There’s a new Bitcoin blackmail scam circulating — this time based on passwords from website breaches. This extortion email is likely to be less effective than the paper letters because it’s full of obvious errors.
My post last April about the Bitcoin blackmail letter in my mailbox has become popular. It generates over 300 views per day; visitors’ comments giving me a daily overview of how the scam is continuing and evolving. In the last couple of days a new scam has emerged in which emailers use emails and passwords stolen in hacks to scare the crap out of recipients.
Here’s the email, shared with me by Augie Ray who received this in his inbox. Where you see “XXXXXX”, in both the subject line and the first sentence, the actual email included a password that Augie had used in the past to log into a website.
From: Bevin Vasi <email@example.com
Subject: Augie – XXXXXXX
I do know, XXXXXX, is your pass word. You do not know me and you’re most likely wondering why you are getting this e-mail, right?
In fact, I actually placed a malware on the adult vids (porno) website and guess what, you visited this site to experience fun (you know what I mean). While you were watching videos, your browser began operating as a RDP (Remote control Desktop) having a key logger which provided me access to your display screen and also cam. Immediately after that, my software gathered all your contacts from your Messenger, FB, as well as email.
What did I do?
I created a double-screen video. 1st part displays the video you were viewing (you’ve got a nice taste rofl), and second part shows the recording of your cam.
exactly what should you do?
Well, I believe, $2900 is a reasonable price for our little secret. You will make the payment via Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 12xeEyz3AAnhXnAT98xorPMJHNHmxA2pmM
(It is cAsE sensitive, so copy and paste it)
You now have one day in order to make the payment. (I’ve a special pixel within this e mail, and at this moment I know that you have read this mail). If I don’t get the BitCoins, I will definitely send out your video recording to all of your contacts including family members, coworkers, and so on. Nevertheless, if I receive the payment, I’ll erase the video immidiately. If you want to have proof, reply with “Yes!” and I definitely will send your video to your 11 contacts. It is a non-negotiable offer, so please do not waste my time and yours by responding to this mail.
The Bitcoin blackmail letter I received by mail was quite well written. This isn’t. Password is one word, not two. The technical explanation is elaborate and runs on, some sentences that don’t start with a capital letter, and “immediately” is misspelled “immidiately.”
To improve the response, the writer should have included a link to a page on how to buy Bitcoin, rather than forcing the reader to look it up. (The printed letter actually included instructions on a second sheet.)
Of course, the key to the response here is that the email and its subject line include an actual password you used in the past. (Some data breaches have included user emails and plaintext password lists; those lists are obviously for sale by unscrupulous individuals, which makes it easy to generate emails like this.) Since many people unwisely use the same password on multiple sites, this ploy immediately gets your attention.
Will it work?
Unlike the blackmail letters, these emails are very easy to send efficiently. A scammer could send millions of them with a simple script. I’m betting that the outlook.com sender’s address is spoofed; this almost certainly didn’t pass through the outlook.com email system.
Even so, spam blockers are already blocking these emails. I know this because when I attempted to reply to Augie’s message to me, the one in which he had pasted this email, Google refused to deliver it.
This email occupies a middle ground between the Nigerian prince emails and the original Bitcoin blackmail letter.
The poorly written Nigerian prince emails are designed to appeal to idiots — they’re full of transparently stupid stuff, limiting the audience to people greedy and credulous enough to share their bank account details with a stranger. The mailed Bitcoin blackmail letters are meticulous and persuasive, because they’re intentionally sent to people in affluent suburbs, and each one costs money to send, at least the cost of a stamp.
This letter is a lot sloppier, but some less technically sophisticated users may fall for the technobabble about RDP, key loggers, and the double-screen video. If seeing your password has put you in a state of fear and you’re so out of touch that you use the same password on lots of accounts, this might push you into responding. But the letter can’t be too off, since it has to appeal to people with at least the minimal level of sophistication needed to figure out how to use Bitcoin.
This particular scam is done for because spam blockers are catching it, but, as Krebs on Security predicts:
[A]s this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.
I still find it revealing that most scams and phishing attempts give themselves away by their sloppy writing and formatting. Perhaps this is one more reason that we, as readers, need to become more sophisticated about writing, because of what it reveals about the people who send emails, including scams like this one.
Note: If you receive an email like this, I recommend that you report your receipt of this email by forwarding it to firstname.lastname@example.org