Spam email or real?

cutman1000

Member
SoSH Member
Aug 26, 2003
3,256
South Carolina/New Zealand
I have friends from New Zealand staying with me, and one of them just received the following email (from his own email address):

*********************

Hello!

My nickname in darknet is ramon96.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from md.am.***********@xtra.co.nz is ************

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $860 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1FHPbKHcSx9CaXJzDpLoXG733ipQ77UNx9
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!

*************

So, I’m not sure if he has been looking at weird porn sites, but I gather that the sender does have his login and password.

He has asked me for advice and I have no clue what to tell him. My gut feeling is to ignore it...

Any advice?
 

Dernells Casket n Flagon

Member
SoSH Member
Mar 24, 2008
3,518
This is a pretty common e-mail/blackmail recent tactic.

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

Generally it's a result of scraping leaks from high profile password breaches that have been posted publicly and to paste bin and such, they then send those usernames and passwords to victim to try and make them thing they have more than they really do. If you google sextortion scam, you'll see a lot of hits on this, but he should almost certainly ignore it. If they really had screenshots they would have sent them with it.
 

drbretto

guidence counselor
SoSH Member
Apr 10, 2009
9,174
Concord, NH
With the exception of the email address and passwords, every line in that has no idea who the recipient is. If it was remotely real, they'd have more specifics. They're relying on the email and password info to get you to believe the rest.

I just got a credit alert saying my email and password was breached myself (as a credit alert, not a scam). They have my email address and password from hacking sites that I've been to that use them. AFAIK, that's all they have, and that's probably all they have on you, too. Change those passwords and you will be ok.
 

johnmd20

literally like ebola
Lifetime Member
Gold Supporter
SoSH Member
Dec 30, 2003
37,777
New York City
"You have a wild imagination, I tell you," really gives this entire thing away.

If they did have compromising info on intimate sites, they would undoubtedly be like, "And those German shizer videos are really fucked up, dude, and you do not want anyone knowing about them. I will send screenshots to your boss and wife unless you pay me."
 

Noseminer

lurker
Jun 17, 2018
77
"Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me."

Another giveaway. If he knew you had changed the password, he most certainly would say "On such and such a date at such and such time you changed them to whatever and whatever" He only has those passwords and nothing else. If i was going to blackmail somebody, I certainly wouldn't leave ANY doubt as to how much info I really had. It's a scare tactic that unfortunately a lot of people fall for. As drbretto above stated, just change the passwords and ignore it.
 

Hendu for Kutch

Member
SoSH Member
Apr 7, 2006
5,699
Nashua, NH
The first time I got one of those, with a password I sometimes use in the subject line it freaked me the hell out. Just seeing that password right in my face from someone with obvious ill intent spooked the shit out of me. So I get why your friend would initially be worked up about it.

Even though googling confirmed it was bullshit, I still took the liberty of sharing the email on Facebook and letting people know that if they didn't want to get the video, they'd better pay the guy.
 

Saints Rest

Well-Known Member
Lifetime Member
SoSH Member
The first time I got one of those, with a password I sometimes use in the subject line it freaked me the hell out. Just seeing that password right in my face from someone with obvious ill intent spooked the shit out of me. So I get why your friend would initially be worked up about it.

Even though googling confirmed it was bullshit, I still took the liberty of sharing the email on Facebook and letting people know that if they didn't want to get the video, they'd better pay the guy.
+1. Pretty much exactly my response.
 

Noseminer

lurker
Jun 17, 2018
77
The first time I got one of those, with a password I sometimes use in the subject line it freaked me the hell out. Just seeing that password right in my face from someone with obvious ill intent spooked the shit out of me. So I get why your friend would initially be worked up about it.

Even though googling confirmed it was bullshit, I still took the liberty of sharing the email on Facebook and letting people know that if they didn't want to get the video, they'd better pay the guy.
And you also better let them know to expect more scams. Once an easy target, ALWAYS an easy target. He will let his circle know that such and such pays up. They will also target the same person with other scams. Do you know why I never "unsubscribe" to unsolicited emails and why i tell others to also never respond? That's exactly what they want you to do. Sure. They will unsubscribe you from their own list, but they will also sell your email address to everyone else. Why? Because now they know it's a valid, working email address. Same thing applies here. NEVER pay. Ever. Don't want the whole world to know you snap your carrot watching porn? Uh. Pretty much everyone knows that because pretty much everyone has or does the same thing. And if you have a lot to lose by people finding out certain things, maybe be careful what you do on the internet. There is no such thing as privacy on the internet. People can get info easily from the net. Sometimes a LOT of info. I never use facebook or twitter or anything.. It amazes me how much info people are giving others on social media without even knowing it. Don't post pictures of yourself ever. I worked as a skip tracer for a while. With nothing more than a screen name sometimes, in two days, give or take, I had their names, address, email, etc. With only a screen name. Tell your friend to ignore it, and to let his local law enforcement know about it.
 

Hendu for Kutch

Member
SoSH Member
Apr 7, 2006
5,699
Nashua, NH
And you also better let them know to expect more scams. Once an easy target, ALWAYS an easy target. He will let his circle know that such and such pays up. They will also target the same person with other scams. Do you know why I never "unsubscribe" to unsolicited emails and why i tell others to also never respond? That's exactly what they want you to do. Sure. They will unsubscribe you from their own list, but they will also sell your email address to everyone else. Why? Because now they know it's a valid, working email address. Same thing applies here. NEVER pay. Ever. Don't want the whole world to know you snap your carrot watching porn? Uh. Pretty much everyone knows that because pretty much everyone has or does the same thing. And if you have a lot to lose by people finding out certain things, maybe be careful what you do on the internet. There is no such thing as privacy on the internet. People can get info easily from the net. Sometimes a LOT of info. I never use facebook or twitter or anything.. It amazes me how much info people are giving others on social media without even knowing it. Don't post pictures of yourself ever. I worked as a skip tracer for a while. With nothing more than a screen name sometimes, in two days, give or take, I had their names, address, email, etc. With only a screen name. Tell your friend to ignore it, and to let his local law enforcement know about it.
I may be misreading you, but I think you misread me. I sent it as a joke to my Facebook list that if they didn't pay up, they were going to get sent my video. I never responded or acknowledged the people who sent it.
 

Noseminer

lurker
Jun 17, 2018
77
I may be misreading you, but I think you misread me. I sent it as a joke to my Facebook list that if they didn't pay up, they were going to get sent my video. I never responded or acknowledged the people who sent it.
You are correct. I indeed misread you. My apologies.
 
Last edited:

Noseminer

lurker
Jun 17, 2018
77
Not unsubscribing is a good move when talking about spam email, but if it is from a legit site that you once did business with and don’t want more mail from, unsubscribing is the right move
I agree. Which is why I specifically said "unsolicited" emails.
 

InsideTheParker

Member
SoSH Member
Jul 15, 2005
24,398
Pioneer Valley
I have now gotten this twice in my spam folder, along with a handy introduction to bitcoin. The funny part is that I haven't gone to the kinds of sites mentioned, so I don't feel the shame requisite to making this scam work. It is helpful to find this thread and feel less alone.
Still, I find it annoying. But I guess it's far from the worst thing that this technology has wrought.