Friday, July 30, 2021

How do phishing "sextortion" emails get my email address?

'ello, so I'm a first timer in the sense that I haven't received a scam email before. Today I received an email written in German (and sent 5 hours ahead of where I live, so the date makes it look like it came from the future). Curiosity got the better of me and I ran the email through google translate to understand what I'm looking at (idk if opening clearly shady emails is a good move, so I'd like to know if it's okay so long as no links or attachments are clicked/opened). After reading it, I know it's a scam (I don't have a webcam to begin with so it's genuinely impossible to record me "achieving orgasms", among other things) but I'm more baffled and annoyed by the fact it was attempted to begin with.

As the title suggests, I am wondering if anyone more tech savvy could enlighten me as to how it's possible and if I should change passwords for future reference. Also, how can this email be sent from the future? That's quite odd.

Any advice would be appreciated to raise my awareness of something foreign to me (I'm doing research into it now but I figured I'd ask here just in case). Obviously I haven't sent any money. When I went to "https://haveibeenpwned.com/", the site says that there hasn't been a data breach associated with my email address.

I will include the (translated) text of the email to give the whole picture of this scam:

"Payment from your account.

Greetings to you!

I have bad news for you. A few months ago I was given access to your devices that you use to surf the Internet. After that, I started tracking your internet activity.

Here is the order of the events: A while ago I bought access to email accounts from hackers (these days it's pretty easy to get hold of online). Obviously I managed to log into your email account (echotech@tpg.com.au) without any problems.

A week later, I already placed a Trojan on the operating systems of all the devices you use to access your email. Actually, it wasn't that hard at all (since you accessed the links from your inbox emails). Everything ingenious is simple =)

With this software I have access to all control elements of your end devices (e.g. your microphone, your video camera and your keyboard). I've downloaded all of your information, data, photos, web browsing history to my servers. I have access to all of your messengers, social networks, emails, chat histories and contact lists. My virus is constantly updating the signatures (it is driver-based) and therefore remains invisible to antivirus software.

In addition, you now understand why I remained undiscovered until this letter ...

In collecting information about you, I found that you are a huge fan of adult websites. They really love visiting porn websites and watching exciting videos while getting a tremendous amount of pleasure in the process. Well I managed to capture a number of your dirty scenes and assemble a couple of videos showing you masturbating and achieving orgasms.

When in doubt, I can share all of your videos with your friends, co-workers, and relatives with just a few clicks of the mouse. I have no problem at all with making them available to the public. I suspect you don't want this because given the specificity of the videos you love to watch (you know exactly what I'm talking about) it would be a real disaster for you.

Let's fix it like this: They transfer me 1650 EUR (in bitcoin equivalent according to the exchange rate at the time of the money transfer) and once the transfer is received I'll delete all this dirty stuff right away. After that we will forget each other. I also promise to disable and delete all malware on your devices. Trust me, I keep my word.

This is a fair deal and the price is pretty cheap considering I've been looking at your profile and traffic for a while. In case you don't know how to buy and transfer the bitcoins - you can use any modern search engine.

Here is my bitcoin address: 1MFXuHKSbz6wEj1UA4vdqX1TvBCEoqpApi

You have less than 48 hours from the moment you opened this email (exactly 2 days).

Things To Avoid Doing: * Don't reply to me (I created this email in your inbox and generated the return address). * Do not try to contact the police or other security services. Also, avoid telling your friends. If I find out (as you can see it's really not that difficult considering I control all of your systems) - your video will be made public instantly. * Don't try to find me - it's absolutely pointless. All cryptocurrency transactions are anonymous. * Do not try to reinstall the operating system on your devices or throw them away. It's also pointless as all the videos have already been saved on remote servers.

Things you don't need to worry about: * That I won't be able to receive your transfer. - Don't worry, as soon as you have completed the transfer I will see that immediately, because I keep track of all your activities (my Trojan has a remote control function, something like TeamViewer). * That I would be sharing your videos anyway once you completed the money transfer. - Believe me, I have no reason to continue to burden your life. If I really wanted to, I would have done it a long time ago!

Everything will be done in a fair way!

One more thing ... don't get caught up in similar situations in the future! My advice - change all of your passwords regularly!"


No comments:

Post a Comment