Corporate Blog

We have had a particularly nasty extortion email brought to our attention by two different clients in the last four days. Some research reveals that it has been around since at least late last year, but variants of extortion emails are almost as old as email itself. However, the personal nature of the current incarnation of these emails is alarming to those who receive it, even those with a clear conscience.

Unfortunately, as with most (if not all) scams, the scammers have been successful. In this case, because they demand payment of their ransom in Bitcoin, and the Bitcoin system allows public tracking of all transactions (just not the identities of the senders and receivers), researchers have been able to see that the Bitcoin addresses used in these scam emails have indeed received payments. A quick glance shows payments reaching into six figures (in US dollars) for some Bitcoin addresses (like bank account numbers, but not subject to the same scrutiny as happens when you open a bank account), and since it seems that few (if any) Bitcoin addresses have been used twice (although they are probably controlled by a small number of criminals), you can multiply that many times over.

One of the key features of the current round of emails that seem to have cropped up in the last week is the inclusion of a password that you may have used at some point in the past, both in the subject and the body of the email, to get your attention. This adds plausibility to the extortion attempt. However, keep in mind that huge databases of personal information are being breached by hackers all the time. The well-known tracking website “Have I Been Pwned” includes over five billion breached accounts (and growing) in its database. They compile their database from the raw data released by hackers after they penetrate the systems of the likes of LinkedIn, MySpace, Adobe, Ashley Madison and many others, so those databases are out there and will be forever. If a website or company you use was hacked and your password was stored by them in an unencrypted form, then there are databases out there that contain enough information to put together your email address and a password you have used, and possibly your name, address and phone number too. (Some people have received these extortion attempts via postal mail.) Do an old-fashioned mail merge and voila, you have an email message that could scare you into parting with anywhere from hundreds to tens of thousand of dollars in a vain attempt to keep a secret that a scammer made up in his or her own imagination.

As with all spam and scam emails, these are best ignored. They are just mass produced by the millions and fired out at the Internet shotgun-style.

Some have commented in the links we provide below that they have contacted the police about these emails (or letters) and received the cold shoulder. This is unsurprising. One of the benefits of computers is also one of their downsides; the fact that you can send an hilarious cat video to a few thousand of your closest friends is the same technology that allows scammers to multiply their own efforts considerably and with very little effort or expense. Your national police force probably already has this in their in tray, and when combined with other law-enforcement efforts it will probably rise to the top one day when they pull Guido over for speeding and realise that he is the mastermind behind all of this. Case closed.

There are many “top ten things you should do to remain safe on the Internet” lists out there. None will cover it all in only ten items, but here are some things for you to consider in the vein of the contents of these emails that we have reproduced below:

• Don’t reuse passwords. If you consistently use the same email address and password for different websites, then when one of them is breached, all of your accounts are breached. Use a different password for every single website. It’s not that hard. Use a password manager like KeePass to generate and track random, complicated passwords that you will never remember and never need to remember.
• Cover your webcam lens with an opaque cover when it is not in use. Some webcams include such a cover you can flip over the lens. If yours doesn’t, you can get a sticky cover that you can easily remove and reapply that doesn’t leave residue on the lens. We buy ours from the Electronic Frontier Foundation, but you can get generic ones or small metal covers you can install that you then slide to cover the lens (do a Web search for “webcam cover“), or you could use a sticky note or even a plaster / adhesive bandage.
• Tell your friends and family. Friends don’t let friends pay bogus ransoms for bogus extortion attempts. Send them a link to this post at blog.niner.net/2018/07/24/extortion-scam-email

If you have any questions or concerns about this, please contact us and we will be happy to answer your questions. Thanks for your time.

Links to external websites with additional information documenting this scam

• Reasonably Clever Extortion E-mail Based on Password Theft (16 July 2018)
• Sextortion Scam Uses Recipient’s Hacked Passwords (12 July 2018)
• My Bitcoin blackmail experience started with a well-written letter (10 April 2018)
• Bitcoin Porn Blackmail Scam Reports Surge (12 March 2018) (Ironically, this post ends with a “helpful” affiliate link [for which the website is paid] to a website where you [the scammed individual] can buy Bitcoin to pay your ransom! How thoughtless of these morons.)
• E-mail video scam (23 November 2017)
• Extortion Phishing: So, closer to the point. You surfed the internet with porn, which I’ve placed with the virus … (1 September 2017)

The two emails brought to our attention are below. The wording is not identical, but the style and substance are the same and they seem to be written by the same person. In these emails we have masked our clients’ names, email addresses and passwords, of course.

Email 1

———- Forwarded message ———
From: Juliana Bradford <ydewillyfx@outlook.com>
Date: Mon, 23 Jul 2018 at 19:46
Subject: CLIENT NAME – PASSWORD
To: CLIENT EMAIL ADDRESS

I am well aware PASSWORD one of your passphrase. Lets get right to point. There is no one who has compensated me to investigate you. You do not know me and you’re most likely wondering why you’re getting this e-mail?

In fact, I actually setup a malware on the X streaming (pornography) web-site and do you know what, you visited this web site to experience fun (you know what I mean). While you were viewing videos, your internet browser began functioning as a Remote control Desktop that has a key logger which provided me accessibility to your screen and web camera. Right after that, my software collected all your contacts from your Messenger, social networks, as well as e-mailaccount. After that I created a video. First part displays the video you were viewing (you have a nice taste haha), and 2nd part displays the view of your cam, yea it is you.

You get two alternatives. Shall we read each of these choices in particulars:

First choice is to disregard this email message. In this scenario, I am going to send out your very own recorded material to every single one of your contacts and also just think concerning the awkwardness you will see. And consequently if you happen to be in an important relationship, just how it will eventually affect?

2nd alternative is to pay me $7000. Lets refer to it as a donation. Consequently, I most certainly will without delay discard your video recording. You could go on your daily life like this never occurred and you surely will never hear back again from me.

You will make the payment by Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google).

BTC Address to send to: 18sPsLXYDqKZnZ6Mb5xbYS168QFPYrQC75
[case sensitive, copy & paste it]

Should you are planning on going to the law enforcement, well, this mail can not be traced back to me. I have covered my actions. I am just not looking to ask you for money a whole lot, I simply want to be paid. I’ve a special pixel within this mail, and right now I know that you have read this message. You have one day to make the payment. If I do not receive the BitCoins, I will certainly send your video recording to all of your contacts including friends and family, co-workers, and many others. Nevertheless, if I do get paid, I will destroy the video right away. If you need proof, reply with Yea then I will certainly send out your video recording to your 7 friends. It’s a nonnegotiable offer and so please don’t waste my personal time & yours by responding to this message.

Email 2

——– Forwarded Message ——–
Subject: RE: CLIENT NAME – PASSWORD
Date: Thu, 19 Jul 2018 05:03:35 +0000
From: Antonio Simmons <jrcsxeugeniouks@outlook.com>
To: CLIENT EMAIL ADDRESS

I will directly come to the point. I do know PASSWORD is your pass word. More to the point, I am aware about your secret and I’ve evidence of your secret. You do not know me personally and nobody paid me to look into you.

It’s just your bad luck that I came across your bad deeds. Well, I placed a malware on the adult video clips (porno) and you visited this site to have fun (you know what I mean). While you were busy watching videos, your internet browser initiated operating as a Rdp (Remote desktop) that has a key logger which gave me access to your display screen as well as web camera. Right after that, my software program gathered your entire contacts from messenger, facebook, and mailbox.

Next, I put in more hours than I probably should’ve looking into your life and made a two view video. 1st part shows the video you were watching and second part shows the view from your web camera (its you doing dirty things).

Honestly, I am ready to forget all information about you and let you continue with your daily life. And I am going to present you 2 options that will make it happen. Those two option is with the idea to ignore this letter, or simply pay me $ 2900. Let’s explore these 2 options in more detail.

Option One is to ignore this email message. Let us see what is going to happen if you opt this option. I will certainly send your video to your entire contacts including family members, co-workers, and so forth. It does not shield you from the humiliation your self will face when family and friends discover your dirty details from me.

Option 2 is to send me $ 2900. We will call it my “privacy tip”. Now lets see what will happen if you choose this option. Your secret remains your secret. I’ll erase the recording immediately. You go on with your routine life that none of this ever occurred.

At this point you may be thinking, “I will complain to the police”. Let me tell you, I have covered my steps in order that this e mail cannot be linked to me plus it won’t prevent the evidence from destroying your lifetime. I’m not seeking to steal all your savings. I just want to get compensated for the time I placed into investigating you. Let’s assume you decide to produce all of this vanish entirely and pay me my confidentiality fee. You will make the payment via Bitcoin (if you don’t know how, type “how to buy bitcoins” on google search)

Amount to be paid: $ 2900
Bitcoin Address to Send to: 1GQK1MNV5N7B9pV8L63W7nGfChJkKp7ymq
(It is CASE sensitive, so you should copy and paste it carefully)

Tell nobody what you should use the bitcoin for or they may not provide it to you. The method to get bitcoin will take a short time so do not delay.
I’ve a specific pixel within this email message, and now I know that you’ve read this e mail. You have 24 hours to make the payment. If I don’t get the BitCoin, I will definately send out your video to your contacts including close relatives, colleagues, and many others. You better come up with an excuse for friends and family before they find out. Nonetheless, if I do get paid, I’ll destroy the video and all other proofs immediately. It’s a non negotiable offer, thus do not waste my personal time & yours. Your time is running out.