I know that there are some articles about that topic, but i didn't see anyone that tried to track the money:
- The Year Targeted Phishing Went Mainstream
- Sextortion Scam Uses Recipient’s Hacked Passwords
- Who’s Behind the Screencam Extortion Scam?
A few months ago there was a somewhat peculiar phishing campaign. The campaign of sextortion mails, in which a password of the victim was mentioned and an amount X of money was requested in exchange for not publishing a sensitive content of the same.
An example fragment of these mails can be the following:
I am well aware shitpassword is your password. Lets get right to the point. You do not know me and you're probably thinking why you're getting this mail? No-one has paid me to investigate about you.
Well, I actually setup a software on the adult streaming (pornographic material) website and you know what, you visited this site to have fun (you know what I mean). When you were viewing videos, your web browser began working as a Remote Desktop that has a key logger which provided me access to your screen and web camera. Just after that, my software gathered your complete contacts from your Messenger, social networks, as well as e-mail . And then I created a video. 1st part shows the video you were watching (you have a good taste ; )), and next part shows the view of your web camera, and its you.
You will have not one but two choices. We will read up on each of these solutions in aspects:
Very first solution is to neglect this email message. In this situation, I am going to send out your very own video to just about all of your contacts and think concerning the awkwardness you can get. And consequently should you be in an important relationship, precisely how it is going to affect?
Next alternative is to give me $5000. Let us name it as a donation. Consequently, I will straight away eliminate your video recording. You could go on your way of life like this never happened and you are never going to hear back again from me.
You'll make the payment through Bitcoin (if you do not know this, search for "how to buy bitcoin" in Google).
BTC Address to send to: 1MkB7HxxxxxqiNAiJUd7DCTEbAyVG9ab2y
[...]
In the emails it was requested as payment from $ 1000 up to $ 7000 in some occasions, depending on the variant of received message:
Number 2 option would be to pay me $5000. Let us regard it as a donation. In this instance, I will quickly discard your video. You can keep on your way of life like this never occurred and you surely will never hear back again from me.
2nd option is to pay me $1000. We are going to name it as a donation. In such a case, I will straightaway eliminate your video recording. You could go on with your daily ro utine like this never occurred and you will not ever hear back again from me.
Other alternative will be to give me $6000. We will regard it as a donation. Then, I most certainly will straightaway erase your video recording. You will continue on your way of life like this never occurred and you will not ever hear back again from me.
I was curious, so I decided to investigate this fraud a little more thoroughly. I collected about 1500 emails from people who notified that they was victims of that fraud. For that I scraped several websites in which this type of case is reported. I extracted the addresses of bitcoin and checked through the blockchain API which of them paid.
Of the entire sample, around 325 addresses have received a payment. This means that around 20% of the victims are paying (in the event that the pattern of the sample continues). You can get an idea of the amount of money that can be earned behind this scam.
Confirmed payments of 322 addresses involved on sextortion scam - Maltego CE
In total, the addresses have raised $ 176,010. If we follow the trail of transactions, we can see how the funds end up in their vast majority in the Binance hot wallet and another direction apparently associated with Poloniex.
- BINANCE: 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s
- POLONIEX: 17A16QmavnUfCW11DAApiJxp7ARnxN5pGX
I have also detected some intermediate addresses that have moved a lot of money, and interesting end addresses like the following:
Transaction tracking - Maltego CE
Another address that caught my attention for having seen it before related to cases of scams was the following:
This address appears related to cases of fraud, in the following articles (highly recommended) this data can be appreciated.
- Tracing a Jihadi cell, kidnappers and a scammer using the blockchain
- When in doubt, use image reverse search
Apart from these addresses, there are too many relevant addresses to detail each one in the post.
As you can see, the amount of money that moves between these addresses is overwhelming. This makes me think about the possibility that the same addresses are used to move funds from other scams.
Transaction tracking becomes quite complicated, with more than 10,000 addresses appearing in the tracking of a single payment.
Tracking a payment - Maltego CE
At this point, due to lack of resources and time, I think it is unfeasible for me to continue the investigation alone.
If someone wants to collaborate in the investigation or needs the data, contact me.
No comments:
Post a Comment