Scammers Extortion Email -Don’t Be Fooled By These Nigerian Hackers
Recently I’ve received quite a few emails trying to extort $700 from me. The scammers allege to have hacked my personal computer and taken control of my camera and mic. According to this want to be extortionist, he has a video of me masturbating while watching a video on a porn site.
You may have also received an email like that over the last couple of weeks.
The first time you receive one of these emails it’s a bit frightening, even if you’re not someone who uses porn sites.
Don’t Panic!
Calm down, go back and read the email message again. It’s got some many holes in the story that only a very few people would actually take it seriously.
Let's take a closer look
I’ll paste the message (including spelling and grammatical errors) I received and maybe you have the same one. Further down I’ll go thru the main points which give it away as a toothless threat, which you must not be concerned about.
Security Notice. Someone have access to you system
I hacked your device and then got access to all your accounts... Including [email protected].
It is easy to check - I wrote you this email from your account.
Also I have an old password for the hacking day: 3491cf1b712aa7a992029dcf23910
I'll begin with the most important.
I hacked your device and then got access to all your accounts... Including [email protected].
It is easy to check - I wrote you this email from your account.
Also I have an old password for the hacking day: 3491cf1b712aa7a992029dcf23910
Moreover, I know your intim secret, and I have proof of this.
You do not know me personally, and no one paid me to check you.
It is just a coincidence that I discovered your mistake.
In fact, I posted a malicious code (exploit) to an adult site, and you visited this site...
While watching a video Trojan virus has been installed on your device through an exploit.
This darknet software working as RDP (remote-controlled desktop), which has a keylogger, which gave me access to your microphone and webcam.
Soon after, my software received all your contacts from your messenger, social network and email.
At that moment I spent much more time than I should have.
I studied your love life and created a good video series.
The first part shows the video that you watched, and the second part shows the video clip taken from your webcam (you are doing inappropriate things).
Honestly, I want to forget all the information about you and allow you to continue your daily life.
And I will give you two suitable options. Both are easy to do.
First option: you ignore this email.
The second option: you pay me $700(USD).
Let's look at 2 options in detail.
The first option is to ignore this email.
Let me tell you what happens if you choose this path.
I will send your video to your contacts, including family members, colleagues, etc.
This does not protect you from the humiliation that you and your family need to know when friends and family members know about your unpleasant details.
The second option is to pay me. We will call this "privacy advice."
Now let me tell you what happens if you choose this path.
Your secret is your secret. I immediately destroy the video.
You continue your life as if none of this has happened.
Now you might think: "I'll call to police!"
Undoubtedly, I have taken steps to ensure that this letter cannot be traced to me, and it will not remain aloof from the evidence of the destruction of your daily life.
I don't want to steal all your savings.
I just want to get compensation for my efforts that I put in to investigate you.
Let us hope that you decide to create all this in full and pay me a fee for confidentiality.
You make a Bitcoin payment (if you don't know how to do it, just enter "how to buy bitcoins" in Google search)
Shipping amount: $700(USD).
Getting Bitcoin Addresses: 1FVuyuSN41aa3JN9sn8qkuD2PmaMEMHHnc
(This is sensitive, so copy and paste it carefully)
Don't tell anyone what to use bitcoins for. The procedure for obtaining bitcoins can take several days, so do not wait.
I have a spetial code in Trojan, and now I know that you have read this letter.
You have 48 hours to pay.
If I don't get BitCoins, I'll send your video to your contacts, including close relatives, co-workers, and so on.
Start looking for the best excuse for friends and family before they all know.
But if I get paid, I immediately delete the video.
This is a one-time offer that is non-negotiable, so do not waste my and your time.
Time is running out.
Bye!
Let's go through this piece of garbage.
The subject line for this email is: Security Notice. Someone have access to you system
Pretty sure if it was a legitimate email the sender would know how to spell “your” This is just the first of numerous spelling mistakes and bad grammar.
Right away this is a signal the email is from a scammer, most likely in Nigeria.
The next big clue is the scammer does not know your name. If he really had hacked you and had all your information along with your contact information, he would know your name, right? He never mentions your name at all or any of your contacts names.
The email goes on to say: I hacked your device and then got access to all your accounts... Including [email protected].
It is easy to check - I wrote you this email from your account.
Also I have an old password for the hacking day: 3491cf1b712aa7a992029dcf23910
I’m far from being an email expert but I do know anybody can spoof sending an email from any account. It’s spammer 101 So don’t be worried about that. They do not have your email login information.
This part: Also I have an old password for the hacking day: 3491cf1b712aa7a992029dcf23910
That part of his argument to prove has has your logins doesn’t even make any sense at all. Take a look at it, is that an old password of yours? I’ll bet a million dollars it’s not
Next he moves onto tell you the story and how he got your information
I posted a malicious code (exploit) to an adult site, and you visited this site...
That takes a heck of a lot of skill and yes it can be done but that’s not what happened in this case. I’ll get to how it was done shortly.
Next he moves onto the part which is meant to give you chills and thoughts of divorce and humiliation.
I studied your love life and created a good video series.The first part shows the video that you watched, and the second part shows the video clip taken from your webcam (you are doing inappropriate things).
Studying my love life?! Really? That must have been boring hahahaha
He reckons he made a video of me wanking to the porn video I’m watching on the screen! Just not my style. BUT, in all fairness hackers can do that. Your cam can be turned on without your knowledge and recordings of you made.
The simple way to prevent this is to put some tape across the camera lens.
Empty Threat
If this clown actually had a video of you, don’t you think he would at least send a snippet of it as proof?
He has no video or images of you at all.
Now the demand!
He says you have 2 options, one is to ignore him and that will result in your misdeeds being shared far and wide causing you intense embarrassment. (Oh you are so naughty!)
The second option is to buy some bitcoins and send him $700.
The reason he is asking for bitcoin is they are very hard to trace, in some instances they can be but it takes a lot of skill and resources to do this. Most people would not be able to trace them at all.
False Reassurance
The scammer wants to assure you that if you pay the ransom, you will be safe and it will have cost you only $700 but your dignity will have been maintained.
But if I get paid, I immediately delete the video.
That’s not how these arseholes work. If you did go ahead and pay them, they would hound you until you were totally broke.
How They Got Your Email
Lots of crappy sites will sell your email. You have probably given your email to all sorts of sites. As I say some of them are lowlife scammers themselves with zero ethics. They will sell your email and name to anyone willing to pay.
In itself that’s not a major threat, just an annoyance.
But, that’s not how these guys did it.
Recently a huge database was hacked and stolen. It had over 700 million email addresses in it. That’s been sold to hundreds of scammers like our fellow.
To discover if your email address has been collected in any server hacking events you can check (for free) at Have I Been Pwned I recommend you join their mailing list and they will send you an alert every time your email has been stolen.
The hack event which allowed our email address to be stolen was
GoldSilver: In October 2018, the bullion education and dealer services site GoldSilver suffered a data breach that exposed 243k unique email addresses spanning customers and mailing list subscribers. An extensive amount of personal information on customers was obtained including names, addresses, phone numbers, purchases and passwords and answers to security questions stored as MD5 hashes. In a small number of cases, passport, social security numbers and partial credit card data was also exposed. The data breach and source code belonging to GoldSilver was publicly posted on a dark web service where it remained months later. When notified about the incident, GoldSilver advised that "all affected customers have been directly notified".
Compromised data: Bank account numbers, Email addresses, IP addresses, Names, Partial credit card data, Passport numbers, Phone numbers, Physical addresses, Purchases, Security questions and answers, Social security numbers
The point of knowing that is very important; they will tell you which site your details were stolen from. This will encourage you to go and change your password on that site. It was most likely also stolen.
Having good security on your computer and phone is a must have. Hackers are not going away, they are a part of our lives and precautions need to be in place.
Anyway, you know all that already. Hoping this article has helped, especially if you have received one of these (hollow) threats. Mind you, always be on guard!