Have you received an email saying your password has been stolen in broken English?
Subject: "Security Notice. Someone have access to you system" As you may have noticed, I sent you an email from your account. This means that I have full access to your acc: On moment of crack (email@example.com) password: jfwqu6qoizxahofj0qkw You say: this is my, but old password! Or: I will change my password at any time! Of course! You will be right, but the fact is that when you change the password, my malicious code every time saved a new one! I've been watching you for a few months now. But the fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence from e-mail and messangers. Why your antivirus did not detect my malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use. If you want to prevent this, transfer the amount of $770 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin"). My bitcoin address (BTC Wallet) is: 1MrUDSrZiqD3ijxsBUPt2SukoFy534orP2 After receiving the payment, I will delete the video and you will never hear me again. I give you 48 hours to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes.
So this trickster extortionist actually makes several mistakes (besides the spelling errors).
First of all the email says ” As you may have noticed, I sent you an email from your account.” there is a basic issue with this statement. All email can be ‘spoofed’ thus making it a form of spam. Spoofed means all text in the ‘From:’ means nothing it can be changed to whatever the spammer wants to make it look like. (In fact you can change your From field yourself if you choose as an experiment)
So if your email is “firstname.lastname@example.org” then the spammer can make it look that way.
The other problem the spammer sextortionist has is they have to make assumptions of a video camera that is on the computer.
What if there is no video camera on the computer? then how can the video sextortion work?
So the scammer makes several assumptions:
- you don’t know about From spoofing
- ignore misspelling and bad grammar
- email owner used porn
- email owner has videocam functioning on the computer
- at one time there was a password that is included in email
- knows enough about bitcoin or can learn how to transfer money into bitcoin
Those are a lot of assumptions, and on top of that the scammer is leaving an electronic trail in Bitcoin or at least how they access bitcoin(we will not go into detail of how this is done). The scammer leaves an electronic trail as to how they access bitcoin to experienced investigators, which is why you should goto bitcoinabuse website and file a report (link below).
One thing people should do is to see how many others this has happened to and to decide what to do from here Internet Storm Center also had one of these (i.e. google or startpage.com a portion of the email and see what comes up).
What did I do you may ask? Of course you NEVER pay the extortionist. But one can also help the Internet denizens to reduce this type of email: goto Bitcoin Abuse website
Go to the website and File a report by adding the bitcoin address that is included in the email so that law enforcement and other people who track and try to find these spammers can start to do something about it.
Or you can View a report with the bitcoin address to see how many others has this email gone to?? check the FAQ on bitcoinabuse.com
Above image is from Bitcoinabuse FAQ
Update 02/02/2019 (Groundhogs Day) Sextortion Follow the money part 3 – The Cashout begins!
So the short story is the scammers have accumulated a lot of money in hundreds(434) Bitcoin addresses which slowly started to move the money into a few addresses, as much as $21.5mil plus $18.5mil . Then from there the bitcoin addresses will be “mixed” so experts like in the link above will not be able to tell where the money goes (anonymity) using bestmixer.io.
So again please do not pay these scammers if you receive an email like the one included in this blog.