Sextortion Email Analysis

phenomlab

Sextortion emails seem to be all the rage these days with criminals. Whilst highly imaginative, they are surprisingly successful, with recipients paying to not “be exposed” by criminals, when in fact, they have nothing to hide in the first place - well, perhaps not - if you were truly innocent, then you’d simply say “knock yourself out” to any attacker… Below is my response to those burning questions

We’ve seen “scare-mail” (the process of attempting to blackmail recipients using a variety of techniques, with the perpetrator relying on the user to pay up in order to “save their reputation”) escalate at an alarming rate over the past month. As the format of these emails is mostly the same, I thought it made sense to provide a bit more information from the most prevalent campaign we’ve seen so far. Below is the verbiage (it varies depending on who sent it), along with my advice and commentary.

Your account is now infected! Change the password right this moment!

DON’T. There is no need to react to this

You may not know anything about me and you really are certainly interested for what reason you are reading this particular letter, is it right?

WRONG. You’ve chosen me at random from a huge pool of addresses, and if I reply, you’ll know I exist, and then you’ll add me to a sucker’s list

I’m hacker who cracked your email and devices and gadgets two months ago.

No, you didn’t. All you’ve done is to download the APOLLO.io breach database and target random email addresses.

It will be a time wasting to try out to msg me or alternatively try to find me, in fact it’s impossible, because I forwarded you an email from YOUR hacked account.

No, you didn’t. All you’ve done is set the reply-to address to match the one you’re attempting to extort funds from which makes it look like you’ve hacked my account

I build in malware software on the adult vids (porn) site and suppose that you watched this website to have a good time (think you understand what I want to say). Whilst you were taking a look at movies, your internet browser started out to act as a RDP (Remote Control) that have a keylogger which gave me authority to access your display and webcam. Afterward, my program obtained all data. You have put passcodes on the web-sites you visited, and I caught them. Surely, you’ll be able to change them, or have already modified them. Even so it doesn’t matter, my program renews needed data regularly.

If you say so. You really haven’t though.

What actually did I do?

Nothing

I compiled a backup of every your system. Of all files and contacts. I got a dual-screen movie. The first screen displays the clip you had been observing (you’ve got an interesting preferences, ha-ha…), the 2nd part shows the movie from your own web camera. What exactly should you do?

Delete this email and move on

So, in my view, 1000 USD is a realistic price for our very little riddle. You will do the payment by bitcoins (in case you don’t understand this, go searching “how to buy bitcoin” in Google).

USD 1,000 ? Sounds like a bargain…. I don’t think so.

My bitcoin wallet address: 1C242L8qAXRxudv6KBAahi81GHS5wpc8cF (It is cAsE sensitive, so copy and paste it).

Hmm. Yes. Let’s have a look at that wallet of yours (link is safe) - https://bitref.com/1C242L8qAXRxudv6KBAahi81GHS5wpc8cF seeing as there’s nothing in there at all, you haven’t had much success, and I won’t be on your list either.

Warning: You will have only 2 days to perform the payment. (I put an unique pixel in this message, and right now I understand that you have read through this email). To monitor the reading of a letter and the activity inside it, I set up a Facebook pixel. Thanks to them. (The stuff that is used for the authorities can help us.)

No, you didn’t. There is no embedded pixel in this email.

In case I fail to get bitcoins, I shall immediately direct your video files to each of your contacts, such as family members, co-workers, and many more?

In the words of “Taken”…… “……Good Luck……”

And there we have it. Totally fake, and designed only to incite fear and extort revenue. The only thing this message is fit for is the delete button.