I know I tell you guys to email with your questions, comments, or anything else but I guess I should have said not to send blackmail spam. We’ve talked about different blackmail scams before. Some that threaten to expose secrets others that claim to have hacked your computer. There was even one that told businesses bombs had been planted. I got one the other day that combined features of both blackmail and ransomware. Let’s go over it! The return address on the email was the same as the email address for Cyn’s Tech Tips. The idea was to make it look as if the message had come from my account and, therefore, my account had been hacked.

You may not know me and you are probably wondering why you are getting this e mail, right? I’m a hacker who cracked your email and devices a few months ago.  (They’re going straight to inducing panic here. Someone has hacked you and been in the system for some time.)

Do not try to contact me or find me, it is impossible, since I sent you an email from YOUR hacked account.I set up a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Control) having a keylogger which gave me accessibility to your screen and web cam. After that, my software program obtained all information. (They’re trying to plant the seed that it’s impossible to catch them and confirm this by having you see your own email address.) 

 

Since I haven’t visited any adult video sites, the threats are ringing a little hollow. However, if I had visited one or I thought there was a possibility someone else in the household had, I might start to panic now thinking that they knew something about me. In reality, they’re just taking a guess. Millions of people do visit adult sites. They could just as easily have substituted other activities or just claim to have hacked from a shopping site. There’s also the possibility someone might think it was a case of mistaken identity. 

You entered a passwords on the websites you visited, and I intercepted it. Of course you can will change it, or already changed it. But it doesn’t matter, my malware updated it every time. (Again with trying to induce panic. We’re into your accounts and there’s nothing you can do about it.)

Then the crook throws in a lot of technical words to explain how this was allegedly accomplished. To this scumbag’s credit, they do a pretty good job of putting together a semi-plausible explanation and even include instructions on how to learn to use Bitcoin.

“What did I do?

I backuped device. All files and contacts.
I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.
exactly what should you do?
Well, in my opinion, $1000 (USD) is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
My Bitcoin wallet Address:
1CcYkUKB5ViUJyNdKynSmt7H4YHiru5Ecf
(It is cAsE sensitive, so copy and paste it)”

And then comes the scary kicker: the time limit!

Important:
You have 48 hour in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message).
To track the reading of a message and the actions in it, I use the facebook pixel.
Thanks to them. (Everything that is used for the authorities can help us.) If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on.

Aside from the fact that I was already aware scammy spam like this exists and sure no one had been viewing porn on my work computer, how could I could tell this was a fake?

First, I looked in my Sent folder. There was no outgoing message like this. If someone had actually hacked my email to send messages, they’d be in my sent folder.

outlook-sent-folder.jpg

A second, more complicated, way to check in Outlook online is to select the message and click the three-dot menu bar in the right corner.

3-dot-menu.jpg

Then choose View message source from the drop-down menu.

view-message-source.jpg

You’ll get the full header, which contains a whole lot of information.

message-source.jpg

Since it’s pretty easy to fake the “from”, you’ll want to scroll down to return path. That return path is clearly not the email address for my business.  Which confirms this ain’t nothin’ but a scam.

return-path.jpg