Please login or register.

Login with username, password and session length
 

News:

SMF - Just Installed!


Author Topic: Email sextortion [Certified Scam & Nuisance]  (Read 7320 times)

Offline greentara

  • Administrator
  • Veteran
  • *****
  • Posts: 1782
  • Karma: +3/-0
    • My detailed profile
Email sextortion [Certified Scam & Nuisance]
« on: June 18, 2019, 09:57:54 AM »
Email sextortion scams are on the rise and they're scary — here's what to do if you get one
Jun 17 2019 | Kate Fazzini

“You can panic,” reads the subject line of one fake sextortion email.

Another has a victim’s real password in the subject line, in an attempt to establish authenticity.

These low-tech frauds spiked in 2018, according to the FBI’s Internet Crime Compliant Center (IC3), netting millions for scammers.

Last year, electronic extortion complaints rose 242% to 51,146 reported crimes, with total losses of $83 million.

While the FBI does not break out sextortion from the total number of extortion crimes reported, a spokesperson told CNBC, “The majority of extortion complaints received in 2018 were part of a sextortion campaign in which victims received an email threatening to send a pornographic video of them or other compromising information to family, friends, coworkers, or social network contacts if a ransom was not paid.”

The advice from experts: Don’t fall for it.

“They play on our basest levels of psychology,” said Priya Sopori, partner at law firm Greenberg Gluster and a former assistant U.S. attorney who prosecuted cybercrimes, including sextortion.

“You will read personalization into any generic statement. And if you believe that there are hackers out there that know every aspect of your life, and maybe they even know your life better than you do, you might actually pay even if you’ve done nothing at all.”

The power of shame

While there are examples of real sextortion, especially involving the theft of real nude photos or videos, hoax sextortion emails have no basis in reality.

Scammers send these emails out as form letters. They include claims about supposed improprieties, often including claims that the sender has evidence of your affairs, has hacked your webcam to take damning photos or videos of you or has evidence of pornographic material you’ve viewed.

Here’s a sample letter, courtesy of antivirus software company Malwarebytes, which researches this and other scams:

I am well aware [REDACTED] is your pass words. Lets get right to point. Neither anyone has paid me to investigate you. You may not know me and you are probably thinking why you’re getting this e-mail?
actually, i installed a software on the adult videos (pornographic material) web-site and do you know what, you visited this website to have fun (you know what i mean). While you were viewing videos, your web browser began working as a Remote Desktop that has a keylogger which gave me accessibility to your display and also cam. Just after that, my software gathered every one of your contacts from your Messenger, Facebook, as well as email . after that i created a double video. 1st part displays the video you were viewing (you’ve got a nice taste haha), and next part shows the recording of your cam, yeah its you.
You have not one but two choices. Shall we read up on these options in aspects:
First alternative is to just ignore this message. in such a case, i am going to send out your actual video to every single one of your personal contacts and think regarding the awkwardness you will definitely get. and definitely if you happen to be in a loving relationship, how it would affect?
Number 2 solution is to pay me $889. Lets name it as a donation. in this situation, i most certainly will asap remove your video footage. You could carry on daily life like this never occurred and you surely will never hear back again from me.


“First, have a healthy level of skepticism,” said Malwarebytes CEO Marcin Kleczynski.

“Then, remember, they almost certainly haven’t been recording you or have access to this type of information, if it even exists.”

His company has looked at bitcoin wallets associated with criminals perpetrating these schemes, Kleczynski said, where criminals ask victims to send what are often unusual sums -- $514, $607 and $618 in three recent examples. Apparently they spark enough panic to net the criminals $10,000 to $20,000 per week, according to Malwarebytes research.

“There is an incredibly low barrier of entry here. It’s a commodity attack,” he said. Criminals don’t need any hacking skills at all to pull off sextortion. They can simply rely on leaked email addresses stolen from huge companies and email providers in the last decade.

In the slightly more sophisticated version of the crime, scammers buy “dirt cheap” passwords associated with those emails and include the password in the subject line as an additional lure, falsely claiming they have used the password to access sensitive information about you.

But it’s all fake. The only reason it works so well, Sopori said, is because “People, especially young people, have come to believe there’s no such thing as privacy anymore.” This belief leads people to assume that anyone can spy on them at any time, or can even misuse their information to create the appearance of impropriety where it doesn’t exist.

“So it does seem to indicate that, when hear that people don’t care about privacy anymore, the success of these scams tells us the opposite might be true,” Sopori said. “People obviously do care about privacy. They do care about the idea that someone could have pictures of you, and they believe the threats that ‘I will send them to your brothers, your sisters, your friends.’ Privacy is still important. Shame can be a tremendous weapon that these criminals use.”

What you can do

Besides having a healthy level of skepticism -- it is highly, highly unlikely anyone sending one of these emails knows you or has information on you, Kleczynski emphasises -- checking and updating your spam filters can also help, to make sure those filters are catching the latest versions of these scams.

Changing passwords or using a password manager can also help, so that you can rest assured any passwords displayed in an alarming subject line are no longer in use. Multifactor authentication, which gives you the option of using other methods to log in other than passwords, can also help ease worries about passwords, he recommends

If you receive an email and it worries you, you can report it to your company’s IT department or local police -- who are well-aware of these scams, Sopori said. You can also report the emails to the FBI’s IC3.

Source: https://www.cnbc.com/2019/06/17/email-sextortion-scams-on-the-rise-says-fbi.html
Reference: https://blog.malwarebytes.com/cybercrime/2019/02/sextortion-bitcoin-scam-makes-unwelcome-return

Offline greentara

  • Administrator
  • Veteran
  • *****
  • Posts: 1782
  • Karma: +3/-0
    • My detailed profile
Re: Email sextortion [Certified Scam & Nuisance]
« Reply #1 on: August 16, 2019, 10:57:58 AM »
Date: Fri, 16 Aug 2019 01:14:58 +0300
Subject: Your account is being used by another person!
From: Lina Norman <[email protected]>
To: Email registered with Dropbox.com

Hello!

I am a hacker who has access to your operating system.
I also have full access to your account.

I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this,
transfer the amount of $500 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is:  33VMK9r9YDrkL4Ax9ZDsy1GPDE41s7zNdL

After receiving the payment, I will delete the video and you will never hear me again.
I give you 50 hours (more than 2 days) to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!



Reference 1: https://www.blockchain.com/btc/address/33VMK9r9YDrkL4Ax9ZDsy1GPDE41s7zNdL

Reference 2: https://www.theguardian.com/technology/2016/aug/31/dropbox-hack-passwords-68m-data-breach

Offline ainat

  • Administrator
  • Full Member
  • *****
  • Posts: 142
  • Karma: +0/-0
Re: Email sextortion [Certified Scam & Nuisance]
« Reply #2 on: April 06, 2022, 10:42:19 PM »
x-rcptto-key: T3/zwUZ0AMpBGdyzMQGmBoTIaZSfpxGzJRRHrdSOQok=
Subject: Here is the last warning!  Your entire information has been copied. The entry in system is completed.
Date: Sat, 2 Apr 2022 04:06:45 +0200
From: [email protected]
X-CSA-Complaints: [email protected]

Good day.
Your system has been hacked with a Trojan virus.
It has penetrated your device through adult portals which you sometimes visit.
Some spicy videos contain malicious code that activates after being turned on. Your entire information has already been copied to my servers.

I possess complete control over your device which you use to access the Internet.
I can see your screen, I can use a microphone and a camera in a way that you never notice anything. 

I've already made a screen recording.
A video was edited with a pornographic movie that you were watching at that time and masturbating.
Your face is perfectly visible and I donā€™t think that this kind of content will have a positive impact on your reputation.

I have an overall access to your list of contacts and the social media profiles. I can send this video from your E-mail or the messengers.

If you don't want to let this happen, then you only need to take one simple step.
Just transfer 1100 USD (US dollars) to Bitcoin wallet: bc1qs4tna7a3whcrcgkj43hzfx5zv5v2k7gm9y7zmx

(In a Bitcoin equivalent at the exchange rate for the time of transfer)
You can find the detailed instructions in Google.

After the payment I will remove the video and the virus from your device and no one will bother you anymore.
If I won't receive the payment in due time, all of your data and the videos will become publicly available.

I give you 2 business days.

I shall receive a notification that you have read the letter.
The timer starts immediately.
Any complain somewhere, including the police, is useless. My wallet and an E-mail cannot be tracked.

If I find out that you have shared this message with someone else, the video will become publicly available at once.
I will destroy your reputation forever and all your data will go public.

Everyone will learn about your passion for the porn sites and more. Changing the passwords will be useless either as all the data is already on my servers.

Don't forget that reputation is very important and be prudent!



Scammer's wallet address: https://www.blockchain.com/btc/address/bc1qs4tna7a3whcrcgkj43hzfx5zv5v2k7gm9y7zmx

Reference 1: https://www.bitcoinabuse.com/reports/bc1qs4tna7a3whcrcgkj43hzfx5zv5v2k7gm9y7zmx

Reference 2: https://checkbitcoinaddress.com/bitcoin/bc1qs4tna7a3whcrcgkj43hzfx5zv5v2k7gm9y7zmx