Geeks for your information Security Security Vendors Avast Avast Blog News and Info v
Avast Blog_Tips & Advices: What I did when an email tried to blackmail me
Avast Blog_Tips & Advices: What I did when an email tried to blackmail me
harlan4096 Online
MalWare Zoo Team
*******
Posts: 14,704
Threads: 9,636
Thanks Received: 9,085 in 7,235 posts
Thanks Given: 9,886
Joined: 12 September 18
#1
Lightbulb  04 July 21, 10:42
Quote:
[Image: Sextortion.3.png]

Plus, what to do if you receive a sextortion email yourself (hint: don't pay the ransom)

Y’all — I’ve been blackmailed. But I’m going to come clean, here, to you — the Avast readership — so that the blackmailer will no longer have power over me. Get ready, because this is my story.

I received an email a couple of months ago from an unknown sender. The subject line was my name, including my initial, with improper capitalization. Usually emails like that go straight to my spam folder, but this one didn’t — so I was intrigued! What could have gotten past the (usually very good) Gmail spam filter? 

I clicked on it and the text was…explicit. The sender claimed that he’d been watching me “by means of ur camera” and that he had images and intimate videos of me. He demanded I pay him in Bitcoin within “forty-eight h” to “save your prestige in the sight of men.” He also threatened that if I “neglect” his demand, the video tape of me would be “world heritage on the internet.” 

Now, obviously, I didn’t click on the included attachment. I also didn’t panic because: 
  1. I take precautions with the webcams on my laptops.
  2. I work for a security company and know that this type of email is common. It’s called a “sextortion” email and it’s almost always a phishing attempt filled with false threats.
Instead, I shared the email with my group chats, both personal and professional. On the personal side, two of my best friends — one who lives in DC and one who lives in Europe — also received the email. And when I went on Twitter later in the day, I saw that a bunch of people I follow had also been hit up by this sextortion email. The wording was always slightly different, but with the same bad grammar and spelling and the same message: I’ve been spying on you and have an explicit video of you and I’m going to expose you unless you pay me. 

So, on the professional side, my team decided to dive in and see what we could figure out from the metadata of the messages. How did these slip through the spam filter? Where were these messages originating? And what, if anything, should recipients of this type of blackmail do about it? 

Digging in to the sextortion emails

In total, our team looked at four emails, which were sent to me and to people I know. They were all received between April 12, 2021, and April 20, 2021.

Interestingly, all four went to Google Gmail accounts but were sent from either AOL or Yahoo accounts — both of which are owned by Verizon, for what it’s worth. The sender’s name and email address was different for each email and when we looked at the headers, it appeared that these are legit accounts that may have been compromised through malware or stolen credentials. 

All four emails were sent with a subject line that matched the recipient’s name, including middle names or initials. The recipient’s name wasn’t always part of the email address. Because of this — and that the recipient’s name had to be put into the subject line prior to sending — it’s likely that the sextortion operators had access to our names from a source other than our email addresses. They probably got that information from stolen data that included both our emails and names.

In terms of the actual messages we got, all four of us received a similarly worded email message that was notable for poor spelling and grammar. The message was a plain text message, meaning there weren’t any graphics or anything. There were also no links in the email body.

Below is the email message I received with the sender name, email address, and my email address redacted.

The messages came with an attached text message, which didn’t contain any malware. (Don’t worry — I didn’t open it. I have a team with safe computers to do that! Don’t ever click on attachments from an unknown source.) The attached text message was named with the exact same recipient name as the subject line, which boosts our theory that the sextortion operators had the name and email address of each target.

The attachments were simple. Two of them just had a Bitcoin wallet address and a US dollar amount. The other two had this, plus additional text that was similar — though not identical — to the text in the email message. Each one had their own Bitcoin wallet address, which makes sense because multiple Bitcoin addresses are common in sextortion campaigns.

Below is the ransom note that was attached to my message. (We redacted the Bitcoin wallet address so as to not give these jokers any more play.)
...
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
K-Lite Codec Pack 15.9.1 Update
Changes in 19.0.0 ...Kool — 05:00
QOwnNotes 19.1.6
25.6.1 A segmen...Kool — 15:34
Privazer 4.0.19
PrivaZer version v...Kool — 08:36
AMD announces Ryzen AI Z2 Extreme and Ry...
AMD is announcing ...harlan4096 — 08:12
AMD expands FSR4 game list to 65 titles,...
AMD adds more FSR4...harlan4096 — 08:10

[-]
Birthdays
Today's Birthdays
avatar (41)zacforat
avatar (46)NemrokReks
Upcoming Birthdays
avatar (38)Tedscolo
avatar (45)brakasig
avatar (44)JamesReshy
avatar (46)Francisemefe
avatar (39)leoniDup
avatar (38)Patrizaancem
avatar (38)biobdam
avatar (37)Barrackleve
avatar (39)Julioagopy
avatar (49)aolaupitt2558
avatar (39)storoBox
avatar (47)kinotHeemn
avatar (38)Ceballos1976
avatar (39)efynu
avatar (31)horancos

[-]
Online Staff
There are no staff members currently online.

>