Tuesday, July 24, 2018

A very nasty internet blackmail attempt

I receive multiple phishing attempts. This is the first time I have been subject to a direct personal blackmail attempt. I am sharing it because of its sheer nastiness and in case anybody else has been hit.

Needless to say, the email address attached to the name Laurella Campo is not Laurella Campo. I imagine its been hacked. For that reason, I am not sharing it.

I have blocked out the stated password because it was an old password that I used for convenience but dropped a long time ago. It's just possible that there may be an old now non-used not changed site. The fact that they actually have the password means some form of data breach somewhere. The fact that it is an old password suggests that it comes from an older record set.

To my knowledge, I have never visited the site in question. I had to look it up. It is also unlikely that they could access my computer in the way they describe. Among other things, I have an old box without any camera!

As you might expect, the email caused me to review everything they might have accessed in all ways that might be embarrassing if released. If they have got stuff, they can bloody well release it. That increases the chances of tracking them.      

Update

In a comment, kvd pointed me to two sites reporting on the scam. The comments on the second are especially instructive because they provide multiple examples of the scan email. It began a bit over two weeks ago, is global, uses old lists of emails and passwords derived from previous data breaches, most long changed. Some people have been sucked in. The key is not to respond and alter your password if its still current on any sites. It is really very nasty.



"From: Laurella Campo
Date: 24/07/2018 1:05:03 PM
To: ndarala
Subject: ndarala - xxxxxx
   
I am well aware xxxxxx is your pass. Lets get right to the purpose. You do not know me and you're probably wondering why you're getting this e mail? No-one has paid me to check about you.

In fact, I installed a malware on the X vids (porn) web-site and do you know what, you visited this website to have fun (you know what I mean). While you were watching videos, your browser began operating as a Remote Desktop having a key logger which provided me with access to your screen and cam. Just after that, my software obtained your complete contacts from your Messenger, FB, and emailaccount. And then I created a double-screen video. 1st part displays the video you were watching (you've got a good taste omg), and next part shows the view of your cam, yeah it is u.

You have got just two solutions. Shall we analyze each one of these solutions in aspects:

1st option is to just ignore this e mail. In such a case, I most certainly will send out your actual recorded material to all of your contacts and also just consider concerning the awkwardness you can get. And likewise if you are in a loving relationship, just how it will certainly affect?

2nd choice would be to compensate me $7000. I will name it as a donation. In this case, I most certainly will asap remove your videotape. You will continue on your daily life like this never took place and you surely will never hear back again from me.

You'll make the payment through Bitcoin (if you don't know this, search "how to buy bitcoin" in Google search engine).

BTC Address: 1BpGi36WXepSbkAqukXgX9BkphXfVnRVyp
[case sensitive so copy & paste it]

If you are planning on going to the law enforcement, well, this e mail cannot be traced back to me. I have dealt with my moves. I am just not trying to ask you for so much, I want to be compensated. I have a unique pixel within this email message, and right now I know that you have read through this email message. You now have one day to pay. If I do not get the BitCoins, I will certainly send your video recording to all of your contacts including members of your family, colleagues, and so forth. However, if I receive the payment, I'll erase the recording right away. If you need evidence, reply  Yeah then I definitely will send your video to your 10 contacts. It is a nonnegotiable offer thus please do not waste my personal time & yours by responding to this email.".

3 comments:

Anonymous said...

Pretty widespread - judging by a search on "your browser began operating as a Remote Desktop having a key logger which provided me with access to your screen and cam"

Examples:

https://withoutbullshit.com/blog/a-second-bitcoin-blackmail-scam-based-on-hacked-passwords

https://inews.co.uk/news/technology/new-scam-password-bitcoin-porn/

Jim Belshaw said...

Thanks, kvd. Very helpful. I will bring the further information up on my post

2 tanners said...

"A unique pixel so now I know you have read this far..." Snicker. Obviously has bought a decrypted password off the dark web, and yes, that one is all over the place. There is a site called Have I been pwned? which cross checks the memberships on your computer with sites with known security breaches. You can then look up all the relevant passwords and change them for all sites that the password was ever used on. I now use LastPass which generates strong random passwords, checks that you don't use them more than once and inserts them for you. Even the free version is good.

To change the subject slightly, Minister Hunt has now been contradicted twice in saying that the MyHealth records cannot be accessed without a warrant. He's only talking about legal access. It is the Government's failures to protect information from illegal access that have me more concerned. Imagine your name, address, date of birth, medicare number being accessed for identity theft. Then add on the breaches that your health record would permit. Add to that the fact that a company was already advertising to lawyers and insurance companies that it could provide those data to help with legal cases and insurance claims. No thanks.