Today we have seen a big change in the plague of Blackmail, Sextortion Scam attempts we have all been seeing over the last few months and even years. The emails will all basically say that he has placed a keylogger on your computer and has evidence of you “playing with yourself” while visiting a porn site. He also states that he has stolen your contacts list. There have been numerous variations in the wording of the email body, but all are basically the same. Note that I am also still receiving the “normal” emails involved with this scam. Some of which have also slightly changed and instead of text in the emails either has 2 images of all the wording with the bitcoin address for payment in plain text so you can copy & paste it. Or 1 complete image with all the wording including the bitcoin address. The chances of anybody actually writing down a full bitcoin address from an image & actually paying it, must be approximately nil.
Instead of the usual $1000 to $2000 ransom demand he asks for a quite reasonable $310.
This example is quite different to previous versions and is much more likely to get a response from many recipients. Unlike previous attempts, this time he attaches a zip with “proof” of your “wrongdoing”. The zip is password protected and to get the password you need to “view the video” on the link in the email. However there is no video at that link instead there is a page that asks you to pay $100 in bitcoin or other digital currency and he will send the password so you can open the zip.
This is what the zip contains, but of course I cannot actually open it to see what the actual content is, only preview the list of contents.
If any security researcher wants to try & brute-force the password in the zip to see what it does actually contain, then it can be downloaded from HERE.
The link in the email went to http://sonyps4news.com/68585942 which redirected me ( using anyrun ) to https://www.cryptonator.com/merchant/invoice/ba25846b41319703c8d7ae67f2864a75?utm_referrer=# Each visitor will get a different payment page with a different code. There is a 30 minute countdown on the payment page & that does genuinely expire & you need to start again.
www.cryptonator.com appears to be a “genuine” digital currency payment service provider that can and is being abused by these criminal scammers. I honestly don’t know how legitimate or private the service is, but it does seem to have been around since 2013 and is hosted in Russia.
I had problems getting directly to the sonyps4news.com landing page via my UK IP address and using Tor, I was redirected to Amazon.com. Using Anyrun I could get to this page. You can see a video of this on the Anyrun page. However subsequent attempts did get me through.
Any attempt at using any known Proxy or Tor to get to the site(s) in the email results in being diverted to either Google Maps, Amazon or Ebay.
However I have managed to actually intercept the contact on a new email link http://smm-strategy.com/proof via Anyrun where I can see the actual “merchant” ID number which hopefully might help to track down & stop this particular scammer.
It is highly likely he is in Russia based on the extra junk and non displaying div classes.
This are a couple of screenshots from when I did get through
One of the emails looks like:
Note the recipient of this particular email is a “sock-puppet” member of a small forum, that we used for phun purposes to wind up each other. It does not exist in real life.
From: Dr fuss bogle <firstname.lastname@example.org>
Date: Tue 20/02/2018 02:15
Subject:Re: #68585942 [dr fuss email@example.com] You can panic – 07.04.2019 11:44:14
Camѐrа rѐаdy,N0tificаti0n: #68585942 – 07.04.2019
Status: Waiting for Reply 56xuTaYy5A4f98wJnMmIkM3XrT4Ey95Bu0_Priority: Normа]l
Hi there.. .
This email will not acquire a lot of time, so direct to the issue. I obtained a movie of you buffing the banana when at the pornweb site you’re stopped at, due to a good arse software program I have been able to put on several sites with that type of content.
You press play and all cameras and a mic begin their work it also will save every fucking element coming from your computer system, just like contact info, account details or crap like that, guess where i have this e-mail from?) Therefore now we all know who i am going to deliver that to, if you not necessarily gonna negotiate this with me.
I am going to place a account wallet address under for you to send me 310 usd in Three dayz maximum through bitcoin. See, it isn’t that big of a total to pay, guess this tends to make me not that terrible of a guy.
You’re welcome to try and do whatever da fuck you would like to, yet if i won’t find the total in the period of time mentioned above, clearly… u by now understand what can happen.
So it’s under your control now. I am not gonna undergo all the info and shit, simply don’t have time for this and also you most likely know that net is filled with mail similar to this, so it’s as well your decision to trust in this or not, there is only a proven way to find out.
Here’s the btc wallet address- 16fSXe21QhnmhvZskmtrWnvoRWFbAeAVG3
Password in the video >>
Update 8 April 2019: Another slightly different version this morning with no password zip but a plain simple PDF that has the link to see the proof. This link redirects again to cryptonator.com and asks for $25 to see the evidence. ( I have also heard of versions that ask for varying amounts between $1 and $100, with $10, $25 & $50 beeing more frequent.
Note: there was a genuine kevin leonard working for the BBC back in 2010-2013. I can find nothing about him since then. I have absolutely no idea why an email allegedly sent to him was actually addressed to an address on my server
The pdf looks like:
What to do when you receive a Blackmail, Sextortion Scam email
If you do receive any email like this, Don’t panic, Do not respond to it, Read this page fully and carefully, especially the section about changing passwords and contacting your bank & credit card company. Then contact the appropriate police /fraud authority in your country, follow the advice on their site to report this crime and then delete the email from your computer.
- In UK use Action Fraud
- If you are in USA then use the FBI IC3 report site.
- In Australia use ScamWatch
- Anywhere in EU see https://www.europol.europa.eu/report-a-crime/report-cybercrime-online for country contacts
- In Switzerland use https://stop-sextortion.ch/en/index.html
- Most other countries worldwide will have a similar method of reporting these sextortion, blackmail, scam attempts.
- You can also report the bitcoin wallet number to the Bitcoin abuse system. This list is used by law enforcement and researchers to monitor transactions and hopefully catch the criminals when they slip up & spend the money or move the money to a bank account etc.
- Do not reply to the scammer. Do not pay any money to him.
- He has not hacked or otherwise compromised your computer, Mobile Phone, Tablet or any other device.
- He does not have any screenshots or videos of you doing anything.
Bitcoins are anonymous and very difficult to find the “owner” of a wallet. BUT every transaction into & out of a bitcoin wallet is recorded, registered and tracked. Every report of abuse to the Bitcoin abuse system is examined by a researcher and the wallet number monitored. Eventually a criminal will make a mistake or slip up and perform a transaction that will eventually lead to his arrest and conviction for the fraud. Bitcoins or any other currency is absolutely useless, unless you can spend it. These criminals try to launder the money by moving it through dozens, if not hundreds of different bitcoin wallets, hoping that the trail gets muddied and won’t be followed. The trail is always followed and eventually it will lead to a person. While the money stays in bitcoin and is not spent, there is little chance of actually catching anybody. But there is no point in the criminal keeping his money in bitcoins where it does nothing, might gain in value or might lose in value. All money is only useful when you can spend it.
Why do criminals commit these crimes? The reason is to make money. So they want to spend it. You can buy almost anything with bitcoin nowadays, from online software, paying for movies or music, to a pair of shoes, clothing, accessories, a car or even a house. This is where a criminal will slip up and has to give a physical address to receive the goods. That is when law enforcement can step in and hopefully catch these criminals.
I am using bitcoin as a generic term for digital money in this case, but the majority of these blackmail, sextortion scams do use a bitcoin wallet rather than any other digital blockchain wallet. There are dozens of different digital block-chain wallets
Stolen, leaked or compromised passwords:
Some versions of this horrible & very worrying blackmail, Sextortion scam are using details from one of the recent pastes of stolen information. They are inserting your name and a password that is associated with your email address from a previously hacked or compromised site or company into the email.
Enter your email address on https://haveibeenpwned.com/ and see where your info had been stolen from. Then make sure you change the password (s) on any site listed and any other site where you have used the same password.
If you have ever used the same password on other sites Then you will be at serious risk of a full identity compromise. That includes all passwords, logins to forums, blogs, Facebook, Twitter, Instagram & other websites, your email service, shopping sites etc. and most of all your Bank, Credit card or PayPal details. It is vital that you change all your passwords everywhere and in many occasions it is necessary to get in touch with your Bank or other financial body to inform them that all your details may ( probably have ) been stolen.
Never, EVER use the same password on different sites. Always use a different password for each site you log in to. Don’t use simple passwords, like your name, Your Husband’s/Wife’s, your Boyfriend’s/Girlfriend’s, Your Dog’s or Cat’s name. Always use a strong password with a mixture of letters and numbers and different characters. Something like jenny, Rover, 12345, 54321, password, login or similar words are absolutely useless. You need something like TsfE£%9& to stop them being guessed.
Use a Password Manager to create, store and keep passwords updated, safe and secure.
I recommend using ROBOFORM to keep & create safe secure passwords to log in to websites safely & securely
It doesn’t matter how strong, complicated, long or secure your password is, IF the site is was used on has been hacked or compromised and data stolen from it. If you use a different randomly generated password on each site, then any compromise or theft of details can only apply to that site.
Never, EVER use the same password on different sites. Always use a different password for each site you log in to