Bitcoin Fishing and Blackmail
Below is a copy of an email received by our team. As we are seeing the rise of this kind of attack I thought I would take a moment to share and educate.
Copy of inbound email:
From: Dorine 430 (dorine_430@a.xanonymous.gq)
To: yourname@youremail.comSubject: Hi perv. I recorded you masturbating! I have captured ‘Support.mp4’!
ATTN: yourname@youremail.com THIS IS NOT A JOKE — I AM DEAD SERIOUS! Hi perv, The last time you visited a p0rnographic website with teens, you downloaded and installed software I developed. My program has turned on your camera and recorded the process of your masturbation.
My software has also downloaded all your email contact lists and a list of your friends on Facebook. I have both the ‘Support.mp4’ with your masturbation as well as a file with all your contacts on my hard drive. You are very perverted! If you want me to delete both the files and keep the secret, you must send me Bitcoin payment. I give you 72 hours for payment. If you don’t know how to send Bitcoins, visit Google.
Send 2.000 USD to this Bitcoin address immediately: 38H9R8Dwpo7dyc3qmMUfumHrPGrupCmRLZ (copy and paste) 1 BTC = 3,580 USD right now, so send exactly 0.567283 BTC to the address provided above. Do not try to cheat me! As soon as you open this Email I will know you opened it. This Bitcoin address is linked to you only, so I will know if you sent the correct amount. When you pay in full, I will remove the files and deactivate my program. If you don’t send the payment, I will send your masturbation video to ALL YOUR FRIENDS AND ASSOCIATES from your contact list I hacked.
Here are the payment details again:
Send 0.567283 BTC to this Bitcoin address: — — — — — — — — — — — — — — — — — — — — 38H9R8Dwpo7dyc3qmMUfumHrPGrupCmRLZ — — — — — — — — — — — — — — — — — — — —
You саn visit police but nobody will help you. I know what I am doing. I don’t live in your country and I know how to stay anonymous. Don’t try to deceive me — I will know it immediately — my spy ware is recording all the websites you visit and all keys you press. If you do — I will send this ugly recording to everyone you know, including your family. Don’t cheat me! Don’t forget the shame and if you ignore this message your life will be ruined. I am waiting for your Bitcoin payment. If you need more time to buy and send 0.567283 BTC, open your notepad and write ‘48h plz’. I will consider giving you another 48 hours before I release the vid.Anonymous Hacker
While there are so many things that scream that this is a scam many people fall for these daily. Upon review you can see things that look programmed and indicate that this message was not created by a person but by a script. An example of this is how the same email address that is being spammed is also the “Name” used after ATTN: This is a variable field and is programmed to input the email address that the message is being sent to.
In an attempt to sound credible they mention that you were infected when you last visited a “p0rnographic” website. Besides the misspelling, designed to get around spam filters, most of the users of the internet have visited a porn site in the last week, this plants the seeds of doubt in the victims mind that they could have taken action that got them infected.
Some social engineering work is at play, with enough key words like spyware, recording of websites and all keystrokes, email contact list and Facebook friends, the attacker sounds like they know what they are doing. Especially to a non technical user that has heard all these key terms in the news as it relates to “hackers”. Additional social engineering is at play when they mention you can go to the police but nobody will help you and mentioning that they have a nasty video of you that they will share with the world.
To be clear it is possible that an attacker could have access to all these things if they did really compromise your computer. The red flag here is that if they had this level of access to your computer they would not have stopped at just getting your email and Facebook contacts or even emailing you in the first place.
They would just take all your files and use randsomeware to extort money or they could just wait until an infected user accesses their banking online, then come back later and transfer out the money without the need of the victim. Bottom line is a hacker would generally not be looking to have communication with the victim or even signal that they compromised the victim in the first place.
If you find that you are getting an email like this make sure to use the spam/junk mail tool within your email client to report the email and block future emails arriving from this sender.
My favorite part of the message is “if you don’t know how to send bitcoins, visit google”
I hope you find this informative.
Stay safe internet!