Bitcoin Sextorsion – What to do.

Taitau is a Lithuanian brand of especially high quality – natural chocolate. We love it, so will you.

Hello, good morning from Shunyi.
This particular piece on sextortion and scams deviates widely from our usual China business focus, inspired by a few questioning emails and friends who had been infected.

WPBeijing was a marketing studio founded by Peter Bic and Everlyne Yu in Beijing, October 2003. Now known as Bic Brands NZ Co Ltd and Uengager, a Beijing registered Martech company.
Aim2D is an umbrella media arm of Bic Brands.

This article is part of a Weekend Series where we dare to share some of our experiences, insights and off topic commentary (usually caustic) oft supported by links to third party articles or sites.
As with all our work, there is no
copy-write. You are free to share, sub-edit, reproduce, sell, heck, even claim it as your own work if you are so desperate. But we are sure you can do better!

However, please bear in mind, some articles contain content from other creatives.
We ask you at least respect
their IP and labour.

Of course, we won’t say no if you want to link back to us, or in other ways acknowledge us!
So, make yourself a pot of Oolong tea, grab a chocolate bar and settle down for a longer read
.

==============================================================================

fake news paper
fake news paper

A fine, sunny, spring day ahead. Now watch some so and so come along and mess it up. And sure enough it happened. A series of SPAM emails suggesting we might like to make a BITCOIN donation to prevent our intimate sexual details being broadcast globally. Likely as not this has happened to you, or will. It is a scam. Read on to learn more.

If this is the first time you have received this, the first rule is relax. The email and contents are largely bullshit. The scammer is preying on your fear and ignorance to panic you into not thinking clearly and quickly paying her or him.

They ARE ALSO PLAYING A NUMBERS GAME, YOU KNOW; TOSS A DICE SO MANY TIMES AND SIX WILL COME UP

The second point is that many of the claims they make re their control of your device play on fear, the average persons lack of technical knowledge and headlines we read in today’s mainstream media. OK, yes, technically it is possible, in some cases, to take control of someone else’s mic and camera. But the scammers claims mix in a large amount of creative licence!

Besides, that takes hard work and intelligence. Your friendly scammer is far to lazy and uneducated for that. She is looking for a quick, easy bucks, just like your common thief or pickpocket. As we said, the numbers game. She knows out of the several million emails sent, one person will have visited an adult website and be technically ignorant enough to believe them.

So to recap; don’t panic, you have a far greater chance of winning the billion dollar lottery or being struck by lightening than this being true. Over the past few years we have received, on average, 3 or 4 of these a week. We have reported every one, never paid and we are still alive.

So that is the most important aspect covered; take a deep breath, relax and find out how to report these and why you should from these report Bitcoin spammer links. Or you can read on and learn a little more detail and specific strategies.

For clarity and transparency, we need to state we are not aligned to any of the links we quote here. Nor are we affiliates receiving any form of payment, either in cash or kind. Secondly, whilst we are a tech firm, we are not writing from a tech perspective. Nor for tech orientated people. In fact, quite the reverse. We keep it simple to hopefully make non tech literate readers aware of their options and empower them to take action. For the sake of brevity we generalise and do not go into detail.

Bitcoin Sextortion Scams – what you can do

Let’s make it clear from the get go, this is not real. It is a scam. It is fake. A hoax. A pack of lies. A wild guess. You have not been specifically targeted. Despite the impression they are trying to create, the writer does not know you, from a bar of soap. He is an opportunist, using jargon, fear and threats to intimate you. In short, it is Bullshit. We’ll do this in a step by step basis. Starting with the: “why me?” question.

The why me question.

Short answer is; it’s not. As we said above, you have not been carefully selected or targeted personally. The scammer is trying to make you think you have been. Like most scams and spam, the spammer has likely sent out several million of these with one click. You just happen to be one of them. A bit like bottom dredging where fishing nets scrape and catch everything at the bottom of the ocean. Among the old sneakers, 6 pack ties, plastic bags, soft drink bottles and general rubbish they hopping to catch enough fish to sell on the market. Your friendly email scammer uses the same approach. For her it is a numbers game, same as a lottery ticket, someone has to win.

Which begs the question, how did they get my email address. Short answer; multiple ways. Your ISP might be insecure. It can happen if you are using a free email provider or cheaper email or hosting server or service. Hosting is one of those things you get what you pay for. Whilst several providers may look the same statistically, the price difference may be in “intangibles.” The degree to which they secure and protect your website. Maybe a scammer has cracked their weak security and harvested every email address saved on their machine, including yours.

It could even be down to you if you are using a week password, such as your name or birthday~
It also happens with monotonous regularity that some of the very sites we trust, such as Facebook, Google, LinkedIn, Instagram or those we willingly gave our email address to for their newsy emails turn out to be less than secure and our personal details stolen.

In truth, the internet is not a safe place. It is nigh impossible for anything to be 100% secure. It is a bad idea to use your main Email address for subscription sign ups. Grab a free one on line. When it is compromised, close it, open another.

So first thing; change your password, make it cryptic and a lot more secure. Experts say the best password is one YOU can’t easily remember, so write it down. Also, check your operating system. Is the security up to date? It is distinctly possible for someone to hack your machine, access your email address book and use that. This is especially likely if you are using one of the old Windows O/S, such as Windows 2000, XP, Vista or Win 7. These no longer have security updates from Microsoft so are easy prey for even amateur spammers.

Alternatively, a family member, colleague or friend may be using an insecure or out dated O/S. Your email details held on her computer are also available for basic scammers to harvest. Run an anti virus check often, at least weekly on your own machines. There are multiple AV software on the market. Some freemium, others costly. The average home user/ small business does not need a multi hundred dollar subscription to a fancy AV. SaaS. If you run a current Microsoft system, it comes with Windows Defender pre installed, free. It is as good as most people need. Activate it and install it. Set it to auto scan, auto update.

If you, or family / friends are using an expired operating system, upgrade to the latest Windows; currently 10. There are some factors which may cause you to hesitate, example, cost. Another hurdle may be your current hardware will not support Win 10. All is not lost. In either case you can very likely switch to a Linux system. The software is free and runs on very old machines. Bear in mind, Linux was the grandfather for both Mac OS and Windows, so is not as different or as complex as you think. And no, Linux is not immune to virus, but is less likely. You should still have some form of protection.

This link to Zorin is a good start. If you do have a VERY old computer, we suggest Zorin lite – although we have 20+ year old machine using Zorin Core. Zorin has a familiar XP feel and set up. They also have a very friendly and helpful support user base. And no, we do not receive any commission from or favours from Zorin. An expired Windows opens you up to more serious risks than just spam. If you do any on line shopping or banking, your bank and credit card details are also sitting waiting for someone to pocket. We talk more about this later.

Many Trojan or scams are invited in by you!
Sure, of course you know NOT to click on or open links from people you don’t know.
You DO know that – don’t you?
Scammers know you know that.
So today they rarely include links.
Instead, they use images.
So don’t open strange pictures either!
We talk about this again later too.

Has a third party leaked your private details?

As well as your ISP, mentioned above, any one of your on line accounts may have been breached. Facebook and many big social media sites as well as your regular news feed or favorite brand mass mailer can be subject to a data breach. Again, your details as well as millions of others which are held on their computer are simply sucked up by the spammer.

Usually the thief will then offer to sell the data back to the firm – blackmail. If they refuse, this list is then put up for sale on the black web and your details become public. Even if a ransom is paid, there is no guarantee that the list will not become pubic at some future date. Many brands, big and small buy lists, usually quite innocently not realising it has been composed from stolen data. Bear in mind there are many, many lists available on line, not all are stolen data. Think of it as money laundering.

Press here to check to see if, how and where your Email and personal details have been compromised. If yes, tighten your security, change your password. If your Email has been compromised chances are scammers also have the data of your address book. So let your contacts know their email may have been compromised so they can check and make changes if need be. Fighting spam, ID theft and extortion is a community effort, so share that link with everyone in your circles or friend lists.

Fighting Back

Now we know some of the causes, let’s look at what you can do, other than tighten your security. If this is new to you, the initial Email looks something like this:

Regarding Zoom Conference call 
From:nieves20 <nieves20@breakawaymusic.com>  
Date:Wednesday, Oct 28, 2020 4:54 PM
To:you <you@youremail.com>
Hello. I’ll need your attention now. This is the last warning.
You have used Zoom recently, like most of us during these bad COVID times. And I have very unfortunate news for you.
I’ll give you some background on what happened.

There was a zero day security vulnerability on Zoom app, that allowed me a full time access to your camera and some other metadata on your account.
You were just unlucky to be targeted.
And as you can imagine in your worst dreams, I have made a footage with you as a main actor.
You work on yourself (perform sex act to be clear). Having fun is ok with me, but is not ok with your reputation.

Please dont blame me or yourself for this. You couldn’t know that the camera was working.
I’m sure you don’t want to be the next Jeffrey Toobin and get embarrassed in front of all your friends, family and colleagues.
You should get this very clear, I will send this video to all your contacts if I dont get paid.
Are you wondering how I got your contacts? Through the same exploit, zoom app allowed me to extract all sensitive info from your device.

So here is what we will do. You pay me $2000 in bitcoin, and nothing of this will happen. You have 2 days to make the payment.
After I get the money, I will delete the footage and information about you. The amount is not negotiable.
Send 0.15 Bitcoin (about 2k USD at the current exchange rate) to my wallet 1BxU17Z4EeLNm3HRZQvbfCPvktP1mZ19td
Having trouble with buying bitcoin? Just google on how to buy it, it’s very easy to use and anonymous.
P.S. Don’t try to report this to the police, I use TOR and bitcoin can’t be traced. Do not email me back. If you do something stupid, I will distribute the video.
Good luck. Don’t stress

Analysis

The subject, in blue is apt to change as the scam becomes better known. The email address here is obviously fake yet he tries to convince you he is real by warning against emailing him back. Scammers also “move with the times.” A few years ago they claimed to have hijacked your camera and mic and recorded you watching and enjoying an adult website. As it became known that this was unlikely, the game changed. Today, with many of us working from home on Zoom, they have another angle. Tomorrow, who knows.

But the format and MO is always the same. Appealing to you or trying to help you, at the same time dropping just enough tech language in to confuse you and sow doubt. It sounds plausible to the inexperienced for whom the jargon means nothing. Then the threat of exposing you to all your friends unless you pay a bitcoin ransom.

However, remember the best bit of advice he offers is; “don’t stress.” Don’t panic. This is exactly what they are hoping you will do. They want you to panic, to stop thinking clearly, knee jerk reaction – and pay. Remember, this is fake, it is not real and he has no idea who you are. And he is not as clever as he thinks. Let’s just back the truck up a bit. What do you think is the most popular topic on the web? You are right, sex, porn.

Now, if you were in the food business, where would you set up your stall? In the dessert of middle of a busy square? Right, you need to be where people are. He is also gambling that you have a mic and camera built in. Most modern devices do. So the scammer knows he has a probably 60+% chance of reaching someone who has been watching porn and enjoying it. What he doesn’t know is if it is you or not.

To her that is not important. She is playing the numbers which are in her favour. If she sends 200,000 emails, if just 1% reach a potential target and just 1% pay she has potentially earned 20 times her US$2000 fee. Not bad for a few moments work.

A quick look at jargon

The primary aim here is to use words you have heard of on the news or seen in the movies or TV series but may not understand. Some are made up expression. They are gambling you don’t know that. Scare tactics. A zero day vulnerability is an unexpected  security hole in a piece of software. Sounds serious? It is. But usually developers know about it and are working on a fix. If some thing like Zoom were impacted, the developers would quickly make sure the entire world knew about it. You and every user would be notified. Of course, not all software. Some very small apps might actually take a bit of time to fix so yes, they are vulnerable to our hacker friend.

But, ask your self, where is the value in that? Where is pay off? If only a few people use it? The odds are against the hacker. In short, they know a major piece of software is NOT corrupted, they are gambling that some of you don’t know that and will pay.

If you have been paying attention, you will have noticed we are basically saying the same thing over and over in different ways. One last time with feeling: they are playing on your guilt, fear and tech ignorance.

Tor is actually just another browser, same as Chromium or Firefox. However, TOR is a lot more secure as it hides users web activity. It also gives access to what is called “The Dark Web” a place where people with alternative minds like to post and read stuff that that law enforcement authorities are not so happy about. Many paedophiles use this browser. Pages on these web are not indexed by popular search engines so harder to trace. You can download Tor here if you are so inclined.

Options

So now, hopefully, you know this is a bluff. His email address is a fake and neither of you actually know each other. it is a stand off. A draw. There is nothing he can do to enforce his demand, other than scare tactics and nothing you can do to retaliate. Or is there?

Earlier we said he might not be as clever as he thinks. We will explore that with two options. Firstly open this link, the BITCOIN spam register. Yes, we CAN actually check on Bitcoin users! As you can see from our image below, there is an option to insert the spammers bitcoin address – highlighted in yellow in our email copy above which we have done. This is just one of several online tools, a quick search will throw up others. Use any or all of them!

https://bitcoinwhoswho.com/scams

Once you have copied the Bitcoin wallet address and pasted it into the box, press the search – show as a magnifying glass- and wait a few seconds. You will then be rewarded with the below image. You can see this has been reported 8 times already- probably more unless the account has been taken down, and that no one has fallen for his scam. No payments received You also have an option to report it – top right, above the QR code. DO THAT. Remember, Bitcoin is community driven. We work together to police it.

When you press “REPORT SCAM” a little popup appears as below. If you have time, DO include an image but as it says, block out your contact and personal details. If there is a website listed, name it. Select the best SCAM TYPE match from the drop down menu. There is more than just sextortion scams although they are trending right now! Add any comments, or a copy of the email. This helps others. And as the scammer says: Don’t Stress, you have now proven to yourself it is a fake and have done something positive to derail his game.

More than a one trick pony

There are other options open to us. First off, head over to report any type of internet spam, scam, hoax or fraud. It is a US Gvt site; they ask a lot of questions. Only complete the fields or give them the personal details you’re comfy with. In case you have not learnt by now, the more detail you spew onto the Internet, the more chances there are of you being scammed, spammed or cheated. You might as well paint a huge target on your back.

Next up, Spamcop where we will try to make life a little more irritating for our scammer. This involves a bit more effort than the last tricks so we will walk through it. The link opens to a free registration page. Click the REGISTER button as shown in the image below. This will take you to the details page, towards he bottom you have opportunity to sign up. Input your name, email address, complete the security code and press “Send Authorisation Email.” A little later a confirmation email will arrive in your email box. Copy and save your password – you will need it soon. Follow the instructions. There should be an auto link to the login page, if not return to their home page and press login. We have begun!

Their logon page is simplicity itself, even if you have never done this before. You need your account or user name, as stated in the email, and the password you copied a few moments ago. At this point you can either use the drop down to change the password expiry from 12 hours to one year. Or, make a mental note to go into your dash board and change the password to something you can remember when we have finished- as explained in their email. We are going to move onto your email next – but DO NOT CLOSE THIS PAGE- LEAVE IT OPEN. DO NOT CLOSE THIS PAGEDO NOT CLOSE THIS PAGE- LEAVE IT OPEN. DO NOT CLOSE THIS PAGE- LEAVE IT OPEN.

spamcop login form
spamcop login form

Email headers

To be any use to SPAMCOP you need to send them more than just the email. They need the full Email headers. Often known as the full email. it has a lot more info re the process. Now this is where we have to let you go on your own for a while as there are numerous email providers and each has its own way of finding the headers. Spamcop providers links to many here, otherwise you may need to surf on line using: “How to find headers in Gmail” for example. If yours isn’t there maybe you need to contact your email provider’s support team. In which case, you may need to log in again to Spamcop.

It may likely look something like this: warning – this goes on a bit!

Received: from 209.85.128.50 (unknown [209.85.128.50])
	by newmx38.qq.com (NewMx) with SMTP id 
	for <your email.com>; Mon, 26 Apr 2021 05:59:25 +0800
X-QQ-SPAM: true
X-QQ-FEAT: 39PxFzJiqTgv9ReLG4ImbtMLoagG4JOh
X-QQ-MAILINFO: MAQuN/jG9sB+SIPHh2066r4WkabwICcglsQbjrzzZ+HXfLemJKIQWdG3J
naCrt/ALljSLUtYrCfXfHRRYHLPSYEsxQMO+XCdK/xMR389WLuJ830j2kdqg1lj0u/EMJAH
NcJFEkuUjDyr8HwjHS40ZEV9dBLz/1RvheJbc/P57vVz/XDrDHHHXfANvHXGTcCteT+n94A
X-QQ-mid: mxszb55t1619387962tprj1wbrs
X-QQ-ORGSender: beckiwilliecp@acmestaple.com
X-QQ-XMAILINFO: Mxeqk3bnxrvBV2xDiDaF4vGzqLgv3mFtduuqwvMXlTY9Os9G3b2/TKPGwh5yZB
F0YfYOV2HTEImWqTdrv29YmT5BokuFMYEXUFNV2X6fECXWC+9TT5uEu3M9o3cuhc2/pyXcko
fktCzyuBpTD7bbr2Ya8CnHJR5IWwHpkgAqy0RBdmt0IVUCTqN5h6UsNeu2tkQWkB2hSKlfrY
/Zfju3CZ4O3QwgZ+d9YhzhJyJfBWHD3tWVJr6P8bW0p+Bxj7kEyRqjPK3hc+CDWFVjKEzmff
aWI89VMKl85YaRJXKR8CkSpYjG0HZDGX4vJua0Br8F3rSReq43dwfm5b0Raw7MtNr/oy4UYR
W87b1GgBw26CmTNwueC63hxGKNGoc8CI/akauhCUrOPY8aHfKYXaPboxDGCozsMlUqvSpIp6
sWWZCVTaxZGh4kWhENMsl/Rnj9eP+IRadhI2tbFvP3UHaRF28k55kSOSwR017Lk21o9+BjLv
1xc3rB4X5QtvkN6QH5mwVsjbWnxfZrEGMbUeAChj8JEBPrfiK6a3JXD43rZ8dh60dMYLXrgY
eb43v7LvUT0h/KkEdQhGVnA1TPEh2U5SKpLsIv1IxbQgj+0Z4KZgq/u5HHhKeHsEm/dmWlNj
MrFpVp2Qq7KO0whugVkgcwYMPFV9sps25RdhQuIgn4+Xbp0hTzQY2eRCAWnYlbwNaPV3TDdK
PMxy+DzJTwuaaAqosmMx/gj/w2SDjzeBAI/vOIO3eE7oQQSsfziAzvMVW6HW84uqBJcOCSvL
MUA2eYN/qHPod/Y+6lGBPDZrAIDKguFtOAYV8Jv9RqwaCp86ajocAxa7oXcYHFYHlaTP0xxh
4YSlWe/8F5mfkbAoIXvXTlWb0YSyzIVrv9fxhMrUyJKwOIYyIytVFDW97tjHbTiA==
Received: by mail-wm1-f50.google.com with SMTP id p10-20020a1c544a0000b02901387e17700fso4024546wmi.2
        for <your email.com>; Sun, 25 Apr 2021 14:59:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
       h=x-original-authentication-results:x-gm-message-state:message-id
         :from:to:subject:date:mime-version:content-transfer-encoding;
        bh=Bt2vL1i+p6HssHsDwyY3d5qtyBhs99Lwmt5x8HxTEGc=;
    b=NuAHSHFTZ9MhCTUs3539Al64FLELLINykyH+14/4wjvqxR6avcLJCzVnRpLQL3LbFE
    /KUS6L+gA+YOM/nUNzQw7FBl8XN6fWWZq6A9/RO6rIYClB5BDRAdjLZFvZCVfTYSCvSl
    GlUo8578zB7+AYNvyEjakaYCT+UouLGJyIRjwP6isVT2heoJVpKBNmObwPbYAVzvWEB8
        xlnMjlN2hVdqsEO6LA2WSHHxhjnGrc2uBzaeLzrDtDm62SaUpHqAgDarhdSx3CIP
  1dNpW3CAMht1wVirgW7MUDzcvpXaygpACZNDjbBhhK6oOeaBZ/LlK+RAgjWFgdHz3Bo
X-Original-Authentication-Results: gmr-mx.google.com;       spf=neutral (google.com: 103.91.141.139 is neither permitted nor denied by best guess record for domain of beckiwilliecp@acmestaple.com) smtp.mailfrom=beckiwilliecp@acmestaple.com
X-Gm-Message-State: AOAM531vNb9ZTC1im9WozBs6QSquLuKaNWeRyoMar/+jN3PEzCkmHyeI
	FDtDNkxpvzQU9jRqwzNQLpQy4co1qCuNaCQc1A==
X-Google-Smtp-Source: ABdhPJyanEdz6MUor5f4I6KNhDjQ4CBF9zlsCdFBpIoQdJjrMNy6KrglF7thpkWIGQjTjZFTQ1yqA/KbraS5uOmMLxE7/O96ff4=
X-Received: by 2002:a7b:c157:: with SMTP id z23mr17678492wmi.146.1619387961584;
        Sun, 25 Apr 2021 14:59:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1619387961; cv=none;
        d=google.com; s=arc-20160816;
    b=TWwf/i+QBAo+7URxd6cAVbPjNqCMwF6muLE3iAfdCMqgH1uP6e27UFv1/FQTdZv36E
    z9LYah1bLsOKlTyE1mxd1l4zLV7hWnroD3+mTnTDjDOkMvA44adwYEFzyTOJla0M5ViP
    exVDSGyYnimkY68N4qM/gM+VUQOJZcCbcAi6dc2Q4mqh7rJvufP8Va1aGQ+7rYof4tPb
    CawJl4gTVs5SZI/v+GbdZFfiP8lWLgEEYw05ydZ9XbBKOBA0sJOWeCP1mUDIOnfrpdxO
   WLJjMDzWudCpZiBevU+zDFLZ69QFjrrI6cVciUURwhi4xkhYcmAqAt9W+ptv21WsE49
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:date:subject:to:from
         :message-id;
        bh=Bt2vL1i+p6HssHsDwyY3d5qtyBhs99Lwmt5x8HxTEGc=;
    b=xAmRjylnwr/bE1KqxrWbXs13awbBuIaDIW8gLDUjXhkILKoqqi819yZzel2BKxOyER
   wt3B09lzCzqG9Pi22Uep2/Y9AIRaWXh5nyhfD9gO69vij83FZwOliSR0+cktY9m6/Lmh
  aWu431VCGeRMEoV5LYQUCf846IgzqzbJkbyKMWQMOP49CSDDSlNZdk+6SwBK8Wyjj        9BfvWjD7dKkQl+WjgFPk+PysHJxEEKRUfQkqmglnFIMhq8+KBPDFOQDlEwpMBzxTlPL2v7G/
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=neutral (google.com: 103.91.141.139 is neither permitted nor denied by best guess record for domain of beckiwilliecp@acmestaple.com) smtp.mailfrom=beckiwilliecp@acmestaple.com
Return-Path: <beckiwilliecp@acmestaple.com>
Received: from [103.91.141.139] ([103.91.141.139])
        by gmr-mx.google.com with ESMTP id s21si998114wmh.2.2021.04.25.14.59.20
        for <your email.com>;
        Sun, 25 Apr 2021 14:59:21 -0700 (PDT)
Received-SPF: neutral (google.com: 103.91.141.139 is neither permitted nor denied by best guess record for domain of beckiwilliecp@acmestaple.com) client-ip=103.91.141.139;
Authentication-Results: gmr-mx.google.com;
       spf=neutral (google.com: 103.91.141.139 is neither permitted nor denied by best guess record for domain of beckiwilliecp@acmestaple.com) smtp.mailfrom=beckiwilliecp@acmestaple.com
Message-ID: <BBD192D84AF89B006A2963F14320BBD1@N6UILQMINA>
From: <beckiwilliecp@acmestaple.com>
To: <your email.com>
Subject: Cooperation Offer
Date: 26 Apr 2021 12:20:19 +0700
MIME-Version: 1.0
Content-Type: text/plain charset="windows-1250"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.4988
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.4988
< REAL SPAM OR HOAX MESSAGE BEGINS HERE>

OK, finish line is in sight. Once you have your headers open, copy them, then return to your still open SPAMBOT page and press login in, and then REPORT SPAM. Paste the FULL HEADERS AND EMAIL BODY you saved before into the content box as shown below. Press the PROCESS SPAM button and wait a few moments. Another screen will appear showing the ISP the spammer used to send his email. Press report spam, et voila, he is noticed.

Be aware, this is NOT going to stop her, she is unlikely to use the same ISP twice and very likely has other ISP’s lined up. There are also many, many ISP’s around the globe so she has plenty of choice. Note also that although it may APPEAR that the email is originating in Iran, Russia, Nigeria, or China this is a decoy. In most of our cases, the originator is traced back to the US.

Sadly though, in poorer countries ISP do not do not really care what the content is or where it came from as long as they are paid. So reporting may fall on deaf ears. However, it does cut down on options ever so slightly, and eventually they come under pressure as the major Internet providers black list them. Most important, it empowers you in knowing you have created a little bit of aggro for the spammer. PAY BACK!

spamcop spam input form
spamcop spam input form

It’s not all about sex, babe!

While we have focused, so far, on sextortion type scams and emails, they are not the only shark in the ocean. They may not be as blatant, obvious and ‘in yer face” as sextortion scams, but there are others, just as dangerous. Maybe more so as they seem benign and harmless. Let’s now look at those “brand” or news letter type emails than we – in the west – frequently subscribe to.

These are a little more cunning as they take advantage of us in a few ways. Firstly, as we said, many western people subscribe to several news links, brand emails, or interest news letters. We are used to opening these and enjoying a good, interesting, informative read. Our defences are down. So when one pops up, we often don’t take too much time to think about it. By the time we realise it is not on our list, it may be too late.

Secondly, they may carry the branding of a well known and popular EDM organisations [Electronic Direct Mail] such as Mailchimp. As a market leader, Mailchimp is often used because again, we tend to trust anything that comes from them. But just because it is dressed in Mailchimp’s clothes and carries that cheeky monkey image doesn’t guarantee its authenticity. Third rate scammers can very easily clone or spoof the Mailchimp or any other brand effect. And even if it is genuine, occasionally a bad banana slips though the screening net.

A rose by any other name is still a weed

Let’s digress a moment and step back a few years to a young apprentice working in a strawberry farm. The backbreaking task of weeding. The farm also cultivates carnations in glasshouses for export. Later, as the boss inspects his work he points to a carnation plant growing in the bed. The lad explains it is a carnation so he has left it, expecting some praise for being able to discern the difference. Instead the boss explodes: “anything that isn’t a strawberry is a weed. Pull it out.”

The lesson here is: anything you have not subscribed to or requested is spam

OK, we said earlier these emails may be more dangerous than the sextortion type. Why? Well it comes down to payload, or what code or script they are carrying. This script will ultimately be loaded into your computer via the O/S or C drive in Windows. Once activated it might simply burrow into your email account and harvest every contact in your address book. The scammer may then compile a list and sell it on the black market, as we have discussed above.

Or she may have developed a script to search though all your data searching for bank account details. Once she has this it is a relatively simple step to break the password, access your account electronically, and withdraw the funds. Your bank will no doubt be sympathetic, but as the data breach happened on your machine, they will not accept any liability.

We need to feel a little sorry for scammers. As fast they they discover some way to make easy money, some spoilsport, like us makes it publicly known. So their scams and tricks have a limited life. Consequently, they are always having to come up with something new. Most of us now know that we don’t click, press or open links in Emails. Especially if we don’t know the sender. So the poor spammer needs a new approach.

A picture’s worth 1k words – and more

We all love pretty pictures. Marketers know this, and in recent years we have seen bigger, more detailed, higher resolution, unique images being used on the web. Scammers have noticed too. But for scammers at least, beauty is more than skin deep. Very often an image can also be loaded with a script – what is colloquially known as a “virus. or weed in our other example. As the images load into your email, the virus or script loads into your PC. You are infected.

Take a look at the image below. A screen shot from a rogue or unknown “news letter” that arrived in our mail box. Notice anything?

fake newsletter
fake newsletter

Well, the first thing you may notice is the comment: “looks legit, from a known brand.” For some people maybe. Although it is difficult to read, small font, the sending domain is digiormoos.com. However, at a quick look it may be mistaken for Digiorno, a popular prebaked, frozen pizza manufacturer which has a following of many thousands. If you were one of their followers, likely you might click the email without too much careful thought. Again, it is a numbers game.

You may also notice the red dots and the empty image icon and read the warning: “Images have been removed for security purposes.” So not only are we wise enough not to click the tempting links, but our email client has refused to load images it doesn’t know or trust. We do this from the SETTINGS in our email options. So, take a few moments now, go to your email settings and activate this feature. If your client doesn’t have it, find another email provider.

The last thing to do then is, as above, bring up the full headers, copy them and paste them in to your SPAMCOP report spam page that we used before.

Remember, if it isn’t a strawberry or in our subscription it is spam – report it

Ok, last few short paragraphs, we are alsmost done. But not quite. Fighting spam and hoaxes, rip offs, cheats etall is a community effort, the Internet community of which you are a member. So don’t hesitate to report spam, it works for all of us as a team.

But there is still more you can do. Socially. A very large part of those usually taken advantage are the elderly among us. People who have saved all their lives for retirement, generally kind hearts and un tech. A dangerous combo today. They are easy prey and lose everything. So, get among your community, hit the street, into rest homes, community education centres, neighbours, help up skill, educate and inform our senior citizens. Starting with parents, aunts and grandparents.

For scammers and on line cheats, it is easy money. A good return for little effort. This is the attraction. When the effort involved exceeds the return the attraction fades and they move onto something new. Scammers and online cheats can be beaten, if we all work together.
So, with that in mind, again, please feel free to share, reproduce and publicise this widely. Criminals by nature look for easy cash. When everyone knows this is a scam they will give up. We can never eliminate crime and those tempted by it, but we can make it harder work for them.

Reality Check

Ok, now, as we have mentioned above, this is not necessarily going to stop scammers and their gang. It may, perhaps, cause them some inconvenience and frustration. Mostly though, we hope we have proven to you this is a scam and you can do something about it to empower you. However, in realty it is very, very hard to actually stop this. Bitcoin is hard to track, nigh impossible in 2021 and anonymous. Which is of course why criminal gangs love it!

Education is the key. Again to repeat; the more people know this is fake, the harder it is for scammers to succeed. They are forced to find a new game. This link: How to Report Bitcoin Scammers and Why You Should covers the reality and background to reporting b Bitcoin scams in more depth. Worth reading. The Bitcoin Whos Who Web page – sic – explains “Tainting a Bitcoin Wallet” and provides a method for you to do that. Sort of future proofing for a day when authorities do have more powers. The site also points to other ways you can report scams. The Bitcoin Abuse database also enables scam reporting and records current scam’s history.

Too late Mate – I’ve Paid.

Ok, well, that does complicate matters some what. If you have read this far, hopefully you are now a little wiser and won’t be fooled again. You are now probably keen and ready to read on about how to get your money back. Sorry, we are going to disappoint you.

As we mentioned above, Bitcoin is a secure, anonymous platform. It is very, very hard to get your money back. Not impossible. But it needs to be looked at from a cost effective base. The first step is to follow the above procedure and report it. Not just to help others being tricked or feel you are pushing back but to create some form of record. Make sure you also report it to the authorities. If you are in the US, the link we gave above is a good step. If like us, living elsewhere, report it to your own police or fraud squad etc. Again, create a paper trail – well an E trail!

Step 2 is a cost v/s return analysis. If you are only down a few hundred bucks, it may not be economically viable to purse professional reclaiming. Of course, if the amount is considerably larger, then you do the maths. We said “professional reclaiming. Two points here. If you are going down this road, take legal counsel. You need to have someone do some due diligence on your behalf. Research. Why? That brings us to point two.

With all due respect, let’s point out that you were fairly easily fooled the first time. You panicked and paid without thinking it through. Without doing any research. You maybe about to repeat that. Very likely you have searched on line for something like: “How to recover scammed Bitcoin. ” You have happily found many links. Many sites offer to do this for you. Such as this one.
Tread light young grasshopper.

Some, if not many of these are also scams. Some run by the gang who scammed you just before. They figure if you’re dumb enough to pay once, now you are desperate and dumb enough to pay more to get it back. Of course, you wont. So be very, very wary of online recovery agents. Or tele-recovery agents. By the way, we are not saying the above link is fraudulent, just making a point.
For best results and piece of mind, look for reputable private investigators with a proven track record and B&M office. And as we said, your friendly lawyer can likely help you there.

Thanks for reading our China news, marketing, tech and social media article – we hope it was useful, relative, informative, valuable.

No?
Not Useful?
Then perhaps you may like to chat directly and personally with Everlyne?
Whatever your question re Chinese Business, Marketing Tech or Social Media, she will know the answer, or know someone who does! A brief intro below;

Everlyne-Yu-Uengager

In 2003 Everlyne Yu co-founded WPBeijing Marketing Studio with Englishman Peter Bic, now known as Bic Brands.

She began Uengager, a company focused on customer engagement, as a SaaS MarTech company in 2017.

Hello, Nihao, I’m Everlyne

I love to talk about and help people understand the amazing ways MarTech and SaaS can work to strengthen your business engagement with Chinese consumers.
I know you have questions or want to talk about your brand or business in China so please, drop me a line opposite. If you prefer live chat, call and talk to me live, in person direct.

PRESS TO CALL ME NOW

Everlyne is also a key note speaker, lecturer and KOL on MarTech in China. She is CEO of Uengager, business development officer for Bicyu.

Everlyne hs been privileged to work with a variety of international organisations, from VW, Cushman Wakefield, Sodexo, Bristol Myers Squibb to local Chinese firms such as Midea, and OK Order.

If you’re looking for guidance, tips, advice on any aspect of starting or growing a business in China or training, coaching your existing China marketing team for excellence, be sure to check out Uengager. Home page and base for Everlyne Yu. Read her short bio – opposite left – or contact her direct – below – for a free, heart to heart chat.

Bicyu client logo bar
A selection of Bicyu clients since 2003

CONTACT EVERLYNE

Published by The Bic

Bicyu is a NZ registered, British owned MarTech business based in Beijing providing marketing, tech, education and information services to European, NZ, Australian, UK, African, and Asian firms doing business in China. We work with local ones too. We've been here doing this since 2003. We also incorporate Aim2D and Uengager in our small brand list.

2 thoughts on “Bitcoin Sextorsion – What to do.

  1. Update:
    Saturday, May 8th, interestingly the day after this post was published we received a new version of the old scam.
    This time the scammer focuses more on his phoney tech in an effort to confuse and convince us he has some clever gadget.. Again, as we said before, this is rubbish. We have been receiving these on average a couple of times a week for over a year. We just report them and nothing happens, Nothing can happen., It is fake!
    Here is an excerpt from the latest:

    One week later, I have already installed Trojan virus to Operating Systems of all the devices that you use to access your email.
    In fact, it was not really hard at all (since you were following the links from your inbox emails).
    All ingenious is simple. =)

    This software provides me with access to all the controllers of your devices (e.g., your microphone, video camera and keyboard).
    I have downloaded all your information, data, photos, web browsing history to my servers.
    I have access to all your messengers, social networks, emails, chat history and contacts list.
    My virus continuously refreshes the signatures (it is driver-based), and hence remains invisible for antivirus software.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website with WordPress.com
Get started
%d bloggers like this: