Ruminations

You've Been Hacked!

This time of year everyone gets a lot of extra email. There are so many promotional and advertising emails that it's hard to tell the difference between legitimate ads and pure spam. I personally consider almost every ad to be spam, but that's just me.

I must admit that I'm very lucky. My primary work email address, and my primary personal email address, rarely receive ads or spam.

Last week I received an email at an email address that I very rarely use. It probably gets less than a handful of emails a year. This email was quarantined because it spoofed the "From" email address. It claimed that it came from the same email address that it was sent to. It claimed to come from me.

You can read the email here.

This email had a subject of "Your personal data has leaked due to suspected harmful activities". It claimed that they were a professional hacker and had hacked my "operating system". Furthermore, it claimed it had "full access" to my account. Sigh. Amateurs are just bad at what they do.

I'll go over some of the problems with the content and quality of the email in the next section. But I want to say right up front that, at the time of this writing, the sender had tricked 14 people into paying. These payments, at the time of this writing, totaled $8,981.68.

How can I know that this email was fake? There was absolutely nothing personal or identifying in it. It is completely generic and doesn't ever mention anything that's actually specific. It mentioned my "operating system", not my computer or phone or tablet. Just "operating system". It also said they had gained full access to my "account". What account? Computer login account? Email account? Social media account? Bank account?

At no time does this individual mention my name, operating system type (or device type), email address, nothing. And they could have at least modified their script to insert my email address into the text somewhere. This blackmail email could literally be sent to anyone, and it would be just as applicable as it is to me.

They mention that they have been "secretly monitoring" all my activities and watching me "for several months". If this were true, I would be worried about being sued for causing them irreparable, traumatic boredom.

Later in the text, they mention defeating antivirus software by using infected drivers, recording videos, and transferring the "infection" to "any other device that you own". Not even a mention of what those devices may be. They then threaten to share information with "all email addresses and messenger contacts of people you are in communication with on your device or PC". Once again, can't even pick a device nor a method of communication.

What all of this comes down to is a demand for payment of $850 in the Bitcoin cryptocurrency. And I needed to do this within "50 hours (2 days +)". Once I meet their demands, they will delete the videos and "disappear from your life once and for all." Not a surprise that they don't mention removing the infection that doesn't actually exist.

Something else of note: there is no way to contact this self-professed "hacker". So how will they even know that I paid them? They only know that some random crypto wallet transferred money to their crypto wallet. Cryptocurrency exchanges are by their nature anonymous, so how would they know who sent them the ransom, and if it was received within the "2 days +"?

They close their amateurish threat with, "Trust me, I am very careful, calculative and never make mistakes", and warning not to share this with others. I guess they won't be please by me writing about them in this post.

As you can probably tell from this post, I did not take this email seriously, nor did I pay them. But 14 people fell for this, paying almost $9,000 (as of this writing). And yet, no withdrawals have been made from this crypto wallet. Maybe it has been locked down, so no one else can make a deposit, and the scammer cannot get their hands on the cash they can see in the wallet. No imaginary hacker or infection required.

It's unfortunate that some people can be fooled by these types of emails. Perhaps, to some people, some of the things in this fake email hit too close to home. And perhaps, to some people, the fear of being "exposed" was greater than their ability to step back and really dissect this type of ransom demand. And they didn't know anyone they could trust enough to talk to about this.

I can only hope that more people can be made aware of these types of blackmail emails and realize that these generic messages can apply to just about anyone.

---