An evil and pathetic extortion attempt

[phase]

I got that a few months ago, I think it may have been a visit to hifiengine that triggered it perhaps.

 

[asuslover]

I received an email this morning attempting to extort $6000 from me in untraceable Bitcoin. The perpetrator does have my password, or should I say a password that I have used quite some time ago. They claim to have my contact list (9 of them), which also indicates old data. He claims to have spied on me through my web cam (I don't have one) and hacked a porn site to install a keystroke logger (I have never visited a porn site). .......
.......

Anyone out there get one of these and used either Yahoo email, or LinkedIn?

I understand that u don't have a web cam.
But u never visited a porn site????? You should....
Joke....of course.

 

[PRR]

> attempting to extort $6000 from me

Boo-Hoo! How come you are worth $6K and I'm not even worth $0.25K?

This did not come TO me; the scammer screwed-up (the address is not found at the destination, though I obfuscated it just in case) and it bounced to the forged return address (me).

It was all in Spanish, which I am not good with. Google translated it SO well, I bet it was machine-translated English to Spanish. It matches George's text near perfectly.

Su cuenta (3dmtrobledo@XXXXXados.com) fue pirateada
en inglés (Your account was pirated

You may not know me and you are probably wondering why you are receiving this email, right?
At this moment I pirated your account (3dmtrobledo@XXXXXados.com). I have full access to your device! I sent you an email from your account!
In fact, I placed a malware on the adult videos website (pornographic material) and you know what, you visited this website to have fun (you know what I mean).
While you were watching video clips,
Your Internet browser started to function as an RDP (remote desktop) that has a keylogger that gave me access to your screen and also to your webcam.
Immediately after, my software program gathered all your contacts from your Messenger, social networks and email.

What did I do?
I made a double screen video. The first part shows the video you were watching (you have good taste and sometimes weird), and the second part shows the recording of your webcam.
Exactly what should you do?

Well, I think $ 250 is a fair price for our little secret. Make the payment with Bitcoin (if you do not know, look for "how to buy bitcoin" in Google).
BTC Address: XXXX1LK8rRhBTekN3Uxh8ib83FfmvMsX6EQnqL
(It's very sensitive, so copy it and paste it)

Note:
You have 2 days to make the payment.
(I have a specific pixel in this email, and at this moment I know that you have read this email).

If I do not get the BitCoins, I will definitely send your video recording to all your contacts, including family members, coworkers, etc.

However, if you pay, I will destroy the video immediately.
If you want proof, answer with "Yes!" and I'll send your video recording to your 3 friends
This is the non-negotiable offer, so do not waste my personal time and yours responding to this email message.

Next time, be careful!
Goodbye!)

 

[JMFahey]

> attempting to extort $6000 from me

Boo-Hoo! How come you are worth $6K and I'm not even worth $0.25K?

This did not come TO me; the scammer screwed-up (the address is not found at the destination, though I obfuscated it just in case) and it bounced to the forged return address (me).

It was all in Spanish, which I am not good with. Google translated it SO well, I bet it was machine-translated English to Spanish. It matches George's text near perfectly.

Please copy paste the supposed Spanish text, so I see whether it sounds native Spanish or a clear Google Translate aberration

 

[PRR]

Please copy paste the supposed Spanish text, so I see...

Subject: Su cuenta (3dmtrobledo@XXXXXados.com) fue pirateada
From: "3dmtrobledo@XXXXXados.com" <PRR-at-school.edu>
Date: 9/21/2018 8:28 PM
To: <3dmtrobledo@XXXXXados.com>

¡Hola!

Puede que no me conozca y probablemente esté preguntándose por qué está recibiendo este correo electrónico, ¿correcto?
En este momento pirateé tu cuenta (3dmtrobledo@XXXXXados.com). ¡Tengo pleno acceso a tu dispositivo! Te envio un correo electrónico desde tu cuenta !
De hecho, coloqué un malware en el sitio web de videos para adultos (material pornográfico) y usted sabe qué, usted visitó este sitio web para divertirse (ya sabe a qué me refiero).
Mientras estabas viendo clips de video,
su navegador de Internet comenzó a funcionar como un RDP (escritorio remoto) que tiene un registrador de teclas que me proporcionó acceso a su pantalla y también a su cámara web.
Inmediatamente después, mi programa de software reunió todos sus contactos desde su Messenger, redes sociales y correo electrónico.

¿Qué hice?
Hice un video de doble pantalla. La primera parte muestra el video que estabas viendo (tienes un buen gusto ya veces extraño), y la segunda parte muestra la grabación de tu cámara web.
¿Exactamente qué deberías hacer?

Bueno, creo que $250 es un precio justo para nuestro pequeño secreto. Realizará el pago con Bitcoin (si no lo sabe, busque "cómo comprar bitcoin" en Google).
Dirección de BTC: XXXXX1LK8rRhBTekN3Uxh8ib83FfmvMsX6EQnqL
(Es muy sensible, así que cópielo y péguelo)

Nota:
Tienes 2 días para hacer el pago.
(Tengo un píxel específico en este mensaje de correo electrónico, y en este momento sé que ha leído este mensaje de correo electrónico).

Si no obtengo los BitCoins, definitivamente enviaré su grabación de video a todos sus contactos, incluidos familiares, compañeros de trabajo, etc.

Sin embargo, si pagas, destruiré el video inmediatamente.
Si desea pruebas, responda con "¡Sí!" y enviaré tu grabación de video a tus 3 amigos
Esta es la oferta no negociable, así que no pierda mi tiempo personal y el suyo respondiendo a este mensaje de correo electrónico.

La próxima vez, ¡ten cuidado!
¡Adiós!

 

[rayma]

All the phone company has to do is compare the originating phone number to the data field,
and if it is another number block the spoofed address, record the originating source and cut off
their service as a violation of law.

So the phone companies are complicit in fraud.

 

[JMFahey]

Interesting: it´s quite good Spanish, with no grammatical errors.
What gives it away is that it´s *constantly* switching between stiff/formal Spanish, and the friendly/familiar way, sometimes within the same phrase, which nobody would do.

At most, somebody might start writing the formal way to "sound like adults" and give the idea "this is not a teen prank, take us seriously" , and then switch to an informal way to emphasize "we gotcha!!! ... I´ve you under my thumb and don´t need to be polite any more" which is a show of strength and self confidence, but after that they would never ever go back to the formal way.

Thanks for posting.

PD: both Spanish versions would be translated to practically same text in English, which would rely more on context to carry mood.

 

[gpauk]

Ya know the phone companies could stop all this nonsense.

The spoofed number is transmitted after the originating phone number in the data field which is displayed on the receiving phone, as I remember from when I built my own answering machine.

All the phone company has to do is compare the originating phone number to the data field, and if it is another number block the spoofed address, record the originating source and cut off their service as a violation of law.

The phone companies are getting paid not to. Simple as that.

Not as simple as that, here. You are allowed to have a different number as CLI to the actual calling number, for example it may be the company head office number, or a number that can take a reply. So a simple compare doesn't work.

 

[PRR]

Interesting: it´s quite good Spanish, with no grammatical errors.
What gives it away is that it´s *constantly* switching between stiff/formal Spanish, and the friendly/familiar way, sometimes within the same phrase, which nobody would do. ...

As I'm sure you sense, the English alternates friendly, "you have good taste and sometimes weird", "our little secret", and stiff/formal "This is the non-negotiable offer".

As I'm sure you also sense, the English is as grammatical as non-official English gets. (Far better than many native-born USA residents.) The only bit which tickles my Missouri ear is "This is the non-negotiable.." where "a" would be more common, but "the" is perfectly correct also.

I'm now wondering if it had two authors. One proposed a general scam-letter, perhaps as a joke. Someone else took it and punched-up the specific threats. Even so, it is done fairly smoothly. (My mother was an editor and sometimes had to hammer two articles together and blend different voices.)

 

[TheGimp]

gpauk, the phone company knows who is doing this as they use the same base phone number. Say the local hospital is (423)626-2XXX, and they show up as 243-626-2000 which is the service desk number, simple to filter. It won't show up as another area code and suffix.

 

[Mr_Zenith]

I got one of those exact same emails - at work of all places. The blurb about "send it to law enforcement and we'll spill the beans" was particularly rich because, well... they kinda' did that by default when they sent it to me.

Besides, I've physically disabled my webcam (as in pulled out the little ribbon cable). Hey, would you want to be blackmailed for eating yogurt straight out of the container?

 

[jfetter]

My phone company somehow figures out the base number and marks all calls as "scam" because when I blocked and labeled one of the numbers it marks all from base number. But now they are constantly changing the base number.

 

[Pano]

Yes, a lot of those seem to come from overseas. That's why the phone companies "can't" block them, or do anything about the spoofing. Yeah, right.

I used to love the calls from Jamaica tell me I'd won the Pubisher's Clearing House Sweepstakes. I sort of miss those guys.

 

[benb]

I did use the password provided by the hacker on both sites at one time.

I use a different password for every site/login I have. Not saying how I keep track of them all ...

 

[asuslover]

I change the passwords every time I go online
because I always forget what password I used last time

 

[Tubelab_com]

One more time......I just got an almost exact duplicate of the same extortion letter. This time I'm only worth $2,000. My Bellsouth email box has been over run with spam in the past couple of years, but it has gotten much worse in the last few months. Some days I get 100 to 200 spam emails usually offering women, pills to make certain body parts bigger, cannabis oils, and other quack medicine or diets. I have used this email address for about 25 years, but it looks like I must abandon it. It will certainly mean loss of contact with some old friends with whom I don't converse frequently.

Sayers Buccafusco <tymilziefzl@outlook.com>
To *****@bellsouth.net

Today at 6:44 PM

I* do* know 0101fbe9 i*s yo*ur pa*sswo*rds. L*ets get di*r*ectly to* purpo*s*e. No* p*erson ha*s pa*id m*e to ch*eck yo*u. Yo*u do*n't kno*w m*e a*nd yo*u a*re pro*bably thi*nking why yo*u a*r*e g*etting this ema*i*l?

L*et m*e t*ell yo*u, i* a*ctua*lly s*etup a* malwa*r*e o*n the 18+ vi*d*eo*s (s*ex si*t*es) w*eb si*t*e a*nd th*ere's mo*r*e, you visit*ed this si*te to* *experi*enc*e fun (yo*u kno*w wha*t i* m*ea*n). Whil*e yo*u w*er*e vi*ewi*ng vi*d*eos, yo*ur w*eb bro*ws*er sta*rt*ed o*ut op*era*ti*ng as a* Remo*te D*eskto*p tha*t ha*s a* k*eylo*gg*er whi*ch provi*d*ed m*e wi*th acc*essibili*ty to* yo*ur displa*y scre*en a*s well a*s ca*m. Just a*ft*er tha*t, my so*ftwa*r*e pro*gra*m o*bta*i*ned all o*f yo*ur co*nta*cts fro*m your M*essenger, Fac*ebo*ok, and e-mailacco*unt. a*nd th*en i* cr*ea*ted a* vi*d*eo. 1st pa*rt di*splays th*e vi*deo* yo*u w*er*e wa*tchi*ng (you ha*ve a* go*o*d tast*e ha*ha*h), a*nd 2nd pa*rt di*splays th*e r*eco*rdi*ng o*f yo*ur web cam*era, a*nd i*t is u.

You go*t two* so*luti*o*ns. L*et us explo*r*e thes*e po*ssibi*li*ti**es i*n a*sp*ects:

Very first a*lt*erna*tiv*e i*s to n*eglect thi*s e mai*l. i*n this si*tua*ti*o*n, i a*m go*i*ng to* s*end yo*ur v*ery o*wn vi*d*eo* to* a*ll o*f yo*ur p*erso*na*l co*ntacts and thi*nk a*bo*ut r*egarding the a*wkwardness you can g*et. Do* not fo*rg*et i*f you ha*pp*en to* be in a* lovi*ng r*ela*ti*onship, preci*s*ely ho*w i*t wi*ll *ev*entua*lly a*ffect?

N*ext o*ption wo*uld be to* comp*ensa*t*e m*e 2000 USD. L*ets r*ef*er to* i*t a*s a* do*na*tio*n. Subs*equently, i* most c*erta*i*nly wi*ll i*mmedi*a*tely di*sca*rd yo*ur vi*d*eo* foo*ta*ge. Yo*u co*uld conti*nu*e everyda*y li*f*e li*ke thi*s nev*er to*ok plac*e and yo*u surely will nev*er h*ear ba*ck a*ga*i*n fro*m m*e.

Yo*u'll ma*k*e th*e pa*ym*ent via* Bi*tco*i*n (if yo*u do*n't know this, s*ea*rch fo*r 'ho*w to* buy bi*t*coi*n' i*n Go*ogle s*ea*rch engi*n*e).

B*T*C* a*ddr*ess to s*end to*: 1GfrxRYjPMNKnsE6Fx6EC72cj9ywJNXZZ8
[ca*s*e-s*ensi*ti*ve co*py a*nd pa*ste i*t]

i*f yo*u ma*y b*e thinking o*f go*ing to* th*e poli*c*e, sur*ely, this m*essa*g*e cannot be trac*ed back to* m*e. i* ha*v*e co*v*er*ed my steps. i am no*t trying to* a*sk yo*u for money a* who*l*e lo*t, i* si*mply wa*nt to b*e pa*i*d. Yo*u no*w ha*v*e on*e day to* ma*k*e th*e pa*ym*ent. i* ha*v*e a* sp*ecific pi*x*el wi*thin thi*s *ema*i*l messag*e, a*nd ri*ght no*w i* know tha*t yo*u hav*e r*ead this *e-ma*i*l. if i* do* no*t g*et th*e Bi*tCoins, i* wi*ll, no* do*ubt s*end your vi*d*eo recording to a*ll o*f yo*ur contacts including r*elati*v*es, co*wo*rk*ers, a*nd many o*th*ers. Ho*w*ever, i*f i* do g*et pa*i*d, i* wi*ll era*se th*e reco*rdi*ng right away. i*f yo*u r*ea*lly want *evidence, r*eply Yea* a*nd i* wi*ll c*erta*i*nly send o*ut yo*ur vi*deo* recordi*ng to* yo*ur 9 conta*cts. Thi*s i*s a* no*n:nego*ti*abl*e o*ff*er a*nd thus do*n't wast*e mi*ne ti*m*e a*nd yo*urs by r*eplying to thi*s *ema*i*l m*essa*g*e.

I just noticed how the text showed up after copying and pasting......this must be the "specific pixel" that the a$$hole embedded, likely a control character.

 

[Tubelab_com]

I use a different password for every site/login I have

I have a bunch of different passwords. I was in an IC research and development group at Motorola that had the highest computer security standards in the company. I adopted a system which complied with their rules, yet allowed my passwords to be plain sight at my desk. I never let on, and nobody knew, but it worked.

I still use something similar today to keep track of them all. The only issue that arises is that some places have oddball requirements on the use of non alphanumeric characters.

 

[jfetter]

Ya that's disgusting.
It's killing off the internet.

 

[Ultima Thule]

Here's more on it.
Extortion from a Yahoo.JP email address - yahoo email, Review 1055566 | Complaints Board

And on the lighter side...
This is what happens when you reply to spam email | James Veitch (TED)
More adventures in replying to spam | James Veitch (TED)

 

[benb]

One more time......I just got an almost exact duplicate of the same extortion letter. This time I'm only worth $2,000. My Bellsouth email box has been over run with spam in the past couple of years, but it has gotten much worse in the last few months. Some days I get 100 to 200 spam emails usually offering women, pills to make certain body parts bigger, cannabis oils, and other quack medicine or diets.

This looks like the "regular" load of spam that most email addresses get. Most people don't see anywhere near this amount of spam because their ISPs have filters that remove about 99 percent of it. It looks like either Bellsouth doesn't run a filter on email (this seems unlikely), or the filter is turned off for your account. I'd call bellsouth and tell them about your quantity of spam, ask why you're getting so much and if there's anything they can do about it.

I just noticed how the text showed up after copying and pasting......this must be the "specific pixel" that the a$$hole embedded, likely a control character.

Does your email client load images in HTML email? If so, there's surely an option to tell it NOT to load such images). Not loading images (or other entities in HTML email) protects you from the following:

The "specific pixel" sounds like a webbug, something I recall first reading about perhaps two decades ago. A webbug is a single-pixel image loaded from the sender's server by the HTML code, and the filename is encoded with the email address it's sent to, so the sender's server detects if/when your email address has read the email.

Web beacon - Wikipedia