The World According to Mitch

The day to day ramblings of an IT Professional (and so much more…)

A Familiar Blackmail Scam

This post is dedicated to a longtime friend and avid reader of this blog. Rick passed away last week, and he will be missed. My life is richer for having been friends with him all these years. Not for nothing… I always knew his passwords, no matter how often I tried to convince him to change them! -MDG

I received an email this morning in my Junk Mail folder. Actually, I received three of them that are worded identically from different addresses. It is very long, so while I will post the entire text, I will post it at the end. I invite you to skim it, but do not waste your time. It essentially claims that the sender has compromised my devices, downloaded all of my data and contacts, and recorded compromising videos of my… uhm… enjoying adult videos in the privacy of my home. If I pay him off then he will delete the videos and data, otherwise he will share it with all of my contacts.

You may have received this email (or one like it) before. You might receive one in the future. Let me put your mind at ease: The losers sending this message have not compromised anything.

Should you change your passwords often? Yes. Should you ever share them? No. If you are worried that someone might have your password should you change it right away? Absolutely. However, without raising my blood pressure one single point, this email scam reinforces the most basic password rules that I always preach:

  • Do not share your passwords with anyone.
  • Do not reuse your passwords; or at least have unique passwords for any sensitive accounts.
  • Change your passwords often.
  • If you use the same password on multiple sites, then when you click Forgot Password on one site… if it emails you a link to reset your password, then great; if it emails you your password in plain text, then make sure you muck that password and change it on every account you might have ever used it on.
  • Use long and complex passwords (UpperCase, LowerCase, Numbers, and Special characters) to make passwords hard to guess.
  • Use multifactor authentication when possible to prevent compromise even if someone does get your password.
  • Never trust anyone!

Okay, that last point is an unfair generalization. However it is very true when it comes to sharing passwords. Nobody should have your password.

I came across a great line in a book recently. Passwords are like underwear in three respects: Never share them, nobody should ever see them, and you should change them often. Remember that!

Conclusion

An email scam like the one that this article is based on is almost always a scam, like someone coming up to you in public who tells you that they will ruin your reputation unless you pay them off. The Internet gives these cyber scumbags the anonymity to do it without risking getting punched in the mouth. Unfortunately, too many people will believe anything they see, hear, or read on the Internet, so every so often I will need to write an article just like this to remind people.

<SCAM TEXT BEGINS>

Hello there!

Unfortunately, there are some bad news for you.
Around several months ago I have obtained access to your devices that you were using to browse internet.
Subsequently, I have proceeded with tracking down internet activities of yours.

Below, is the sequence of past events:
In the past, I have bought access from hackers to numerous email accounts (today, that is a very straightforward task that can be done online).
Clearly, I have effortlessly logged in to email account of yours (my email address).

Here is the proof I hacked this email. Your password at the time when I got access to your email:

A week after that, I have managed to install Trojan virus to Operating Systems of all your devices that are used for email access.
Actually, that was quite simple (because you were clicking the links in inbox emails).
All smart things are quite straightforward. (>_’)

The software of mine allows me to access to all controllers in your devices, such as video camera, microphone and keyboard.
I have managed to download all your personal data, as well as web browsing history and photos to my servers.
I can access all messengers of yours, as well as emails, social networks, contacts list and even chat history.
My virus unceasingly refreshes its signatures (since it is driver-based), and hereby stays invisible for your antivirus.

So, by now you should already understand the reason why I remained unnoticed until this very moment…

While collecting your information, I have found out that you are also a huge fan of websites for adults.
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I have recorded several kinky scenes of yours and montaged some videos, where you reach orgasms while passionately masturbating.

If you still doubt my serious intentions, it only takes couple mouse clicks to share your videos with your friends, relatives and even colleagues.
It is also not a problem for me to allow those vids for access of public as well.
I truly believe, you would not want this to occur, understanding how special are the videos you love watching, (you are clearly aware of that) all that stuff can result in a real disaster for you.

Let’s resolve it like this:
All you need is $1290 USD transfer to my account (bitcoin equivalent based on exchange rate during your transfer), and after the transaction is successful, I will proceed to delete all that kinky stuff without delay.
Afterwards, we can pretend that we have never met before. In addition, I assure you that all the harmful software will be deleted from all your devices. Be sure, I keep my promises.

That is quite a fair deal with a low price, bearing in mind that I have spent a lot of effort to go through your profile and traffic for a long period.
If you are unaware how to buy and send bitcoins – it can be easily fixed by searching all related information online.

Below is bitcoin wallet of mine: <redacted>

You are given not more than 48 hours after you have opened this email (2 days to be precise).

Below is the list of actions that you should not attempt doing:

Do not attempt to reply my email (the email in your inbox was created by me together with return address).
Do not attempt to call police or any other security services. Moreover, don’t even think to share this with friends of yours. Once I find that out (make no doubt about it, I can do that effortlessly, bearing in mind that I have full control over all your systems) – the video of yours will become available to public immediately.
Do not attempt to search for me – there is completely no point in that. All cryptocurrency transactions remain anonymous at all times.
Do not attempt reinstalling the OS on devices of yours or get rid of them. It is meaningless too, because all your videos are already available at remote servers.

Below is the list of things you don’t need to be concerned about:

That I will not receive the money you transferred.

  • Don’t you worry, I can still track it, after the transaction is successfully completed, because I still monitor all your activities (trojan virus of mine includes a remote-control option, just like TeamViewer).
    That I still will make your videos available to public after your money transfer is complete.
  • Believe me, it is meaningless for me to keep on making your life complicated. If I indeed wanted to make it happen, it would happen long time ago!

Everything will be carried out based on fairness!

Before I forget…moving forward try not to get involved in this kind of situations anymore!
An advice from me – regularly change all the passwords to your accounts.

Mitch Garvis

Leave a comment