New blackmail method...

General discussion of identity theft issues, including identity theft schemes, phishing scams, and related issues.
Arthur Rubin
Tupa-O-Quatloosia
Posts: 1756
Joined: Thu May 29, 2003 11:02 pm
Location: Brea, CA

New blackmail method...

Post by Arthur Rubin »

From EMAIL
To PASSWORD <EMAIL>
Subject
password (PASSWORD) EMAIL is compromised
Date
Tuesday, October 23, 2018 06:39
Size
10 KB
Hello!

I'm a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from EMAIL on moment of hack: PASSWORD

Of course you can will change it, or already changed it.
But it doesn't matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I've never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!
BUT I'm sure you don't want it.

Therefore, I expect payment from you for my silence.
I think $846 is an acceptable price for it!

Pay via Bitcoin.
My BTC wallet: 1GcwYRfWesiSe2fBmsVSpNG2K11zDMhksG

If you do not know how to do this - enter into Google "how to transfer money to a bitcoin wallet". It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.
If this does not happen - all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)

Do not be silly!
Police or friends won't help you for sure ...

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.
Farewell.
The password (which is a lower cased version of one that I have used) and email address are changed to PASSWORD and EMAIL. I haven't checked the actual e-mail headers to see if it was inserted at my MSP (unlikely, as it's not related to any of my E-mail passwords), or if my name is somewhere in the message....

All the porn sites that I have accessed or heard of request a first name, so it is unlikely to be anything more than a simple scam.... But, if I disappear from here, you'll know why.
Last edited by Arthur Rubin on Tue Oct 23, 2018 9:57 pm, edited 1 time in total.
Reason: premature send
Arthur Rubin, unemployed tax preparer and aerospace engineer
ImageJoin the Blue Ribbon Online Free Speech Campaign!

Butterflies are free. T-shirts are $19.95 $24.95 $29.95
Chaos
Admiral of the Quatloosian Seas
Admiral of the Quatloosian Seas
Posts: 993
Joined: Sat Jul 25, 2015 8:53 pm

Re: New blackmail method...

Post by Chaos »

after this email is read, I will be know it!
and i will be haz cheezburger
LaVidaRoja
Basileus Quatlooseus
Posts: 844
Joined: Mon Sep 01, 2008 12:19 am
Location: The Land of Enchantment

Re: New blackmail method...

Post by LaVidaRoja »

I got something similar a couple of months ago. My response was "Please send me the video, I want to know what I have been up to!!" My computer expert (the local 16 year-old) told me that the scam is called 'sextortion'. A few people have been accessing sites they do not want friends and family to know about and have paid up.
Little boys who tell lies grow up to be weathermen.
bmxninja357
Admiral of the Quatloosian Seas
Admiral of the Quatloosian Seas
Posts: 1108
Joined: Wed May 07, 2014 6:46 am

Re: New blackmail method...

Post by bmxninja357 »

Grumpycat thinks its bullspit.
whoever said laughter is the best medicine never had gonorrhea....
Chaos
Admiral of the Quatloosian Seas
Admiral of the Quatloosian Seas
Posts: 993
Joined: Sat Jul 25, 2015 8:53 pm

Re: New blackmail method...

Post by Chaos »

LaVidaRoja wrote: Wed Oct 24, 2018 12:04 am I got something similar a couple of months ago. My response was "Please send me the video, I want to know what I have been up to!!" My computer expert (the local 16 year-old) told me that the scam is called 'sextortion'. A few people have been accessing sites they do not want friends and family to know about and have paid up.
since the scammer says he has access to the mark's computer camera (the usage explanation is hilarious), why not take picks of the mark fighting the purple helmet warrior? that would be embarrassing. maybe :shrug:
Arthur Rubin
Tupa-O-Quatloosia
Posts: 1756
Joined: Thu May 29, 2003 11:02 pm
Location: Brea, CA

Re: New blackmail method...

Post by Arthur Rubin »

Seems to have been inserted at vodafonedsl.it. (Received: headers are in reverse order, aren't they?) I've think I've got the IP address of insertion, also.
Arthur Rubin, unemployed tax preparer and aerospace engineer
ImageJoin the Blue Ribbon Online Free Speech Campaign!

Butterflies are free. T-shirts are $19.95 $24.95 $29.95
HardyW
Pirate Captain
Pirate Captain
Posts: 228
Joined: Sat Aug 22, 2015 9:16 am

Re: New blackmail method...

Post by HardyW »

I had a similar e-mail 2 days ago, but it did not claim the password was from my e-mail account, simply that said "one of your passwords is abcdefg".

So if yours has listed your e-mail address together with the real password you use (or once used) to access that e-mail, it suggests they have obtained that information from the mail supplier. Whereas for mine, having found many identical copies online. it's likely to have come from a huge theft of Amazon or LinkedIn account details.
User avatar
eric
Trivial Observer of Great War
Posts: 1316
Joined: Mon Aug 11, 2014 2:44 pm

Re: New blackmail method...

Post by eric »

Most of these "sextortion" emails, although yours may be the exception to the rule, are nothing more than spray and pray. All the scammer does is pay a low fee for one of the many copies of hacked emails/password lists from major hacks and send the same email with minor variances to everyone on the list. If only one of them pays the fee he has broken even. I did a clean up on some of my many different on-line identities and found one of these sextortion emails on one of my gmail accounts that I haven't used for about two years. Hmmm.... never sent any emails from that account, so no contacts; only used to browse some very fishy, potentially fraudulent debt consolidation sites; no suspicious emails received to that account with attachments containing trojans (in fact no emails at all); last but not least I don't even have a camera hooked up to this computer. My multiple anti-virus and malware scanners also claim I'm as clean and virginal as the new driven snow. Just more spam to be deleted...
morrand
Admiral of the Quatloosian Seas
Admiral of the Quatloosian Seas
Posts: 400
Joined: Sat Jan 28, 2012 6:42 pm
Location: Illinois, USA

Re: New blackmail method...

Post by morrand »

Arthur Rubin wrote: Wed Oct 24, 2018 2:00 am Seems to have been inserted at vodafonedsl.it. (Received: headers are in reverse order, aren't they?) I've think I've got the IP address of insertion, also.
Headers go in every which way. Best bet I've found is to submit the message to SpamCop and see what it says.
---
Morrand
KickahaOta
Admiral of the Quatloosian Seas
Admiral of the Quatloosian Seas
Posts: 344
Joined: Tue Jul 02, 2013 7:45 pm

Re: New blackmail method...

Post by KickahaOta »

http://haveibeenpwned.com is invaluable reading material for breaches like this, as well as a valuable monitoring service to find out when you've, well, been pwned.

Basically, there are at least two huge "credential stuffing lists" out there. These are lists of millions of email addresses/user IDs and associated passwords, harvested from various sites at various times through hacks, then combined and recombined into larger and larger databases. In the majority of cases, by the time an ID and password make it to this list (or very shortly afterward), they're no longer valid on the site they came from. But a depressing number of people use the same ID and password on multiple sites, so these lists are still very useful to hackers.

Someone got the bright idea of using these credential stuffing lists for theft through false pretense instead of hacking. By mass-emailing the users found on the stuffing list, and sending each user their corresponding password, the attempted thief creates the impression that they know a great deal about you. The bit about the camera and the porn is an old trick: when you're trying this sort of scheme, claim to know something that's extremely embarrassing or even dangerous. In the vast majority of cases the claim will be obviously false. But if you're sending to a large enough list, you're bound to hit some people for whom the wild claim happens to be true by pure chance -- and those people will often panic. Panicked people are often amazingly easy to scam.
User avatar
eric
Trivial Observer of Great War
Posts: 1316
Joined: Mon Aug 11, 2014 2:44 pm

Re: New blackmail method...

Post by eric »

I realize that this is a very old thread, but lately I have been receiving these "sextortion" emails on a weekly basis along with others telling me I have to reset my password on various services. Hint for the scammers - I don't have a paypal account or a camera. Having an enquiring mind I decided to dissect how these emails actually work:
1. The part of the email that you actually read is just something to attract your attention and open the email;
2. Once opened, the "real" part of the email goes to work. It consists of a bunch of Zimbra snippets in javascript that perform the following functions: https://en.wikipedia.org/wiki/Zimbra
3. Identify your browser;
4. Identify your Webmail service provider and manufacture a skin;
5. From the above information create a list of your contacts and a list of the first one hundred of all your email senders and subjects;
6. Send this harvest back to the scammer when you click on the link.

Really it's nothing more than a valid email address harvesting project. That being said, here are some ideas on how to stop it:
1. If you must use an online, web based, email provider turn off javascript execution in your browser without permission;
2. Be really old fashioned, use an offline email client, even use POP-3 if you desire;
3. Usual warnings about clicking on links in emails.

BTW, the only time I use my webmail is once a week to check if anything has been put into the spam folder by accident. The rest of the time I use an email client from 2013.