New Email Scam Alert!
I got an email today that clued me into a new scam that I wanted to report on. Sorry in advance for the long article, but it will be worth it to read this all the way through!
Here’s a question for you. Have you ever been notified that one of your passwords and, say, your email address, have been compromised in some of the recent break-ins to corporate sites? There have been all kinds of these announced in the news over the past year.
Chances are good that your email, and possibly an old password that you used to use have been compromised! In most cases, the companies in question did let you know that you need to change your password on their website; and as long as no credit card information was stolen, you feel like you’ve come out okay.
Well, if you have been a victim of one of these compromised sites, there is a new methodology attempting to extort money from you… even If they have only a small amount of your personal information. Now, keep in mind, this information, once a break-in has occurred, is readily available for sale on the “Dark Web” and anyone can get lists that show a username, a password, and an email address, at minimum. You would think that there is a not lot they can do with that, given that you changed your password long before these lists have gone out.
However, I got an email today that demonstrates that people that buy these lists can come up with VERY interesting methods to attempt to extort money from folks that have had some information exposed in the past.
For instance, I was told some time back that the Linux Mint website had been compromised, and that my email address, my name, and my old password on the site had been derived from the hack. I then, of course, immediately changed my password on the Linux Mint website. And, I thought that all was well!
Until I got the email today. This is a really innovative scam! I have to give them some credit for their attempt. The problem is: A) I am technology savvy, B) I am security savvy, C) I am a tech blogger (bad for them!) and, D) I know what I have, and have not, done online!
Let’s look at the contents of the email that I received today:
“I know ********* (Correct password replaced by asterisks) is your passphrase. Lets get
right to purpose. No one has compensated me to check about you. You may not know me
and you’re probably thinking why you’re getting this mail?
In fact, I setup a malware on the 18+ streaming (sexually graphic) web site and
there’s more, you visited this website to have fun (you know what I mean). When you
were watching video clips, your browser initiated functioning as a RDP with a
keylogger which provided me accessibility to your display and cam. Right after that,
my software collected all your contacts from your Messenger, FB, and email . And
then I created a double video. 1st part shows the video you were watching (you’ve
got a nice taste omg), and next part displays the view of your cam, & its u.
You actually have two different options. We are going to go through these choices in
1st choice is to just ignore this e mail. In that case, I am going to send your very
own recorded material to all your your personal contacts and also visualize
concerning the shame you will get. And as a consequence if you happen to be in a
romantic relationship, precisely how it is going to affect?
In the second place choice should be to give me 3000 USD. Lets call it a donation.
In this scenario, I most certainly will without delay discard your video. You could
keep going everyday life like this never happened and you will not ever hear back
again from me.
You will make the payment through Bitcoin (if you don’t know this, search for “how
to buy bitcoin” in Google search engine).
BTC Address: ********************** (Again, replaced with asterisks)
[case-sensitive, copy & paste it]
If you may be thinking of going to the cop, okay, this email cannot be traced back
to me. I have covered my moves. I am also not looking to ask you for money very
much, I wish to be paid for. I have a special pixel in this e mail, and right now I
know that you have read through this email message. You now have one day to pay. If
I don’t get the BitCoins, I will send out your video to all of your contacts
including friends and family, colleagues, and many others. However, if I receive the
payment, I will erase the recording right away. This is the non-negotiable offer
therefore please don’t waste mine time & yours by replying to this email message. If
you want evidence, reply Yup! & I definitely will send out your video recording to
your 5 contacts.”
Now, here’s what’s interesting! (Other than the “Engrish!”) People that know me, know that I don’t visit porn sites. I also don’t have a Messenger account. And, I have never had an open WebCam without doing a recording to do a web video for my Dr. Bill.TV show. I just don’t use WebCams! I keep them turned off, or I cover them, on any machine I have. So, even if I had visited a porn site, which of course I didn’t, then there wouldn’t have been a video of me to use!
Also, I use a mail client that is on-line, and does NOT automatically display graphics, so there is no way, he could register a display of a single bit pixel, even if he had embedded one in the original message!
Now, you might say, “Yeah, but Dr. Bill, aren’t you afraid that somebody could take some video footage from one your shows and splice it together with some porn footage, thereby making it look like you’re watching videos?” Well, yes, I suppose they could, but, they could do that with ANY online personality, or YouTuber! But, think about it, if you fall for the extortion, then you keep the scam going because the person will make money! If you reply to the email, they know that they have a “live one” and might actually make the video! Think these kinds of scams through!
I DO think it is interesting that they don’t demand an extremely large amount of money; an amount that no one could possibly raise, even if they thought they had to, to protect their reputation! When you get right down to it, if you were freaking out about your reputation, then you MIGHT actually scramble around and try to get together $3000 to send to this guy’s Bitcoin account. But if you just think through the process, you’ll see that all they really have is your email address, your name, and an old password. And, the potential victim, in this case me; already knows that this information has been made readily available. Think, folks!
Now the sad thing is, I’m sure a lot of people WILL fall for this, and send the money! And then they will sit around and sweat thinking, “Oh, no, will they release the information anyway?”
I’m sending this out as a lesson not to allow the scam to catch you, and make you panic! Remember, if we feed these guys by trying to “pay them off” then we perpetuate the scam. If enough people will see through this logically and see that there’s nothing to fear, then we can nip this kind of thing in the bud!
So, Internet user, be aware of this new scam, and whatever you do, don’t fall for it! (And, oh by the way, contrary to popular opinion, and what’s propagated by some TV shows… Bitcoin transactions CAN be traced! You’d be better off demanding cold, hard cash as opposed to Bitcoin, because any electronic transaction can be traced! So, how do you know that I’m not after you!?! (GRIN!)