I received an impressive email scam recently. My response was to forward it to the email provider’s abuse contact (firstname.lastname@example.org) and file a complaint with the Internet Crime Complaint Center (ic3.gov). I’ll include the whole email later. The bottom line: Scammer has my password and will humiliate me if I don’t pay $1900 in bitcoin.
The scammer’s email landed in my spam folder. I was given a deadline of July 11. I didn’t clean out my spam folder till today (July 15).
In fact, the scammer does have one of my passwords: a throwaway password I use with throwaway accounts. When a web site makes me “register for an account” to retrieve information I want, this is the type of password I used to use. Now that I use password manager software (Lastpass specifically) I choose passwords more randomly and let the manager remember them.
If you Receive an Email Threat
Here are some things to think about:
- If it claims to be from an official source (law enforcement, financial institutions, etc.) ask yourself, “Would they send me something this important through email?” Almost nothing of legal or financial significance travels by email, unless it is followed up by phone or paper mail. I don’t know of an official source that can make a legal one-time demand through email.
- Treat all contact information in the email as bogus. If it’s from your credit card company, get out your credit card and call the phone number on the card. Do not click on links or use phone numbers appearing in the email. They may connect you to the scammer. Payment instructions (i.e. a Bitcoin address) might be legitimate and may provide a way to track the scam and find other recipients.
- The contents may be entirely fiction. If the scammer taunts you with personal facts (like knowing one of your passwords), keep in mind that a lot of presumed secrets are offered for sale on the Internet. This includes email addresses, passwords, financial information (credit card numbers), lists of friends (easily stolen through Facebook), lists of contacts (stolen whenever possible), and whatever leaked out when the Equifax credit bureau was hacked.
- If there’s very little personalization in the email (i.e. name and a few other items filled in) then it’s almost certainly part of a mass mailing. You, the email recipient, have not been personally targeted.
- Modern cybercrime is a very specialized business. People who send mass email threats like this are not people who hack into individual computers. People who collect contact information aren’t people who send mass email threats. I know TV shows are filled with master cybercriminals who do it all, but they’re fiction.
- It doesn’t take a lot of resources to buy personal information online or to cyber-harass someone. Being personally targeted is very different from being part of a widespread scam like this.
Analyzing the Email
Here’s the creepy email I received:
From: Bxxxx Txxx <email@example.com>
Subject: rick – PWxxxx
Date: July 10, 2018 at 3:43:49 PM CDT
To: “firstname.lastname@example.org” <email@example.com>
I am aware, PWxxxx, is your pass word. You do not know me and you’re most likely thinking why you are getting this mail, right?
actually, I installed a malware on the adult vids (sex sites) site and do you know what, you visited this web site to experience fun (you know what I mean). While you were watching videos, your internet browser started functioning as a RDP (Remote Desktop) having a key logger which gave me accessibility to your screen as well as webcam. Right after that, my software program obtained your complete contacts from your Messenger, Facebook, as well as email.
What did I do?
I created a double-screen video. First part displays the video you were watching (you’ve got a nice taste lmao), and next part shows the recording of your web cam.
exactly what should you do?
Well, I believe, $1900 is a reasonable price for our little secret. You will make the payment via Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1JHwenDp9A98XdjfYkHKyiE3R99Q72K9X4
(It is cAsE sensitive, so copy and paste it)
You have one day to make the payment. (I have a unique pixel in this email message, and right now I know that you have read this email message). If I do not receive the BitCoins, I definitely will send your video to all of your contacts including friends and family, colleagues, and many others. Nevertheless, if I receive the payment, I’ll destroy the video immidiately. If you really want proof, reply with “Yes!” and I will certainly send out your video recording to your 14 contacts. It is a non-negotiable offer, that being said please don’t waste my personal time and yours by responding to this e-mail.
I obscured personal or possibly bogus details, but left the Bitcoin wallet address unchanged. It’s the most traceable piece of the email. Googling it brought up all sorts of things.
This is a mass scam in which someone sent a barrage of spam email, the most recent being on July 10. Others (or perhaps the same person) have sent around similar threats since last winter. The Bitcoin wallet used in this email has gone from brand-new on July 10 to about $15,000 today, following over a dozen separate deposits. I don’t know if those were investments by the wallet owner or payoffs by email recipients. I fear they’re payoffs. The ‘beauty’ of cybercurrency like Bitcoin is that you can’t tell.
The sender’s name and email address are almost certainly fake, since people can create new outlook.com email addresses for free. I tried to trace the email using the technique I outline in an earlier article. Outlook.com’s email headers don’t share details about the logged-in user who sent the emails. Some email sites will include the sender’s numeric Internet Protocol address. These are assigned and tracked by the mailer’s Internet service provider.
Several others have recently reported on this scam: Bruce Schneier, Brian Krebs, and the Internet Storm Center. Here’s another article from a cybersecurity civilian that popped up when I first searched using the Bitcoin address. The author (incorrectly I believe) linked this email to another malware infestation – she refers to the incident as “my stupidity” but did something many of us have done.
Update: Yes, Another One
I stopped cleaning out my spam folder to write this blog entry. Upon resuming the task, I found another scam email, also from outlook.com. It arrived a day later than the first one (July 11), from a different email address, and made no reference to the previous email, except by more-or-less duplicating it.
Here were the two most interesting differences:
Well, I believe, $3900 is a reasonable price tag for our little secret. You’ll make the payment by Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1AWKTr1vq3946tyuxG7Q1mLcJum4rjnmro
(It is cAsE sensitive, so copy and paste it)
This time the scammer wants over twice as much money, and uses a different Bitcoin wallet.
I could not find this Bitcoin wallet by searching for it. I did, however, locate details collected by folks at the Internet Storm Center who received an email with the same Bitcoin address.