more about that technique here. Since it was an HTML email, I figured that I could view the source code behind the email as most email clients allow one to do that. When I did that, I found HTML code that was written to communicate to a server with the email address that the scam email was sent to. The domain of the server in question was called mailing.press which was registered to a entity in India based on my Whois lookup:

domain:       PRESS

organisation: DotPress Inc.

address:      Directiplex

address:      Next to Andheri Subway

address:      Old Nagardas Road, Andheri (East)

address:      Mumbai

address:      Maharashtra

address:      400069

address:      India
contact:      administrative

name:         Manager

organisation: DotPress Inc.

address:      Directiplex

address:      Next to Andheri Subway

address:      Old Nagardas Road, Andheri (East)

address:      Mumbai

address:      Maharashtra

address:      400069

address:      India

phone:        +1.4154494774×8522

fax-no:       +91.2230797508

e-mail:       admin@radixregistry.com
contact:      technical

name:         CTO

organisation: CentralNic

address:      35-39 Moorgate

address:      London EC2R 6AR

address:      United Kingdom

phone:        +44.2033880600

fax-no:       +44.2033880601

e-mail:       tld.ops@centralnic.com

I am pretty sure that none of the information above is accurate or real. Though I would not be shocked if this scam ran out of India.

Even though it is incredibly unlikely that they have anything on you, I’m willing to bet that the scammers are using this method to allow them to send follow up emails to scare you into paying. Or they’re using this method to refine their mailing lists. So in the interest of science, I’m going to play along with it to see what happens next. They say bad things will happen to me in five days if I don’t pay up? Fine, I’m not going to pay these scumbags and see what they do. This should be fun. And way better than simply writing about stuff like the last seven extortion phishing scams that I told you about in the last few months.

UPDATE: Nothing bad happened to me. Thus proving that their threats are bogus.

This is getting ridiculous.

Another new email extortion Phishing email scam has appeared. Like the last six extortion phishing scams that I told you about in the last few months, this one again plays on the fact that you might have surfed for porn and that you might of done something else related to that. In other words, it is playing on your guilt about doing things that you perhaps should not be doing. Here’s the text of the latest scam email that I came across:

Hello!

I’m a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from [Email redacted] on moment of hack: [Password Redacted]

Of course you can will change it, or already changed it.
But it doesn’t matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I’ve never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!
BUT I’m sure you don’t want it.

Therefore, I expect payment from you for my silence.
I think $896 is an acceptable price for it!

Pay with Bitcoin.
My BTC wallet: [BTC Wallet Address Redacted]
If you do not know how to do this – enter into Google “how to transfer money to a bitcoin wallet”. It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.
If this does not happen – all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)

Do not be silly!
Police or friends won’t help you for sure …

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.
Farewell.

Let me be clear. THIS IS A SCAM. Here’s why:

1. Yes they have a password. But it’s likely a password that is gained via a data breach.  You can figure which data breach by going to haveibeenpwned.com and typing in your email address. And in the case of the person who got this email, it was an old password. That’s what tipped them off that it was fake.
2. They claim to have uploaded malware to your system. If you have up to date and functioning anti-virus software, that will be a non-issue. But of course, they’re lying about that. But if you’re unsure, have a computer professional look over your system.
3. They tell you changing your password will have no effect. That’s a lie. I strongly recommend that as a preventive measure that you change all your password so that you can spot these scams easily.
4. They claim to have pictures of you. Well, they don’t. But if you’re really paranoid about the possibility of that happening, cover up your webcam and disable your microphone.
5. They want you to pay up. Well, seeing as they have nothing on you, why should you pay them one red cent? You shouldn’t because they are scum. And scum don’t deserve to get paid for this sort of behavior.
6. They claim that the police can’t help you. Reporting scams to your local authorities is always a good idea. The U.S. Federal Trade Commission has a website for fielding complaints, while the Canadian Anti-Fraud Center is the place to go if you’re in Canada.

The bottom line is this. Like I said earlier, the people behind these scams are scum. Don’t reward scum for running a scam like this. Never, ever pay up. And by taking the precautions that I mentioned above will ensure that you never are a victim. And for the record, I will continue to shine a light on these scumbags as they are like cockroaches who hate the light.