Wednesday, 18 July 2018

I Know Your Password - now let me blackmail you!

I know XXXXXXXX one of your password. Lets get right to purpose. You may not know me and you are probably wondering why you're getting this e-mail? No one has paid me to investigate about you.
I just received an email that started with the above text. Actually, the email was put into my Spam bin but I was browsing through when I noticed that the email header was quoting a genuine password that I have used in the past. "That's odd," I thought. So I read on. This is how the email continued...
In fact, I actually setup a software on the adult streaming (sex sites) website and there's more, you visited this web site to experience fun (you know what I mean). While you were viewing video clips, your browser started functioning as a Remote control Desktop that has a keylogger which gave me access to your display screen and web cam. 
Immediately after that, my software obtained all of your contacts from your Messenger, FB, as well as e-mail . After that I created a double-screen video. 1st part displays the video you were watching (you've got a nice taste rofl), and next part displays the recording of your webcam, & its u.  
You actually have 2 possibilities. Lets go through these possibilities in particulars:
First alternative is to just ignore this email. In that case, I most certainly will send your recorded material to every one of your contacts and thus consider regarding the disgrace you will definitely get. Not to mention if you are in a loving relationship, just how it will eventually affect? 
In the second place option would be to compensate me $3500. Lets name it as a donation. In this scenario, I most certainly will without delay erase your videotape. You can continue on everyday life like this never occurred and you surely will never hear back again from me.
You will make the payment through Bitcoin (if you don't know this, search for "how to buy bitcoin" in Google).
BTC Address to send to: XXXXXXX
[CASE SENSITIVE copy & paste it] 
In case you are looking at going to the authorities, surely, this e mail cannot be traced back to me. I have taken care of my actions. I am not looking to ask you for money a lot, I want to be paid for. I've a specific pixel in this e mail, and right now I know that you have read through this email message. You have one day to make the payment. If I do not receive the BitCoins, I will, no doubt send out your video to all of your contacts including family members, co-workers, and so on. Nonetheless, if I receive the payment, I will erase the video immidiately. If you want proof, reply with Yeah! and I will certainly send your video recording to your 5 contacts. This is the non-negotiable offer, that being said do not waste my personal time and yours by replying to this email.
OK, so this is a scam but it's a pretty interesting and deceptive one as it relies upon the receiver having more technical literacy than many simpler ("I'm a Nigerian prince, I want to send you money") scams. It assumes a) that you recognise your own password and know that other people should not have access to it and b) that you know what a keylogger is (it records and sends back to the bad guys the keystrokes you enter on your computer). It also assumes you understand Bitcoin and may at least be sufficiently baffled by the "hidden pixel" guff to think it's genuine.

OK, so I tracked down the password it mailed me. I had used it once, many years ago, when logging into a very innocent-looking site all about foreign language learning. The chances that a keylogger recorded my password all those years ago and the bad guys have only now decided to blackmail me seemed remote. Much more likely that the security of that site has been compromised, the bad guys got a whole load of old passwords and the rest of the email is pure nonsense.