A few month ago I received an email stating that a hacker had penetrated my system and has all my personal passwords and full access to my system. It goes on to describe how the hacker was able to access the webcam and has incriminating video that they threaten to release to all your contacts unless you pay a hefty ransom, in bitcoin of course. Once again, these have all the earmarks of a scam.

 The Obvious Elements of a Scam:

  1. Poorly written English, loaded with grammatical mistakes.
  2. False accusations of illegal activity.
  3. Threats of extortion and blackmail.
  4. Use of fear that all your devices have been compromised.
  5. Payment by non traceable bitcoin.

It’s not wonder that bitcoin is not taking off when it’s associated with concealing illegal activity like extortion and false accusations.

A New Scourge:

The extortion letter is fast becoming the new Nigerian lottery or inheritance scam. But this is worse. Extortion by itself is illegal. Making a false accusation is the icing on the cake. Unfortunately, this well engineered scam which is targeting affluent men, might bring out guilty “victims” who are actually doing something they’d rather not have public. The scam relies on the sad fact that there are more sinners than saints in this world.

The ransom they demand started out as $2000, but has escalated to over $8000, in untraceable bitcoin of course. Problem is, the FBI is cracking down and bitcoin is no longer as safe as these extortionists may believe.

Thank Social Leaks:

The letter starts out with your name and a password you may have used in the past on social media or some other less than secure platform. With the number of hacks on Facebook and Google Plus alone, it’s no wonder they have some of your personal information.

The letter describes how it combed through your system and collected all your email contacts and caught you doing something incriminating on your webcam. Funny thing is, I personally don’t have a webcam and any webcams that do exist on my PC, laptop or phone are all taped over with black electrical tape. Unless you are a Youtube star, I suggest you do the same.

With all the leaks, I have long ago shut down Facebook, Twitter and other social media account that are now just a pathway for intruders and scammers. Learn how to properly shut down your Facebook account.

Unsecured Website Logins:

Another place where your password can be hacked is logging into unsecured websites. NEVER, EVER login to a website that is displaying an “not secure” text and icon in the address bar.

Sample Bitcoin Extortion Scam Letters:

This is just another twist on years of internet scams. Here is a copy of one received today:

“I‌ a‌m w‌ell a‌wa‌r‌e <redacted> on‌e of yo‌ur pa‌ss wo‌rds. L‌ets g‌et stra‌ight to‌ th‌e purpo‌s‌e. Not o‌n‌e p‌erson ha‌s pa‌i‌d me to‌ ch‌eck you. Yo‌u do no‌t kno‌w m‌e and you’r‌e mo‌st li‌k‌ely wo‌nd‌eri‌ng why yo‌u a‌re getti‌ng thi‌s ma‌i‌l? i‌n fact, i‌ actua‌lly s‌etup a‌ so‌ftwar‌e o‌n the xxx vi‌d‌eo‌ cli‌ps (s‌exua‌lly gra‌phic) w‌ebsi‌te and you know wha‌t, yo‌u vi‌si‌t‌ed thi‌s w‌ebsi‌t‌e to‌ ‌exp‌eri‌ence fun (yo‌u kno‌w wha‌t i‌ m‌ean). Wh‌en you wer‌e vi‌ewi‌ng vi‌d‌eo‌ clips, yo‌ur bro‌wser start‌ed o‌ut functi‌o‌ni‌ng a‌s a‌ R‌emot‌e D‌eskto‌p tha‌t ha‌s a‌ k‌eylo‌gger which pro‌vided m‌e wi‌th a‌cc‌essi‌bi‌lity to yo‌ur di‌spla‌y scr‌e‌en a‌s w‌ell a‌s ca‌m. i‌mmedi‌at‌ely after tha‌t, my so‌ftware co‌llected yo‌ur co‌mpl‌et‌e contacts from your M‌ess‌eng‌er, socia‌l n‌etworks, a‌nd ‌email acco‌unt. Next i‌ ma‌d‌e a‌ vi‌deo. Fi‌rst pa‌rt displa‌ys th‌e vi‌d‌eo yo‌u w‌ere wa‌tchi‌ng (you’v‌e go‌t a‌ nic‌e ta‌st‌e lmao‌), and 2nd pa‌rt sho‌ws th‌e vi‌‌ew o‌f yo‌ur w‌eb ca‌m‌era, & i‌t is you. You get no‌t o‌n‌e but two po‌ssi‌bi‌li‌ti‌‌es. W‌e should rea‌d up o‌n ea‌ch o‌n‌e o‌f th‌es‌e soluti‌o‌ns i‌n parti‌culars: 1st cho‌ic‌e i‌s to‌ i‌gno‌r‌e thi‌s ‌e-ma‌i‌l. as a‌ co‌ns‌equ‌ence, i‌ am go‌i‌ng to‌ send o‌ut your vi‌deo‌ to ‌every bi‌t o‌f yo‌ur p‌erso‌na‌l co‌nta‌cts a‌nd th‌en think conc‌erni‌ng th‌e sha‌m‌e yo‌u wi‌ll s‌ee. Do‌ no‌t fo‌rg‌et should yo‌u b‌e i‌n a ro‌ma‌nti‌c r‌ela‌ti‌onshi‌p, ho‌w i‌t can a‌ff‌ect? i‌n th‌e s‌eco‌nd pla‌c‌e cho‌i‌c‌e will b‌e to‌ gi‌v‌e m‌e $7000. L‌ets r‌efer to i‌t a‌s a‌ do‌nati‌on. Cons‌equ‌ently, i‌ mo‌st c‌erta‌i‌nly wi‌ll pro‌mptly ‌eli‌mi‌na‌te yo‌ur vi‌d‌eo‌ reco‌rding. Yo‌u can k‌e‌ep o‌n go‌i‌ng yo‌ur da‌i‌ly ro‌utine li‌ke thi‌s nev‌er happen‌ed a‌nd yo‌u would n‌ever h‌ear ba‌ck a‌gai‌n from m‌e. Yo‌u wi‌ll mak‌e th‌e pa‌ym‌ent by Bitcoi‌n (i‌f you do‌n’t kno‌w thi‌s, s‌ea‌rch fo‌r ‘ho‌w to buy bi‌t‌co‌i‌n’ i‌n Go‌o‌gle). B‌TC‌ a‌ddr‌ess: <redacted> i‌f yo‌u ha‌v‌e be‌en curious a‌bo‌ut go‌i‌ng to‌ the law ‌enfo‌rc‌em‌ent, lo‌o‌k, this ma‌i‌l can no‌t be traced back to‌ me. I‌ ha‌v‌e co‌v‌er‌ed my mo‌v‌es. i am just not lo‌oking to‌ cha‌rge yo‌u so‌ much, i‌ si‌mply pr‌ef‌er to‌ b‌e co‌mp‌ensa‌t‌ed. Yo‌u no‌w have t‌w‌o da‌ys to pa‌y. i‌’v‌e a‌ uniqu‌e pi‌x‌el wi‌thin thi‌s ‌ema‌i‌l messag‌e, a‌nd ri‌ght no‌w i know tha‌t you ha‌v‌e r‌ead thi‌s ema‌i‌l. i‌f i‌ do no‌t g‌et th‌e B‌i‌tC‌oins, i will send o‌ut yo‌ur vi‌d‌eo‌ to a‌ll o‌f yo‌ur co‌ntacts i‌ncluding fa‌mi‌ly m‌embers, co-wo‌rk‌ers, ‌etc. Ha‌vi‌ng sa‌i‌d tha‌t, i‌f i r‌ec‌ei‌v‌e th‌e paym‌ent, i‌ wi‌ll d‌estro‌y the r‌eco‌rdi‌ng ri‌ght a‌way. i‌f yo‌u rea‌lly want pro‌of, r‌eply with Y‌es! a‌nd i wi‌ll certa‌inly s‌end o‌ut your vi‌deo‌ reco‌rding to your 15 fri‌‌ends. i‌t’s a‌ nonn‌ego‌ti‌a‌bl‌e o‌ff‌er, and so‌ do‌ no‌t wa‌ste mi‌n‌e ti‌m‌e a‌nd yo‌urs by r‌esponding to thi‌s ‌e ma‌il.”

Here’s the first version I received back on May 2018

Hello. I do not want to judge you, but eventually of some occasions, we have point of contact since now. I do not think that caress oneself is very ill, but when all your acquaintances see it- its definitely bad. So, what am I implying? You surfed the internet with роrn, which I’ve seized with the deleterious soft. After you clicked on a video, virus started working and your device became function as rdp immediately. Obviously, all cams and screen started recording immediately and then my virus collected all contacts from your device. I text you on this e-mail address, because I’ve collected it from your device, and I make no doubt you for sure control this work e-mail. The most interesting point that I edited video, on one side it shows your screen record, on another side your cams record. Its very amusingly. But it was sophisticated ,so I proud of it. All in all- if you want me to destroy all this compromising evidence, here is my Bitcoin wallet address- (the scammers bitcoin wallet address) (it must be without «spaces» or «=»,check it). If you do not know how to make btc transactions, you can ask google or youtube for advice- its very easy. I suggest, that 320 usd will solve our problem and will destroy our point of contact forever. You have thirty hours after reading this letter(I put special pixel in it, ill know when you open it). If you do not able to finish transaction, ill share the compromising with all contacts I’ve collected from you. I do not think that cops can find me for only one day(not even 10 days), so think twice, you can lose your honor. Sorry for misprints, I am foreign.

What are they implying?

The natural behavior illustrated in this funny clip from the movie Tommy Boy is what likely prompts these type of scams.

What to Do:

First thing to do is zip up and DO NOT REPLY or you’ll be revealing that your email is live. Once they get you on the line, they may step up their campaign. So as much as you may be tempted to tear into these idiots, the best policy is to just say nothing. The second thing to do is perform a security audit, read on below. The third is optional and that is to report the letter to your local FBI office. Read what the FTC recommends.

Security Wakeup Call:

The next thing to do is to do a security audit and update your virus scan and passwords. Even if you are 100% confident that anyone could have hacked your PC, it’s a good wake up call to perform a routine security check. I recommend doing a security audit every 6 months. Sadly, too many clients I know use weak passwords and never change them.

Update your anti-virus.

AVG works well and is licensed for multiple PC systems and mobile devices.

Don’t Lose Any Sleep

The likelihood that a hacker was able to penetrate your system is highly unlikely. The whole concept of this scam is to use the notion that all you have some secrets that they can reveal. You may very well have some, but unless you’re very careless online, you shouldn’t lose any sleep or money over unfounded threats.

Still concerned? Contact us or respond with your comments below.