In a previous blog post I described in detail what the so-called "sextortion" scam emails are, and how they work (and in the cases where the email contains an actual password that the owner of the email address is using somewhere, how did that password end there.) I also describe how these scam emails always use extremely generic and vague language, without ever going to details (even though the sender claims to have all possible details), because the scammer doesn't actually have any details to give, and the email is just automated and sent to hundreds of millions of people.
Lately I have received the exact same scam email several times, so I wanted to show an actual example:
Hello!
I'm the Chinese software engineer who hacked into your device OS.
I've been watching you for month now. The thing is, you've been infected with malware through the adult website you visited... I have downloaded all confidential information from your system and I got some more evidence.
Notice the completely vague language lacking in any detail: "Your device OS" (instead of "Windows", "macOS", "Linux"...) "The adult website you visited", without mentioning which site. "All confidential information from your system", again without giving a single example.
In case you're not familiar with it, I'll explain.
The virus gives me full access and control over your computer or any other device on your network. It means that I can see everything on your screen, turn on your camera and microphone, but you don't know about it. I also have access to all of your phone and email contacts, as well as access to your social media accounts.
"I also have access to all of your phone and email contacts", without giving any example or evidence (such as your phone number, or one of those contacts, or what social media accounts you own).
Why didn't your antivirus detect any malware?
Answer: My malware uses a low-level device driver build-in your CPU and I update its signatures every 4 hours to keep your antivirus silent.
This is rather amusing gibberish.
I got access to your smartphone and saw everything you were doing... well, I got a video of you masturbating in the bathroom (nice interior, by the way)
This is quite an unusual attempt at a bluff. A rather stupid one. This particular paragraph will rule out probably at least 99.9% of people who would have otherwise been fooled and fallen victim. Such scam emails almost never try to bluff with this kind of detail, because it just doesn't pay off.
I put together a footage: on one side of the screen is the video you're watching at the moment and on the other side is your satisfied face. With one click, I can send this video to all your contacts.
Again, no details. "The video you're watching at the moment", without any specifics about the alleged video. "All your contacts", without specifying a single one.
Do you want to prevent it?
I understand your concern. Especially since the video was quite vulgar, I can't imagine the embarrassment you will feel when your colleagues, friends and relatives see it.
If you need to erase all of your collected data just send 0.02 btc (Bitcoin) to a wallet that was specially generated for your email address.
By the way, such bitcoin wallets used for scamming can be reported. Probably not going to do much to prevent people from being scammed, but I suppose it doesn't hurt to report them.
Comments
Post a Comment