Today I got a new version of the “Send me Bitcoin” email scam that I haven’t gotten before. This one has a different spin…
It threatens violence against me, unless I pay up.
Again, it should be stated, (as I have said in the last two blog posts,) that these emails come from a spoofed email account, and the only thing that is “real” in these emails, are my email address, and the scammer’s BitCoin account number.
Here is the scammer’s latest offering:
I run a site in the darknet, I sell all kinds of services – basically it is destruction to property and injury. In the main, all but the shooting. Often main reasons are rejected love or competition at work. This month she talked to me and gave me the task of empty acid in your visage. Standard order – quickly, painfully, for life.
Without too much fuss. I get money only after completing the order. Therefore, now I offer you pay me to be inactive, I propose this to nearly all the victims. If I do not see money from you, then my person will fulfill the order. If you transfer me money, in addition to my inaction, I will give you the information that I have about the client. After completing the task, I always spend the performer, so I have a choice, to get $1800 from you for information about the customer and my inaction, or to get $ 5000 from the customer, but with a high probability of losing the performer.
I’m getting payments in BitCoin, here’s my Bitcoin address – REDACTED
The summary I told above.
24 hours to decide and pay, and keep in mind that clock is ticking.
Latest update… today I got two emails, from two different spammers.
Both made it appear that they had hacked my account, by spoofing my email. (My email isn’t hacked.)
They are getting lazy, though. Even though the instructions specify that their BitCoin accounts are case sensitive, and that I should copy and paste it, when I send them their ransom… they have pasted the document, as an image into the email, so nobody can copy and paste their BitCoin address anyway! #Geniuses
Here are the latest versions.
Click on the images below, to open ’em up, and read the (slightly) different versions.
These jerks have bought a list of emails, likely from back, years ago, when LinkedIn user information was compromised… and are spitting it out to as many folks as they can reach, hoping that some of them will be taken in by it.
I am posting the many versions, with the hope that, by posting them, I create awareness that these are spammers, and they suck… but that they should be ignored, along with the money from Nigerian Princes, and emails from the CIA.
So, it seems that the folks who have (at some point) hacked website databases, have data mined the breaches, and sold their email / password info to a group that is blasting the “I have nasty pictures of you” scam out to everyone.
I’ve gotten a second version of the email, threatening to release embarrassing photos/videos of me, unless I “donate” $1000 worth of bitcoins to their account.
This version was worded differently, and came to my email, with my four year old password in the subject line… so I’m guessing this was from the LinkedIn data breach.
Again, the email it came from will either be hacked, or (more likely) spoofed. The only REAL thing in the email is the Spammer’s BitCoin account.
I have no intent in paying it, and am only posting this again, because other folks might gain benefit from word of the scam getting out there, and hopefully fewer folks will be victimized.
The content of the newest version of the email, can be viewed here.
And another new version, 2 months later. It can be viewed, here.
On Twitter there have been a number of folk who have been bewildered by their account suddenly spewing spam and apparently being hacked.
There are hackers out there who will, through “brute force” hack into an account. These hackers usually attack people like Ashton Kutcher, Eric Stonestreet, and other high profile celebs.
For those of us not having to dodge papparazzi, tabloid reporters and entertainment television, we just have to take a few simple precautions, and be aware of a few steps and take a few precautions, in order to prevent MOST problems.
First thing, before anything else, follow @TwitterSupport twitter account, so that you receive updates and suggestions from Twitter, on best practices and account security.
On Twitter, when you discover a spammer, phisher or a bot… you can block them, report them, or both. (Because different Twitter interfaces have different instructions, you’ll have to learn “how” on your own.)
1) If you find you are mentioned in an @ message, from someone you don’t follow, with the enticement of a free IKEA Gift Certificate/Starbucks Card/IPad2/iPhone/whatever… Don’t click on it. Just report the sender for spam, and block them.
2) If you get a DM (direct message) from a legitimate follower, who says to you: “Have you seen this bad blog/post/picture that mentions you ?” and a link… Don’t click on it. It will cause your account to be hacked. To address this… first, note the twitter handle of the person sending the message… then, delete the message… and finally, send that person an @ message, telling them their account has been hacked, their password was compromised, and they need to change their password. A good rule of thumb is: Unless someone sends you an @ message, telling you they are sending a DM message, NEVER CLICK ON A LINK IN A DM !!!
3) If you get a new follower who has few or no followers, often with a suggestive photo of a woman, often with a nonsensical user name (Michelle9f75n00()(), and often having a bio that says something like: “My parents don’t know I’ve had sex, but I like it a lot. Please follow me” and a link. Don’t click on the link… just block and report the account for spam.
By following these few precautions, hopefully folks can use Twitter with less problems, and without the frustration and embarrassment of having to let everyone know their account has been hacked.
See you on Twitter !!!