A few month ago I received an email stating that a hacker had penetrated my system and has all my personal passwords and full access to my system. It goes on to describe how the hacker was able to access the webcam and has incriminating video that they threaten to release to all your contacts unless you pay a hefty ransom, in bitcoin of course. Once again, these have all the earmarks of a scam.
The Obvious Elements of a Scam:
- Poorly written English, loaded with grammatical mistakes.
- False accusations of illegal activity.
- Threats of extortion and blackmail.
- Use of fear that all your devices have been compromised.
- Payment by non traceable bitcoin.
It’s not wonder that bitcoin is not taking off when it’s associated with concealing illegal activity like extortion and false accusations.
A New Scourge:
The extortion letter is fast becoming the new Nigerian lottery or inheritance scam. But this is worse. Extortion by itself is illegal. Making a false accusation is the icing on the cake. Unfortunately, this well engineered scam which is targeting affluent men, might bring out guilty “victims” who are actually doing something they’d rather not have public. The scam relies on the sad fact that there are more sinners than saints in this world.
The ransom they demand started out as $2000, but has escalated to over $8000, in untraceable bitcoin of course. Problem is, the FBI is cracking down and bitcoin is no longer as safe as these extortionists may believe.
Thank Social Leaks:
The letter starts out with your name and a password you may have used in the past on social media or some other less than secure platform. With the number of hacks on Facebook and Google Plus alone, it’s no wonder they have some of your personal information.
The letter describes how it combed through your system and collected all your email contacts and caught you doing something incriminating on your webcam. Funny thing is, I personally don’t have a webcam and any webcams that do exist on my PC, laptop or phone are all taped over with black electrical tape. Unless you are a Youtube star, I suggest you do the same.
With all the leaks, I have long ago shut down Facebook, Twitter and other social media account that are now just a pathway for intruders and scammers. Learn how to properly shut down your Facebook account.
Unsecured Website Logins:
Another place where your password can be hacked is logging into unsecured websites. NEVER, EVER login to a website that is displaying an “not secure” text and icon in the address bar.
Sample Bitcoin Extortion Scam Letters:
This is just another twist on years of internet scams. Here is a copy of one received today:
“I am well aware <redacted> one of your pass words. Lets get straight to the purpose. Not one person has paid me to check you. You do not know me and you’re most likely wondering why you are getting this mail? in fact, i actually setup a software on the xxx video clips (sexually graphic) website and you know what, you visited this website to experience fun (you know what i mean). When you were viewing video clips, your browser started out functioning as a Remote Desktop that has a keylogger which provided me with accessibility to your display screen as well as cam. immediately after that, my software collected your complete contacts from your Messenger, social networks, and email account. Next i made a video. First part displays the video you were watching (you’ve got a nice taste lmao), and 2nd part shows the view of your web camera, & it is you. You get not one but two possibilities. We should read up on each one of these solutions in particulars: 1st choice is to ignore this e-mail. as a consequence, i am going to send out your video to every bit of your personal contacts and then think concerning the shame you will see. Do not forget should you be in a romantic relationship, how it can affect? in the second place choice will be to give me $7000. Lets refer to it as a donation. Consequently, i most certainly will promptly eliminate your video recording. You can keep on going your daily routine like this never happened and you would never hear back again from me. You will make the payment by Bitcoin (if you don’t know this, search for ‘how to buy bitcoin’ in Google). BTC address: <redacted> if you have been curious about going to the law enforcement, look, this mail can not be traced back to me. I have covered my moves. i am just not looking to charge you so much, i simply prefer to be compensated. You now have two days to pay. i’ve a unique pixel within this email message, and right now i know that you have read this email. if i do not get the BitCoins, i will send out your video to all of your contacts including family members, co-workers, etc. Having said that, if i receive the payment, i will destroy the recording right away. if you really want proof, reply with Yes! and i will certainly send out your video recording to your 15 friends. it’s a nonnegotiable offer, and so do not waste mine time and yours by responding to this e mail.”
Here’s the first version I received back on May 2018
Hello. I do not want to judge you, but eventually of some occasions, we have point of contact since now. I do not think that caress oneself is very ill, but when all your acquaintances see it- its definitely bad. So, what am I implying? You surfed the internet with роrn, which I’ve seized with the deleterious soft. After you clicked on a video, virus started working and your device became function as rdp immediately. Obviously, all cams and screen started recording immediately and then my virus collected all contacts from your device. I text you on this e-mail address, because I’ve collected it from your device, and I make no doubt you for sure control this work e-mail. The most interesting point that I edited video, on one side it shows your screen record, on another side your cams record. Its very amusingly. But it was sophisticated ,so I proud of it. All in all- if you want me to destroy all this compromising evidence, here is my Bitcoin wallet address- (the scammers bitcoin wallet address) (it must be without «spaces» or «=»,check it). If you do not know how to make btc transactions, you can ask google or youtube for advice- its very easy. I suggest, that 320 usd will solve our problem and will destroy our point of contact forever. You have thirty hours after reading this letter(I put special pixel in it, ill know when you open it). If you do not able to finish transaction, ill share the compromising with all contacts I’ve collected from you. I do not think that cops can find me for only one day(not even 10 days), so think twice, you can lose your honor. Sorry for misprints, I am foreign.
What are they implying?
The natural behavior illustrated in this funny clip from the movie Tommy Boy is what likely prompts these type of scams.
What to Do:
First thing to do is zip up and DO NOT REPLY or you’ll be revealing that your email is live. Once they get you on the line, they may step up their campaign. So as much as you may be tempted to tear into these idiots, the best policy is to just say nothing. The second thing to do is perform a security audit, read on below. The third is optional and that is to report the letter to your local FBI office. Read what the FTC recommends.
Security Wakeup Call:
The next thing to do is to do a security audit and update your virus scan and passwords. Even if you are 100% confident that anyone could have hacked your PC, it’s a good wake up call to perform a routine security check. I recommend doing a security audit every 6 months. Sadly, too many clients I know use weak passwords and never change them.
Update your anti-virus.
AVG works well and is licensed for multiple PC systems and mobile devices.
Don’t Lose Any Sleep
The likelihood that a hacker was able to penetrate your system is highly unlikely. The whole concept of this scam is to use the notion that all you have some secrets that they can reveal. You may very well have some, but unless you’re very careless online, you shouldn’t lose any sleep or money over unfounded threats.
Still concerned? Contact us or respond with your comments below.