Monday, December 24, 2018

More emailed fun

It’s been ages since I’ve shared some email fun, but the other day I got a scam extortion email that was so transparently stupid—and topical—that it deserves to be shared. I’d like to think that no one would fall for a scam like this, but I know some will. I can’t stop that, but I can mock the scammers.

The email wasn’t to me, exactly. It was sent “from” my email account to the same email account. But the servers rejected it: “A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error.” Which means it was sent from “me” to me and I couldn’t do that. Well, duh, the email account is dead. Any real hacker would know that.

The message, with the subject “Security Alert. [dead email address] was compromised. You need change password!” It was dated 9 Dec 2018 00:18:18. The date is important. Here’s the scam message (bad grammar and spelling and weird wording were all in the original, but I fixed its terrible spacing to make it read a little better):

I have very bad news for you.
09/08/2018 - on this day I hacked your OS and got full access to your account [dead email address].

So, you can change the password, yes... But my malware intercepts it every time.

How I made it: In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it. When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!! I'm talk you about sites for adults.

I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea.... I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?). After that, I made a screenshot of your joys (using the camera of your device) and glued them together. Turned out amazing! You are so spectacular!

I'm know that you would not like to show these screenshots to your friends, relatives or colleagues. I think $724 is a very, very small amount for my silence. Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins! My BTC wallet: [redacted]

You do not know how to use bitcoins? Enter a query in any search engine: "how to replenish btc wallet". It's extremely easy

For this payment I give you two days (48 hours). As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically. If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".

I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment! This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.
Good luck.
Nothing about this is real, of course, which is what makes it so hilarious.

First, this was for a dead email address, not a site. Email addresses can’t access any sites whatsoever, so the whole premise was so transparently fake that I really did LOL at it. The next thing was that the email was dated 9 December, but it claimed to have “hacked” my “OS” (no, it was a dead email address, actually) on “09/08/2018”. Assuming that this came from Russia/Eastern Europe, as most of these do, it would be 9 August, yet they emailed four months later? Or, was it supposed to be American-style dates, since they would probably assume their marks were American, that would still be September 8, two months before the actual date. No real hacker would wait 2 or 3 months to make an extortion demand.

And, for the record, I have no webcam, and an email address cannot visit a site where some scammer can pretend to have “made a screenshot of the adult sites where you have fun”. Neither of those were possible. All of which is the kind of scam the NZ government has been warning people against, something that came up around the time of their “Fraud Awareness Week”.

All of which made me wonder: How many people have enough things in the faked email that are true enough that they might think the extortion was real, and not a scam? There was no way this could be true for me, but what about people who do have a webcam, and who do visit “adult sites”, who don’t know for sure it’s fake? And that’s why these scams persist: If one in a hundred thousand people take it for real, it makes the whole effort worthwhile. If everyone ignored such emails, they would eventually go away.

But not everyone does or can know what’s real and what’s a scam. That’s how these things persist. Sure, it’s kind of sick and pathetic that people would prey on ignorance and naiveté, but when has that ever NOT been the case? The Internet makes it easy to make a lot of money from a lot of gullible people, but this has been going on—on a smaller scale—for centuries. Technology has changed, but people haven’t.

This is the first of these extortion emails I’ve “received”, but it was by accident, because the scammers used a dead email address they faked to try to send it to a dead email address. Otherwise, I’d never have seen it. And, they failed, of course: They didn’t gain control of a site because it was actually a dead email address, and I wasn’t stupid enough to take them seriously. A couple years ago, I received a similar scam about a site I controlled (in part), and I knew, or guessed, that was fake.

The moral of the story, I suppose, is to assume that all such emails are fake and scams unless there’s some good and very specific reason to think otherwise. If that’s the case, contact the relevant cybercrime authorities to deal with it. But, chances are good that it’ll be a scam, as this one was.

And I really did literally LOL at it.

No comments: