September 28, 2022

Scamware – Extortion Email Scam – Do Not Fall

Scamware is so common these days that you don’t even notice how many such emails of this type are sent out every day. You can have a quick look by going to the Spam folder of your email. Our email service providers such as Gmail & Hotmail do a great job of keeping these scam emails away, but there are a few email service providers that slip catching these scam emails. This is where blog posts like this one will come in handy, where you will be notified about the scam email and won’t fall for it.

Below is one of those sample emails that arrived today pretending to be from an “alledged hacker” who has installed a trojan or virus into the *Operating System* and has gained access to the files. In order to “delete” these critical files, he is asking me  for the equivalent of $1450 in bitcoins at the following address.

1C2ek9b57xdVY9rPUaUnczxN5vGjVS8EhA

Bitcoin Wallet of the Alleged Hacker (Scammer)

The email is from my own (fake) email address so there is no way to contact the hacker other than to deposit the funds.

Don’t fall into the trap of these emails, they are blind emails sent by bots to hundreds and millions of people and they hope that 1% or 0.1% of the targeted people will fall into the trap. For them, it’s free money. Just mark those emails as spam and get on with your life.

The following email is pasted below so that it can be included in Google searches and you can read and ignore these scam emails:

Hello there!

Unfortunately, there are some bad news for you.
Around several months ago I have obtained access to your devices that you were using to browse internet.
Subsequently, I have proceeded with tracking down internet activities of yours.

Below, is the sequence of past events:
In the past, I have bought access from hackers to numerous email accounts (today, that is a very straightforward task that can be done online).
Clearly, I have effortlessly logged in to email account of yours (<Email Address>)

A week after that, I have managed to install Trojan virus to Operating Systems of all your devices that are used for email access.
Actually, that was quite simple (because you were clicking the links in inbox emails).
All smart things are quite straightforward. (^-^)

The software of mine allows me to access to all controllers in your devices, such as video camera, microphone and keyboard.
I have managed to download all your personal data, as well as web browsing history and photos to my servers.
I can access all messengers of yours, as well as emails, social networks, contacts list and even chat history.
My virus unceasingly refreshes its signatures (since it is driver-based), and hereby stays invisible for your antivirus.

So, by now you should already understand the reason why I remained unnoticed until this very moment…

While collecting your information, I have found out that you are also a huge fan of websites for adults.
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I have recorded several kinky scenes of yours and montaged some videos, where you reach orgasms while passionately masturbating.

If you still doubt my serious intentions, it only takes couple mouse clicks to share your videos with your friends, relatives and even colleagues.
It is also not a problem for me to allow those vids for access of public as well.
I truly believe, you would not want this to occur, understanding how special are the videos you love watching, (you are clearly aware of that) all that stuff can result in a real disaster for you.

Let’s resolve it like this:
All you need is $1450 USD transfer to my account (bitcoin equivalent based on exchange rate during your transfer), and after the transaction is successful, I will proceed to delete all that kinky stuff without delay.
Afterwards, we can pretend that we have never met before. In addition, I assure you that all the harmful software will be deleted from all your devices. Be sure, I keep my promises.

That is quite a fair deal with a low price, bearing in mind that I have spent a lot of effort to go through your profile and traffic for a long period.
If you are unaware how to buy and send bitcoins – it can be easily fixed by searching all related information online.

Below is bitcoin wallet of mine: 1C2ek9b57xdVY9rPUaUnczxN5vGjVS8EhA

You are given not more than 48 hours after you have opened this email (2 days to be precise).

Below is the list of actions that you should not attempt doing:

Do not attempt to reply my email (the email in your inbox was created by me together with return address).
Do not attempt to call police or any other security services. Moreover, don’t even think to share this with friends of yours. Once I find that out (make no doubt about it, I can do that effortlessly, bearing in mind that I have full control over all your systems) – the video of yours will become available to public immediately.
Do not attempt to search for me – there is completely no point in that. All cryptocurrency transactions remain anonymous at all times.
Do not attempt reinstalling the OS on devices of yours or get rid of them. It is meaningless too, because all your videos are already available at remote servers.

Below is the list of things you don’t need to be concerned about:

That I will not receive the money you transferred.

Don’t you worry, I can still track it, after the transaction is successfully completed, because I still monitor all your activities (trojan virus of mine includes a remote-control option, just like TeamViewer).
That I still will make your videos available to public after your money transfer is complete.

Believe me, it is meaningless for me to keep on making your life complicated. If I indeed wanted to make it happen, it would happen long time ago!

Everything will be carried out based on fairness!

Before I forget…moving forward try not to get involved in this kind of situations anymore!
An advice from me – regularly change all the passwords to your accounts.

This is the scam email that came.

Below is header information about the email to help track it:

Delivered-To: <RedactedName>@gmail.com
Received: by 2002:a05:6a11:2603:b0:2f4:3458:b28a with SMTP id tg3csp216073pxb;
        Wed, 14 Sep 2022 20:53:59 -0700 (PDT)
X-Google-Smtp-Source: AA6agR6Dkr6uwO0Dd+6OxVYsUYksAG8xXPMffkSHZn5pSlQjMQQOyx/WXp4iQW1+NtFPYD10Mvv+
X-Received: by 2002:a17:907:701:b0:780:2c44:e4dd with SMTP id xb1-20020a170907070100b007802c44e4ddmr4636726ejb.589.1663214038836;
        Wed, 14 Sep 2022 20:53:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1663214038; cv=none;
        d=google.com; s=arc-20160816;
        b=m/vRrXpF1hLHxnF12RcQZCxzVVHD+PHVCcnxRz+EhC2L6f31cfiFz4n6rSxEOFnrbA
         148uIwqNJPa+Qj73T4UU3SLfSeCTtz08+7FKP4ZNVAC9z36hZoLqQjrybqu/WMZXxDRJ
         YdrdfmbxkBhCnObrJ88nbVRCqTapzFkmbrp/AWjp/NvVw/jFUafKcKu3riMye+5wAbtg
         9/M0XuVNG0XHFOr6eA50xHzH4nAGFlEYK+0U4zc+kPib3OkojxXZMpZstylIQP4JB/xi
         47SgVtG1hxBtrXQq4m33tD0NDExHiJm5LNrr4zkrxLFdMBF6AGusPfOuHoGhEFuybK8C
         6R2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=thread-index:content-transfer-encoding:mime-version:message-id:date
         :subject:to:from:dkim-signature;
        bh=/UhcSY4YlOkWFwIj/PhJYBf9M9ZaRv9nG3vj7NjULpc=;
        b=BclcrRgxvsjV9F/6l734nK0E+u1DdxVh7GZeytTdmcT7opNe6i1SZXFbbbAxFY6tgZ
         7NxNDz8tCRaCJEVVIi9KyDmgNlBJsKlk0bvF+bfz0ymH90GYCfv3PBWK6uZ2iqsaB4ZD
         7kSR28dBm6er9eMkvo5qsQ050UrfwanwXDcMN5yoEmXpDR4GUD6yTZq1T1zFCmivkkcJ
         R7QXSvy/MwyoKgZ3bkVFJe4+d2uqfNEw7Wn2wLe9wTyUuoUtICo4/VUOdfjhymFnZc9p
         a47dzZePyp71jtWPiMJwTRjj1orpAw4OEYx1PwtibT5r3pp4crRwjIEyIUu70/CfqmN4
         Q1vA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=2022 header.b=inS00NgT;
       spf=pass (google.com: domain of cfbounces+dropbox=<RedactedDomain>@<RedactedDomain> designates 104.30.4.34 as permitted sender) smtp.mailfrom="cfbounces+dropbox=<RedactedDomain>@<RedactedDomain>";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=<RedactedDomain>
Return-Path: <cfbounces+dropbox=<RedactedDomain>@<RedactedDomain>>
Received: from e-de.email.cloudflare.net (e-de.email.cloudflare.net. [104.30.4.34])
        by mx.google.com with ESMTPS id d24-20020a056402401800b00448db2ab374si12669565eda.596.2022.09.14.20.53.58
        for <<RedactedName>@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 14 Sep 2022 20:53:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of cfbounces+dropbox=<RedactedDomain>@<RedactedDomain> designates 104.30.4.34 as permitted sender) client-ip=104.30.4.34;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=2022 header.b=inS00NgT;
       spf=pass (google.com: domain of cfbounces+dropbox=<RedactedDomain>@<RedactedDomain> designates 104.30.4.34 as permitted sender) smtp.mailfrom="cfbounces+dropbox=<RedactedDomain>@<RedactedDomain>";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=<RedactedDomain>
Received: from [39.38.149.52] (39.38.149.52)
        by email.cloudflare.net (unknown) id qk6Ivdsmb8Eg
        for <[email protected]<RedactedDomain>>; Thu, 15 Sep 2022 03:53:49 +0000
Received-SPF: softfail (mx.cloudflare.net: domain of [email protected]<RedactedDomain> does not designate 39.38.149.52 as permitted sender)
   helo="[39.38.149.52]"; envelope-from="[email protected]<RedactedDomain>";
Authentication-Results: mx.cloudflare.net; spf=softfail; dkim=neutral; dmarc=fail;
DKIM-Signature: v=1; a=rsa-sha256; d=email.cloudflare.net; s=2022; c=relaxed/relaxed; bh=/UhcSY4YlOkWFwIj/PhJYBf9M9ZaRv9nG3vj7NjULpc=; h=from:subject:date:to; t=1663214037; b=inS00NgTcJ6GSJeOIHUZqYC0C/McLd/VlXuY0Q9wdxQBje7l/9hP1w6KJrzUrfnqMRiQlUj4iHz7zDOBlmbpzDQ2rTAibKWmgNIS5DiPE6nF1oojK9+3bHCNAysze6GPvFSu/XrWmPrTLP714lAeBIcbuAjoPJJ7Wb809HvAqnJGwsdrq21/QvknpHE4UEgXy/QuAck2CwS7Q0CQguqCOfWTG29ahU7a19PBisDgrMDszOdFnwxWnsbq0ghL3PU00i6rTawTHWIpUI+fe05Slzy2aQgz/rtyOkSsPK8PbeAvP11KYFS3cykd39hqQ8sbVGP7n5Bq1UxyQpzUU5ZHzg==;
From: <[email protected]<RedactedDomain>>
To: <[email protected]<RedactedDomain>>
Subject: You have outstanding debt.
Date: 15 Sep 2022 12:15:48 +0400
Message-ID: <[email protected]<RedactedDomain>>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-3"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Ac1vm2pdw3ty0mql1vm2pdw3ty0mql==
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.17514