I got this in the early hours… and ‘BOB’ replaces what was actually a real password I have been using, that they somehow had grabbed…
The entire scam is automated generic trash of no real substance, but I was intrigued on how they had gotten hold of my username and a real password…
Subject: mak- BOB
I won’t beat around the bush. I know BOB is your password. More importantly, I do know about your secret and I’ve evidence of your secret. You don’t know me and nobody paid me to examine you.
It’s just your bad luck that I stumbled across your blunder. Actually, I actually setup a malware on the adult vids (sexually graphic) and you visited this web site to have fun (you know what I mean). When you were busy watching video clips, your web browser started out operating as a Rdp (Remote control desktop) having a key logger which provided me with access to your screen and also web camera. Right after that, my software program gathered your entire contacts from fb, and email.
After that I put in much more time than I should have exploring into your life and created a double-screen video. 1st part displays the video you were watching and next part displays the video from your webcam (its you doing inappropriate things).
Honestly, I want to forget all information about you and let you get on with your daily life. And I will provide you two options which will make it happen. The above choices with the idea to ignore this letter, or simply pay me $ 2900. Let’s explore above two options in more detail.
Option One is to ignore this email. Let us see what will happen if you take this path. I definitely will send out your video recording to your entire contacts including friends and family, colleagues, and so forth. It doesn’t help you avoid the humiliation your family will ought to feel when friends find out your sordid videos from me.
Second Option is to make the payment of $ 2900. We’ll name this my “privacy charges”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I’ll delete the video immediately. You continue on with your daily life like none of this ever occurred.
At this point you may be thinking, “I’m going to report to the cops”. Let me tell you, I’ve covered my steps to ensure this email can’t be linked returning to me and yes it will not steer clear of the evidence from destroying your health. I am not trying to break your bank. I just want to get compensated for the time I place into investigating you. Let’s hope you’ve decided to produce this all vanish entirely and pay me my confidentiality fee. You’ll make the payment via Bitcoins (if you do not know this, type “how to buy bitcoins” in google)
Amount to be sent: $ 2900
Bitcoin Address to Send to: 1KjxgUYw2QC53ZiGeAG9uohcSSRUWsSsQA
(It is case sensitive, so copy and paste it)
Tell no-one what you would be using the Bitcoins for or they might not sell it to you. The process to get bitcoin may take a short time so do not put it off.
I’ve a special pixel within this message, and right now I know that you have read this e mail. You have 2 days in order to make the payment. If I do not receive the Bitcoins, I will send your video to all your contacts including relatives, colleagues, and so on. You better come up with an excuse for friends and family before they find out. However, if I do get paid, I’ll destroy the video immediately. It’s a non negotiable one time offer, so kindly do not ruin my time and yours. The clock is ticking.
Oh no’es, what will I do’es? My secret (eh?) is out. I am so glad they are not trying to extort me into bankruptcy and are asking for a reasonable fee so they can protect my secret for me and conceal my shameful behaviour from those I love dearly.
I am also glad for the ‘copy and paste’ tip! Phew! I would not have liked to mistype that Bitcoin address and mistakenly pay the wrong person.
And – yikes! – a ‘special pixel’! In a plain text email! How do they do this magic?
Sigh. Please note the sarcasm.
What secret? I don’t watch pron – truly – and my webcam USB is unplugged on my desk at all times, until such time I use audio/video messengers. I have never trusted that little beady glass eye with the blue light underneath it, staring at me silently. It reminds me of HAL 9000 too much. Also, the password in question hasn’t been used for my PC for about, oooh, six years?
If the email had been HTML, I may have been a bit wary of the ‘special pixel’- but even so I wouldn’t gave given a damn. Unless my malware and email defences failed me, I would remain ‘untracked’. Even if not, I was tempted to reply to them and ask them for a URL to the video they had of me watching pron. It would be entertaining to watch a film of myself doing something I had never done. It’s amazing what they can do with CGI these days!
I suspected they had compromised WordPress (for we know it’s a bit of a Barn Door), as I have used this password (too widely) in the past. Even though all my sites are 2FA’d, you can still no doubt find ways to sneak past the defences – probably even get the 2FA QR code – without even logging in. But, again, that password hasn’t been used on my WordPress sites for years.
Some digging shows they got the details from ‘leakedsource.com’ (now shut down) – a site hosting billions of leaked accounts/usernames/passwords from various site break ins. I’ve checked the Bitcoin address, it’s valid… and unbelievably 126 saps have fallen for this (so they probably do have something to hide and were too scared to take the risk, or – more stupidly – thought this was for real). The progenitor of this tosh netted over $120,000 USD!
Crime does pay, it seems.
Still, it did force my hand on a long overdue exercise. As I had used this same password widely years ago (I know, bad practice), I have long been meaning to clean up my act using a password manager to spot and change vulnerable passwords like they one they found… so 120 password changes later, that old password is a deader. Still, none of the ‘important stuff’ was involved, fortunately. And I’ve still yet to go through another 300 slightly more secure but still vulnerable passwords… more sigh.
I am tempted to ‘Request Payment’ for $120,000 from the Bitcoin address just for a larf… for ‘reciprocal privacy charges’… or perhaps as payment for my time being forced to update my sloppy password usage 😀
Still, a safe outcome – this time… it could have been much, much worse! and a clear message that even if you do know the risks of data compromise/insecure passwords (as I definitely do!), and know you have to clean them up – it’s no good leaving that exercise until it’s too bloomin’ late!
If they’d actually tried to use the username/password against whatever service it was leaked from – they may actually have obtained data worth while – such as physical address, partial visa card details, what size underwear I use… and so on!
Good job they are thick, eh?
Though, not so thick as to having extorted $120,000 USD from some gullible/guilty people!