Scams in some form or another have been around for ages, and certainly through the majority of the computer era. They employ different rouses and have different goals, but one thing that binds many of them is they rely on victims
letting their guard down. One that is making the rounds right now hopes to achieve this by using a series of scare tactics.
This is not a brand new scam, but basically a revision of an older one that's been around for a long time. Like many people, I begin my mornings by checking my inbox, nuking unwanted emails, and replying to (or making note of) ones with important information. One that managed to slip past Gmail's spam filter was titled "(New) Payment Report" followed by a series of numbers.
At first I assumed this was another take on the
PayPal scam that made increased rounds during the holidays. That one works by creating a fraudulent invoice in PayPal with a prompt to call a help desk number to cancel the transaction. Spoiler: while the invoice does actually come from PayPal, the help number is not associated with the payment service, and you can (and should) safely ignore the invoice.
That wasn't what this ended up being, though. Instead, it was a long-winded email attempting to extort 1.6 Bitcoin, which based on today's valuation is worth nearly $37,000. The email claims to come from someone who purchased access to email accounts from hackers, with mine included in the list.
It further claims that the sender "easily managed" to log into my email account, and from there somehow managed to install the
Cobalt Strike Beacon payload on every device I use to access my email, regardless of the operating system.
"This software provides me with access to all your devices controllers (e.g., your microphone, video camera, and keyboard).
I have downloaded all your information, data, photos, videos, documents, files, web browsing history to my servers. I have access to all your messengers, social networks, emails, chat history, and contacts list," the email reads.
The email also claims that the payload is continually updated to
avoid detection by an antivirus software. It's trying to prey on less savvy users, and caps it off with one more scare tactic—the sender claims it recorded me watching adult content while doing things to myself that are NSFW for any place else outside of a private setting (and I'm not talking about picking my nose).
Here's the email in full, with my email and scam artist's Bitcoin wallet redacted...
Greetings!
I have to share bad news with you. Approximately a few months ago, I gained access to your devices, which you use for internet browsing. After that, I have started tracking your internet activities.
Here is the sequence of events:
Some time ago, I purchased access to email accounts from hackers (nowadays, it is quite simple to buy it online). I have easily managed to log in to your email account REDACTED.
One week later, I have already installed the Cobalt Strike "Beacon" on the Operating Systems of all the devices you use to access your email. It was not hard at all (since you were following the links from your inbox emails). All ingenious is simple. :).
This software provides me with access to all your devices controllers (e.g., your microphone, video camera, and keyboard).
I have downloaded all your information, data, photos, videos, documents, files, web browsing history to my servers. I have access to all your messengers, social networks, emails, chat history, and contacts list.
My virus continuously refreshes the signatures (it is driver-based) and hence remains invisible for antivirus software. Likewise, I guess by now you understand why I have stayed undetected until this letter.
While gathering information about you, i have discovered that you are a big fan of adult websites. You love visiting porn websites and watching exciting videos while enduring an enormous amount of pleasure. Well, i have managed to record a number of your dirty scenes and montaged a few videos, which show how you masturbate and reach orgasms.
If you have doubts, I can make a few clicks of my mouse, and all your videos will be shared with your friends, colleagues, and relatives. Considering the specificity of the videos you like to watch (you perfectly know what I mean), it will cause a real catastrophe for you
I also have no issue at all with making them available for public access (leaked and exposed all data).
General Data Protection Regulation (GDPR): Under the rules of the law, you face a heavy fine or arrest.
I guess you don't want that to happen.
Let's settle it this way:
You transfer 1.6 Bitcoin to me and once the transfer is received, I will delete all this dirty stuff right away. After that, we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me. I keep my word.
That is a fair deal, and the price is relatively low, considering that I have been checking out your profile and traffic for some time by now. If you don't know how to purchase and transfer Bitcoin - you can use any modern search engine.
You need to send that amount here Bitcoin wallet: REDACTED
(The price is not negotiable).
You have 5 days in order to make the payment from the moment you opened this email.
Do not try to find and destroy my virus! (All your data is already uploaded to a remote server).
Do not try to contact me. Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.
This is an APT Hacking Group. Don't be mad at me, everyone has their own work.
I will monitor your every move until I get paid.
If you keep your end of the agreement, you won't hear from me ever again.
Everything will be done fairly!
One more thing. Don't get caught in similar kinds of situations anymore in the future!
My advice: keep changing all your passwords frequently.
Color the sender bold for calling a $37,000 payment a "fair deal," and for capping off the email with some security advice. Feel free to update your passwords frequently, as advised, but ignore the rest of the email—you have not been hacked.
That said, your email may have been part of a
security breach, as they happen all the time by third-party firms. Emails like this one highlight why scammers want that kind of info. Knowing your email address and any other info (like where exactly it was revealed) allows them to tailor more personalized phishing scams.
In this case, it's really just a common template. A quick search on Google shows that it gained some traction in December, and prompted a warning by George Mason University to its students just a few weeks ago. There's also a post about this scam on Reddit from 2021, and a warning from the Electric Frontier Foundation in 2018 about previous variations of similar extortion scams.
Otherwise known as sextortion emails, these scams attempt to blackmail victims by making false claims. Here's some free advice: if you receive one of these emails, just delete it, and whatever you do, don't pay up.