Email Bitcoin Extortion – a new game.

fake news paper

Hello, good morning from Shunyi. This article is an update of an earlier, very popular, piece we released May 2021 as part of a Bic community service to help educate computer users about online security threats and what they can do about them. Since then scammers changed or updated their game. Our original article dealt mostly with sextortion as that was the flavour of the day. However, email scams come in many forms – today most depend on Bitcoin as ransom payment because of its anonymity. We will outline them and their history below.

UPDATE: As scammers and thieves are exposed they come up with newer trick. We will update them here so check back often to stay ahead of the curve.

Current or Latest flavour of Bitcoin Sextortion scam

September 29th 2021 and we have, yet again, a different game. But as always, it is the same variation of the old model. There is a small change of play in that the emails no longer come from our own “spoofed account” trying to masquerade as a payment request. He is a bit confused by his own double talk though as he later refers to our email address. We suspect he is cutting and pasting, forgetting to edit.

From: <admin@paradisespringsbrc.com>  <kins@vitrani.com>
Subject: You have an outstanding payment.
Date: 28 Sep 2021 19:15:38 -0400

It’s the longest email we have ever had, he spends 2/3 of it trying talking about hitech software using terms you may have heard on the news or James Bond movie. Despite all his waffle, it is still the same conclusion. Another garbage email. Relax, report it and move on. If this is your first experience of this and want to learn more, please scroll on John.

Common forms of Email scams

If this is the first time you have received this, the first rule is relax. The email and contents are largely bullshit. The scammer is preying on your fear and ignorance to panic you into not thinking clearly and quickly paying her or him.

This list can never be complete. As we come up with new tech, low life come up with ways to use it to cheat and steal. As we note below, they run on 3 basic human traits; greed, fear and sex. Let’s begin with the older, but still, occasionally, around scams.

For clarity and transparency, we need to state we are not aligned to any of the links we quote here. Nor are we affiliates receiving any form of payment, either in cash or kind. Secondly, whilst we are a tech firm, we are writing for everyday, non tech people. We keep it simple to make readers aware of their options, empower them to take action, hopefully step up their security or learn more.

Opportunity to make HUGE money (greed)

Originating out of Nigeria, this initially involved a Gvt official trying to transfer funds out of her country and offering you a substantial slice of the action for your help in laundering. It evolved to become global and took other forms such as a wealthy, obscure death to which you are the sole beneficiary. There are many other forms – all similar, all with the same end game. To con you.

The hook was you needed to pay some form of “Legal fee” and provide your bank / credit card details. They would then transfer your share. Of course, it worked the other way around – they cleaned out your account or overdrew your credit card by millions. Less common now as most people are aware of this but we still find the odd, rich but dead relative turning up on our doorstep.

Damsel in distress (sex)

Similar to above in that email would allege to come from a female victim being held against her will or lonely, oft rich woman seeking a husband to help her “escape” an arranged marriage or such. She would offer money and other benefits in return for your help. It then followed the same track as above.With the same result. As the scam evolved she would share tantalising photos of herself seeking more money for unexpected expenses.

Another variation would beg you to come to her to appease her family and cultural laws. However this turned into a kidnapping with ransom demands back to your family. Whilst mostly targeting males, there was also a lesser known variant with handsome young men offering marriage and a good life to vulnerable women. Usually these women were recruited for the sex trade or porn industry. Again not often seen as they have had a lot of publicity.

Bitcoin Scams – (fear)

Dubbed “Sextortion Scams,” the current favourite, and a more “Hi-Tech” version of the basic common scam. We used “Hi Tech” tongue in cheek as it actually isn’t. However, it is packaged as such to instil confusion and fear. Let’s be clear; the only part of these E-mails with any credibility is that the scammer has spoofed your email account so he is sending it to you, from you. This is not at all difficult to do. She will mention this early in the scam to try to convince you of her tech wizardry. Anything that follows after this is the realm of science fiction and David Copperfield. It is an illusion.

The original variant, circa around 2016 / 17 simply claimed he had not only accessed your email – the spoofed email address as proof – but also now, because of the scammers technical superiority over you, total control of your machine. She had recorded all your conversations, videos and surfing. Which just happened to include adult content which they would release to all your friends, contacts – reminding you, they have control of your email. Of course, a small Bitcoin payment would stop this.

Version 2 was a similar MOA. However, now, rather than just your email they claim to have exploited a zero day vulnerability in your router. Again, the use of tech terms such as “zero day vulnerability” mixed with some imaginative, special self developed software that overrides your system’s anti virus software further adds to the confusion and raises the fear level. It is just intimidation; his superior tech against your ignorance. Again, an illusion.

We can never say scammers are not creative. Early 2020, as lock downs became the “In Thing” and millions worked from home, scammers claimed to have exploited a weakness in ZOOM and installed a back door Trojan giving them access to all your conversations. Again the usual threats; re distribution and Bitcoin settlement.

The current version as @ July 2020 claims to have cracked your Mobile Data Cloud Storage. Although still a scam and an illusion, it is more dangerous as it plays to the recently widely publicised, huge, multi national organisations cloud data storage breaches.

Scammers play a numbers game, you know, toss a dice xxx time, a 6 will turn up.

Keep a clear head and remember:

  1. Although you may never have visited a porn site, used ZOOM, have a camera or web cloud storage they know out of a million emails Y% will have. And if just 1% of that target believe them and pay, it is a lucrative business. The fact you are reading this strongly suggests you have however and are now at least concerned.
  2. The second point is that many of the claims they make re their control of your device play on fear, the average person’s lack of technical knowledge and headlines we read in today’s mainstream media. OK, yes, technically it is possible, in some cases, to take control of someone else’s mic and camera. And software breaches do happen from time to time. But the scammer’s claims mix in a large amount of creative licence!

The why me Question?

Simple answer is: it isn’t. This is nothing personal, and, despite what the email may infer the scammer does not know you or anything about you. Take time to think and you will likely find flaws in the email. For example, we are China based, yet most emails assume we are Western.

We do not use ZOOM and the spoofed email address is actually a fake which we established as bait back in 2017. Since then we have deflected literally hundreds of such emails, reported each one and never paid. Yet a week later we receive an identical threat, same contents, same Bitcoin address. This despite the previsions threat of public humiliation within 2 days.

Secondly, it is very likely that today you use online shopping, have at least one e-com account and pay via some E-wallet. If you were a “Tech Genius” would you scrape in the gutter for a few hundred dollars – maybe – or use the alleged fact you control my device to empty my bank account and buy easily fenced, high priced luxury goods on my e-comm account?

Think of scammers as fishing trawlers: where fishing nets scrape and catch everything at the bottom of the ocean. Among the old sneakers, 6 pack ties, plastic bags, soft drink bottles and general rubbish they hopping to catch enough fish to sell on the market. Your friendly email scammer uses the same approach. For her it is a numbers game, same as a lottery ticket, someone has to win.

So to recap; don’t panic, you have a far greater chance of winning the billion dollar lottery or being struck by lightening than this being true. Over the past few years we have received, on average, 3 or 4 of these a week. We have reported every one, never paid and we are still alive.

OK, so its a scam- how did it happen?

If this truly is your question, we respectfully suggest you unplug your computer and don’t use it again until you have at least been through a basic computer class at your local adults education centre and learn about basic Internet security, email and social media dangers and traps.

There are multiple ways your email address may have been compromised. Your Internet Service provider ( ISP: the company you use to connect to the Internet) might be insecure. It can happen if you are using a free email provider or cheaper email or hosting server or service. ISP is one of those things you get what you pay for.

In truth, the internet is not a safe place. It is nigh impossible for anything to be 100% secure. It is a bad idea to use your main E-mail address for subscription sign ups. Grab a free one on line. When it is compromised, close it, open another.

Whilst several providers may look the same statistically, the price difference may be in “intangibles.” The degree to which they secure and protect your website. Maybe a scammer has cracked their weak security and harvested every email address saved on their machine, including yours.

It could even be down to you if you are using a week password, such as your name or birthday~
It also happens with monotonous regularity that some of the very sites we trust, such as Facebook, Google, LinkedIn, Instagram or those we willingly gave our email address to for their newsy emails turn out to be less than secure and our personal details stolen.

Downloading software included in Emails or opening unknown links can also open you to malware being installed on your device. Being a little too social also has its risks. If you put to much information on your public social media account it is not to difficult to track you.

Humans tend to think they are unique but in truth, maybe not. Possibly your passwords are based on your birthday, marriage, yours, your wife’s, lover’s pet’s or child’s name? Drivers licence, social security, apartment or work locker number? Or some other anniversary or data “unique” to you. Many people’s are. Yet, this is the very information you willing post up on social media for the world to see. A very basic script can run through hundreds of password combinations in a few seconds. Don’t make it too easy for scammers.

Even images we innocently upload may contain data in their EXIF GPS files that could lead to you being identified. Visitors might download and extract any location data from images you post. This article gives a beginner run down: How To Find Metadata of Images

It’s not a big thing, and usually this depth of investigation is used by organised crime targeting global organisations, not your average scammer- but one can never be too careful on the ‘net. Remember, it isn’t called the web for nothing. It can be a dangerous place – just ask your average fly.

A word about Operating Systems – O/S

Sometimes your own O/S may be your problem. This is especially likely if you are using one of the old Windows O/S, such as Windows 2000, XP, Vista or Win 7. These no longer have security updates from Microsoft so are easy prey for even amateur spammers. Alternatively, a family member, colleague or friend may be using an insecure or out dated O/S. Your email details held on her computer are also available for basic scammers to harvest.

An expired Windows opens you up to more serious risks than just Email spam. It then becomes possible for someone to hack your machine and access your entire hard drive. If you do any on line shopping or banking, your bank and credit card details are also sitting waiting for someone to pocket. We have already talked about that.

If you, or family / friends are using an expired operating system, upgrade to the latest Windows; currently 10, to be replaced by Win 11 2025. There are some factors which may cause you to hesitate, example, cost. Another hurdle may be your current hardware will not support Win 10. You are then faced with not just buying a new O/S but a new machine.

All is not lost. In either case you can very likely switch to a Linux system. The software is free and runs on very old machines. Bear in mind, Linux was the grandfather for both Mac OS and Windows, so is not as different or as complex as you think. And no, Linux is not immune to virus, but is less likely. You should still have some form of protection

This link to Zorin is a good start. If you do have a VERY old computer, we suggest Zorin lite – although we have 20+ year old machine using Zorin Core. Zorin has a familiar XP feel and set up. They also have a very friendly and helpful support user base. And no, we do not receive any commission from or favours from Zorin.

Many Trojan or scams are invited in by you!
Sure, of course you know NOT to click on or open links from people you don’t know.
You DO know that – don’t you?
Scammers know you know that.
So today they rarely include links.
Instead, they use images.
So don’t open strange pictures either!

Email Extortion: what to do

Let’s just clarify again, this is not real. It is a scam. It is fake. A hoax. A pack of lies. A wild guess. You have not been specifically targeted. Despite the impression they are trying to create, the writer does not know you, from a bar of soap. He is an opportunist, using jargon, fear and threats to intimate you. In short, it is Bullshit. We’ll do this in a step by step basis.

Most important, take a deep breath, relax, don’t be panicked into any knee jerk reaction, such as paying. Remember blackmail is never a one off. It will keep coming back, like herpes. Do not forget, in the case of these email extortion scams, the scammer does not know you and will, unwittingly, eventually contact you again, and again.

First thing; change your password, make it cryptic and a lot more secure. Experts say the best password is one YOU can’t easily remember, so write it down. Also, check your operating system. Is it outdated. Follow up with friends, relatives etc as above. Is the security up to date? Do you have an anti virus- is it up to date, activated?

Run an anti virus check often, at least weekly on your own machines. There are multiple AV software on the market. Some freemium, others costly. The average home user/ small business does not need a multi hundred dollar subscription to a fancy AV SaaS. If you run a current Microsoft system, it comes with Windows Defender pre installed, free. It is as good as most people need. Activate it and install it. Set it to auto scan, auto update. Microsoft also issue regular security patch updates and notifications, such as this: Microsoft issues urgent security warning: Update your PC immediately

Has a third party leaked your private details?

As well as your ISP, mentioned above, any one of your on line accounts may have been breached. Facebook and many big social media sites as well as your regular news feed or favorite brand mass mailer can be subject to a data breach. Again, your details as well as millions of others which are held on their computer are simply sucked up by the spammer.

Usually the thief will then offer to sell the data back to the firm – blackmail. If they refuse, this list is then put up for sale on the black web and your details become public. Spammers buy it. Even if a ransom is paid, there is no guarantee that the list will not become pubic at some future date. Think of it as money laundering. Many brands, big and small buy lists, usually quite innocently not realising it has been composed from stolen data. Bear in mind there are many, many lists available on line, not all are stolen data.

Press here to check to see if, how and where your Email and personal details have been compromised. If yes, tighten your security, change your password. If your Email has been compromised chances are scammers also have the data of your address book. So let your contacts know their email may have been compromised so they can check and make changes if need be. Fighting spam, ID theft and extortion is a community effort, so share that link with everyone in your circles or friend lists.

Bitcoin Sextortion Scams – in detail

Now we know some of the causes, let’s look at what you can do, other than tighten your security.

If you are reasonably computer literate, are convinced this is a scam and just want to do something a little more proactive, this report Bitcoin spammer link. might be useful. Or you can skip the detail and jump to what you can do. Otherwise, scroll on John.

The initial scam Email may look something like this:

We have attached both 2020 and the current version. There are many different themes and flavours. Yours may vary slightly or greatly. No matter the wording or detail, if it claims to have accessed to your personal data and is demanding a bitcoin ransom, it is a scam. The following section goes over some of what we have already stated, but in more detail.

If however this is new to you, you are still not convinced or want to read on and learn a little more detail and specific strategies the following is a detailed explanation and guide. This may also be reassuring: HAVE YOU RECEIVED A THREATENING EMAIL ASKING FOR BITCOIN? from the Official Bitcoin Who’s who Blog

Regarding Zoom Conference call 
From:nieves20 <nieves20@breakawaymusic.com>  
Date:Wednesday, Oct 28, 2020 4:54 PM
To:you <you@youremail.com>
Hello. I’ll need your attention now. This is the last warning.
You have used Zoom recently, like most of us during these bad COVID times. And I have very unfortunate news for you.
I’ll give you some background on what happened.

There was a zero day security vulnerability on Zoom app, that allowed me a full time access to your camera and some other metadata on your account.
You were just unlucky to be targeted.
And as you can imagine in your worst dreams, I have made a footage with you as a main actor.
You work on yourself (perform sex act to be clear). Having fun is ok with me, but is not ok with your reputation.

Please dont blame me or yourself for this. You couldn’t know that the camera was working.
I’m sure you don’t want to be the next Jeffrey Toobin and get embarrassed in front of all your friends, family and colleagues.
You should get this very clear, I will send this video to all your contacts if I dont get paid.
Are you wondering how I got your contacts? Through the same exploit, zoom app allowed me to extract all sensitive info from your device.

So here is what we will do. You pay me $2000 in bitcoin, and nothing of this will happen. You have 2 days to make the payment.
After I get the money, I will delete the footage and information about you. The amount is not negotiable.
Send 0.15 Bitcoin (about 2k USD at the current exchange rate) to my wallet 1BxU17Z4EeLNm3HRZQvbfCPvktP1mZ19td
Having trouble with buying bitcoin? Just google on how to buy it, it’s very easy to use and anonymous.
P.S. Don’t try to report this to the police, I use TOR and bitcoin can’t be traced. Do not email me back. If you do something stupid, I will distribute the video.
Good luck. Don’t stress
With reference to your cloud storage 
Date:Thursday, Jul 1, 2021 5:09 AM

I am sorry to inform you that your device was compromised. I’ll explain what led to all of this. I have used a Zero Day vulnerability with a special code to infect your device through a website.
This is a complicated software that requires precise skills that I have. It works as a chain with specially crafted and unique code and that’s why this type of an attack can go undetected.
You only need one not patched vulnerability to be infected, and unfortunately for you – it works that simple.

You were not targeted specifically, but just became one of the quite a few unlucky people who got hacked that day.
All of this happened a few month ago. So I’ve had time to collect information on you.

I think you already know what is going to happen next.
During that time, my software was quietly collecting information about your habits, websites that you visit, searches you do, texts you send.
There is more to it, but I have listed a few reasons for you to understand how serious this is.

For you to clearly understand, my software controlled your camera and microphone as well and it was impossible for you to know about it.
It was just about right timing for me to get you privacy violated.

I’ve been waiting enough and have decided that it’s time to put an end to this.
So here is my offer. Let’s name this a “consulting fee” I need to delete the media content I have been collecting.
Your privacy stays untouched, if I get the payment.
Otherwise, I will leak the most damaging content to your contacts and post it to a public tube for perverts to explore.

I understand how damaging this will be for you, and amount is not that big for you to keep your privacy.
Please dont blame me – we all have different ways of making a living.

I have no intention of destroying your reputation or life, but only if I get paid.
I don’t care about you personally, that’s why you can be sure that all files I have and software on your device will be deleted immediately after I receive the transfer.
I only care about getting paid.

My modest consulting fee is 1650 US Dollars transferred in Bitcoin. Exchange rate at the time of the transfer.
You need to send that amount to this wallet: 1C8a9b9X5vVCDNbspzxFYiJGAR5v9YMPtF

The fee is non negotiable, to be transferred within 2 business days.
We use Bitcoin to protect my identity.

Obviously do not try to ask for any help from anybody unless you want your privacy to violated.
I will monitor your every move until I get paid. If you keep your end of the agreement, you wont hear from me ever again.

Take care.

Analysis

The subject, in blue is apt to change as the scam becomes better known. The email address here is obviously fake yet he tries to convince you he is real by warning against emailing him back. Scammers also “move with the times” from Covid , ZOOM to Cloud Storage.

But the format and MO is always the same. Appealing to you or trying to help you, at the same time dropping just enough tech language in to confuse you and sow doubt. It sounds plausible to the inexperienced for whom the jargon means nothing. Then the threat of exposing you to all your friends unless you pay a bitcoin ransom.

However, remember the best bit of advice he offers is; “don’t stress.” Don’t panic. This is exactly what they are hoping you will do. They want you to panic, to stop thinking clearly, knee jerk reaction – and pay. Remember, this is fake, it is not real and he has no idea who you are. And he is not as clever as he thinks. Let’s just back the truck up a bit. What do you think is the most popular topic on the web? You are right, sex, porn.

Now, if you were in the food business, where would you set up your stall? In the dessert of middle of a busy square? Right, you need to be where people are. He is also gambling that you have a mic and camera built in. Most modern devices do. So the scammer knows he has a probably 60+% chance of reaching someone who has been watching porn and enjoying it. What he doesn’t know is if it is you or not.

To her that is not important. She is playing the numbers which are in her favour. Assume she sends 200,000 emails, if just 1% reach a potential target and just 1% pay she has potentially earned 20 times her US$2000 fee. Not bad for a few moments work.

A quick look at jargon

The primary aim here is to use words you have heard of on the news or seen in the movies or TV series but may not understand. Many are made up expressions – 007 would be proud. They are gambling you don’t know that. Scare tactics. A zero day vulnerability is an unexpected  security hole in a piece of software. Sounds serious? It is. But usually developers know about it and are working on a fix. If some thing like Zoom were impacted, the developers would quickly make sure the entire world knew about it. You and every user would be notified.

Of course, not all software. Some very small apps might actually take a bit of time to fix so yes, they are vulnerable to our hacker friend. But, ask your self, where is the value in that? Where is pay off? If only a few people use it? The odds are against the hacker. In short, they know a major piece of software is NOT corrupted, they are gambling that some of you don’t know that and will pay.

If you have been paying attention, you will have noticed we say the same thing over and over in different ways. One last time with feeling: they are playing on your guilt, fear and tech ignorance.

Tor is actually just another browser, same as Chromium or Firefox. However, TOR is a lot more secure as it hides users web activity. It also gives access to what is called “The Dark Web” a place where people with alternative minds like to post and read stuff that that law enforcement authorities are not so happy about. Many paedophiles use this browser. Pages on these web are not indexed by popular search engines so harder to trace. You can download Tor here if you are so inclined.

Options

So now, hopefully, you know this is a bluff. His email address is a fake and neither of you actually know each other. It is a stand off. A draw. The first one to blink loses. There is nothing he can do to enforce his demand, other than scare tactics and nothing you can do to retaliate. Or is there?

He might not be as clever as he thinks. We will explore that with two options. Firstly open this link, the BITCOIN spam register. Yes, we CAN actually check on Bitcoin users! As you can see from our image below, there is an option to insert the spammers bitcoin address – highlighted in yellow in our email copy above which we have done. This is just one of several online tools, a quick search will throw up others. Use any or all of them!

https://bitcoinwhoswho.com/scams

Once you have copied the Bitcoin wallet address and pasted it into the box, press the search – show as a magnifying glass- and wait a few seconds. You will then be rewarded with the below image. You can see this has been reported 8 times already- probably more unless the account has been taken down, and that no one has fallen for his scam. No payments received You also have an option to report it – top right, above the QR code. DO THAT. Remember, Bitcoin is community driven. We work together to police it.

When you press “REPORT SCAM” a little popup appears as below. If you have time, DO include an image but as it says, block out your contact and personal details. If there is a website listed, name it. Select the best SCAM TYPE match from the drop down menu. There is more than just sextortion scams although they were trending in 2020! Add any comments, or a copy of the email. This helps others. And as the scammer says: Don’t Stress, you have now proven to yourself it is a fake and have done something positive to derail his game.

More than a one trick pony

There are other options open to us. First off, head over to report any type of internet spam, scam, hoax or fraud. It is a US Gvt site; they ask a lot of questions. Only complete the fields or give them the personal details you’re comfy with. In case you have not learnt by now, the more detail you spew onto the Internet, the more chances there are of you being scammed, spammed or cheated. You might as well paint a huge target on your back.

Next up, Spamcop where we will try to make life a little more irritating for our scammer. This involves a bit more effort than the last tricks so we will walk through it. The link opens to a free registration page. Click the REGISTER button as shown in the image below. This will take you to the details page, towards he bottom you have opportunity to sign up. Input your name, email address, complete the security code and press “Send Authorisation Email.”

A little later a confirmation email will arrive in your email box. Copy and save your password – you will need it soon. Follow the instructions. There should be an auto link to the login page, if not return to their home page and press login. We have begun!

Their logon page is simplicity itself, even if you have never done this before. You need your account or user name, as stated in the email, and the password you copied a few moments ago. At this point you can either use the drop down to change the password expiry from 12 hours to one year. Or, make a mental note to go into your dash board and change the password to something you can remember when we have finished- as explained in their email.

We are going to move onto your email next – but DO NOT CLOSE THIS PAGE- LEAVE IT OPEN. DO NOT CLOSE THIS PAGEDO NOT CLOSE THIS PAGE- LEAVE IT OPEN. DO NOT CLOSE THIS PAGE- LEAVE IT OPEN.

spamcop login form
spamcop login form

Email headers

To be any use to SPAMCOP you need to send them more than just the email. They need the full Email headers. Often known as the full email. it has a lot more info re the process. Now this is where we have to let you go on your own for a while as there are numerous email providers and each has its own way of finding the headers.

Some providers include a “MORE” or similar phraseology link in their email. It may look like this:

Print | Show Original Message | Export as .eml File | Message garbled? | Forward as Group Message | Save to Calendar | Send as Attachment

We want the Show Original Message link

Spamcop providers links to many here, otherwise you may need to surf on line using: “How to find headers in Gmail” for example. If yours isn’t there maybe you need to contact your email provider’s support team. In which case, you may need to log in again to Spamcop.

It may likely look something like this: warning – this goes on a bit!

Received: from 209.85.128.50 (unknown [209.85.128.50])
	by newmx38.qq.com (NewMx) with SMTP id 
	for <your email.com>; Mon, 26 Apr 2021 05:59:25 +0800
X-QQ-SPAM: true
X-QQ-FEAT: 39PxFzJiqTgv9ReLG4ImbtMLoagG4JOh
X-QQ-MAILINFO: MAQuN/jG9sB+SIPHh2066r4WkabwICcglsQbjrzzZ+HXfLemJKIQWdG3J
naCrt/ALljSLUtYrCfXfHRRYHLPSYEsxQMO+XCdK/xMR389WLuJ830j2kdqg1lj0u/EMJAH
NcJFEkuUjDyr8HwjHS40ZEV9dBLz/1RvheJbc/P57vVz/XDrDHHHXfANvHXGTcCteT+n94A
X-QQ-mid: mxszb55t1619387962tprj1wbrs
X-QQ-ORGSender: beckiwilliecp@acmestaple.com
X-QQ-XMAILINFO: Mxeqk3bnxrvBV2xDiDaF4vGzqLgv3mFtduuqwvMXlTY9Os9G3b2/TKPGwh5yZB
F0YfYOV2HTEImWqTdrv29YmT5BokuFMYEXUFNV2X6fECXWC+9TT5uEu3M9o3cuhc2/pyXcko
fktCzyuBpTD7bbr2Ya8CnHJR5IWwHpkgAqy0RBdmt0IVUCTqN5h6UsNeu2tkQWkB2hSKlfrY
/Zfju3CZ4O3QwgZ+d9YhzhJyJfBWHD3tWVJr6P8bW0p+Bxj7kEyRqjPK3hc+CDWFVjKEzmff
aWI89VMKl85YaRJXKR8CkSpYjG0HZDGX4vJua0Br8F3rSReq43dwfm5b0Raw7MtNr/oy4UYR
W87b1GgBw26CmTNwueC63hxGKNGoc8CI/akauhCUrOPY8aHfKYXaPboxDGCozsMlUqvSpIp6
sWWZCVTaxZGh4kWhENMsl/Rnj9eP+IRadhI2tbFvP3UHaRF28k55kSOSwR017Lk21o9+BjLv
1xc3rB4X5QtvkN6QH5mwVsjbWnxfZrEGMbUeAChj8JEBPrfiK6a3JXD43rZ8dh60dMYLXrgY
eb43v7LvUT0h/KkEdQhGVnA1TPEh2U5SKpLsIv1IxbQgj+0Z4KZgq/u5HHhKeHsEm/dmWlNj
MrFpVp2Qq7KO0whugVkgcwYMPFV9sps25RdhQuIgn4+Xbp0hTzQY2eRCAWnYlbwNaPV3TDdK
PMxy+DzJTwuaaAqosmMx/gj/w2SDjzeBAI/vOIO3eE7oQQSsfziAzvMVW6HW84uqBJcOCSvL
MUA2eYN/qHPod/Y+6lGBPDZrAIDKguFtOAYV8Jv9RqwaCp86ajocAxa7oXcYHFYHlaTP0xxh
4YSlWe/8F5mfkbAoIXvXTlWb0YSyzIVrv9fxhMrUyJKwOIYyIytVFDW97tjHbTiA==
Received: by mail-wm1-f50.google.com with SMTP id p10-20020a1c544a0000b02901387e17700fso4024546wmi.2
        for <your email.com>; Sun, 25 Apr 2021 14:59:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
       h=x-original-authentication-results:x-gm-message-state:message-id
         :from:to:subject:date:mime-version:content-transfer-encoding;
        bh=Bt2vL1i+p6HssHsDwyY3d5qtyBhs99Lwmt5x8HxTEGc=;
    b=NuAHSHFTZ9MhCTUs3539Al64FLELLINykyH+14/4wjvqxR6avcLJCzVnRpLQL3LbFE
    /KUS6L+gA+YOM/nUNzQw7FBl8XN6fWWZq6A9/RO6rIYClB5BDRAdjLZFvZCVfTYSCvSl
    GlUo8578zB7+AYNvyEjakaYCT+UouLGJyIRjwP6isVT2heoJVpKBNmObwPbYAVzvWEB8
        xlnMjlN2hVdqsEO6LA2WSHHxhjnGrc2uBzaeLzrDtDm62SaUpHqAgDarhdSx3CIP
  1dNpW3CAMht1wVirgW7MUDzcvpXaygpACZNDjbBhhK6oOeaBZ/LlK+RAgjWFgdHz3Bo
X-Original-Authentication-Results: gmr-mx.google.com;       spf=neutral (google.com: 103.91.141.139 is neither permitted nor denied by best guess record for domain of beckiwilliecp@acmestaple.com) smtp.mailfrom=beckiwilliecp@acmestaple.com
X-Gm-Message-State: AOAM531vNb9ZTC1im9WozBs6QSquLuKaNWeRyoMar/+jN3PEzCkmHyeI
	FDtDNkxpvzQU9jRqwzNQLpQy4co1qCuNaCQc1A==
X-Google-Smtp-Source: ABdhPJyanEdz6MUor5f4I6KNhDjQ4CBF9zlsCdFBpIoQdJjrMNy6KrglF7thpkWIGQjTjZFTQ1yqA/KbraS5uOmMLxE7/O96ff4=
X-Received: by 2002:a7b:c157:: with SMTP id z23mr17678492wmi.146.1619387961584;
        Sun, 25 Apr 2021 14:59:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1619387961; cv=none;
        d=google.com; s=arc-20160816;
    b=TWwf/i+QBAo+7URxd6cAVbPjNqCMwF6muLE3iAfdCMqgH1uP6e27UFv1/FQTdZv36E
    z9LYah1bLsOKlTyE1mxd1l4zLV7hWnroD3+mTnTDjDOkMvA44adwYEFzyTOJla0M5ViP
    exVDSGyYnimkY68N4qM/gM+VUQOJZcCbcAi6dc2Q4mqh7rJvufP8Va1aGQ+7rYof4tPb
    CawJl4gTVs5SZI/v+GbdZFfiP8lWLgEEYw05ydZ9XbBKOBA0sJOWeCP1mUDIOnfrpdxO
   WLJjMDzWudCpZiBevU+zDFLZ69QFjrrI6cVciUURwhi4xkhYcmAqAt9W+ptv21WsE49
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:date:subject:to:from
         :message-id;
        bh=Bt2vL1i+p6HssHsDwyY3d5qtyBhs99Lwmt5x8HxTEGc=;
    b=xAmRjylnwr/bE1KqxrWbXs13awbBuIaDIW8gLDUjXhkILKoqqi819yZzel2BKxOyER
   wt3B09lzCzqG9Pi22Uep2/Y9AIRaWXh5nyhfD9gO69vij83FZwOliSR0+cktY9m6/Lmh
  aWu431VCGeRMEoV5LYQUCf846IgzqzbJkbyKMWQMOP49CSDDSlNZdk+6SwBK8Wyjj        9BfvWjD7dKkQl+WjgFPk+PysHJxEEKRUfQkqmglnFIMhq8+KBPDFOQDlEwpMBzxTlPL2v7G/
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=neutral (google.com: 103.91.141.139 is neither permitted nor denied by best guess record for domain of beckiwilliecp@acmestaple.com) smtp.mailfrom=beckiwilliecp@acmestaple.com
Return-Path: <beckiwilliecp@acmestaple.com>
Received: from [103.91.141.139] ([103.91.141.139])
        by gmr-mx.google.com with ESMTP id s21si998114wmh.2.2021.04.25.14.59.20
        for <your email.com>;
        Sun, 25 Apr 2021 14:59:21 -0700 (PDT)
Received-SPF: neutral (google.com: 103.91.141.139 is neither permitted nor denied by best guess record for domain of beckiwilliecp@acmestaple.com) client-ip=103.91.141.139;
Authentication-Results: gmr-mx.google.com;
       spf=neutral (google.com: 103.91.141.139 is neither permitted nor denied by best guess record for domain of beckiwilliecp@acmestaple.com) smtp.mailfrom=beckiwilliecp@acmestaple.com
Message-ID: <BBD192D84AF89B006A2963F14320BBD1@N6UILQMINA>
From: <beckiwilliecp@acmestaple.com>
To: <your email.com>
Subject: Cooperation Offer
Date: 26 Apr 2021 12:20:19 +0700
MIME-Version: 1.0
Content-Type: text/plain charset="windows-1250"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.4988
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.4988
< REAL SPAM OR HOAX MESSAGE BEGINS HERE>

OK, finish line is in sight. Once you have your headers open, copy them, then return to your still open SPAMBOT page and press login in, and then REPORT SPAM. Paste the FULL HEADERS AND EMAIL BODY you saved before into the content box as shown below. Press the PROCESS SPAM button and wait a few moments. Another screen will appear showing the ISP the spammer used to send his email. Press report spam, et voila, he is noticed.

Be aware, this is NOT going to stop her, she is unlikely to use the same ISP twice and very likely has other ISP’s lined up. There are also many, many ISP’s around the globe so she has plenty of choice. Note also that although it may APPEAR that the email is originating in Iran, Russia, Nigeria, or China this is a decoy. In most of our cases, the originator is traced back to the US.

Sadly though, in poorer countries ISP do not do not really care what the content is or where it came from as long as they are paid. So reporting may fall on deaf ears. However, it does cut down on options ever so slightly, and eventually they come under pressure as the major Internet providers black list them. So in this case we are playing the long game. Most important, it empowers you in knowing you have created a little bit of aggro for the spammer. PAY BACK!

spamcop spam input form
spamcop spam input form

It’s not all about sex, babe!

While we have focused, so far, on sextortion type scams and emails, they are not the only shark in the ocean. They may not be as blatant, obvious and ‘in yer face” as sextortion scams, but there are others, just as dangerous. Maybe more so as they seem benign and harmless. Let’s now look at those “brand” or news letter type emails than we – in the west – frequently subscribe to.

These are a little more cunning as they take advantage of us in a few ways. Firstly, as we said, many western people subscribe to several news links, brand emails, or interest news letters. We are used to opening these and enjoying a good, interesting, informative read. Our defences are down. So when one pops up, we often don’t take too much time to think about it. By the time we realise it is not on our list, it may be too late.

Secondly, they may carry the branding of a well known and popular EDM organisations [Electronic Direct Mail] such as Mailchimp. As a market leader, Mailchimp is often used because again, we tend to trust anything that comes from them. But just because it is dressed in Mailchimp’s clothes and carries that cheeky monkey image doesn’t guarantee its authenticity. Third rate scammers can very easily clone or spoof the Mailchimp or any other brand effect. And even if it is genuine, occasionally a bad banana slips though the screening net.

A rose by any other name is still a weed

Let’s digress a moment and step back a few years to a young apprentice working in a strawberry farm. The backbreaking task of weeding. The farm also cultivates carnations in glasshouses for export. Later, as the boss inspects his work he points to a carnation plant growing in the bed. The lad explains it is a carnation so he has left it, expecting some praise for being able to discern the difference. Instead the boss explodes: “anything that isn’t a strawberry is a weed. Pull it out.”

The lesson here is: anything you have not subscribed to or requested is spam

OK, we said earlier these emails may be more dangerous than the sextortion type. Why? Well it comes down to payload, or what code or script they are carrying. This script will ultimately be loaded into your computer via the O/S or C drive in Windows. Once activated it might simply burrow into your email account and harvest every contact in your address book. The scammer may then compile a list and sell it on the black market, as we have discussed above.

Or she may have developed a script to search though all your data searching for bank account details. Once she has this it is a relatively simple step to break the password, access your account electronically, and withdraw the funds. Your bank will no doubt be sympathetic, but as the data breach happened on your machine, they will not accept any liability.

We need to feel a little sorry for scammers. As fast they they discover some way to make easy money, some spoilsport, like us makes it publicly known. So their scams and tricks have a limited life. Consequently, they are always having to come up with something new. Most of us now know that we don’t click, press or open links in Emails. Especially if we don’t know the sender. So the poor spammer needs a new approach.

A picture’s worth 1k words – and more

We all love pretty pictures. Marketers know this, and in recent years we have seen bigger, more detailed, higher resolution, unique images being used on the web. Scammers have noticed too. But for scammers at least, beauty is more than skin deep. Very often an image can also be loaded with a script – what is colloquially known as a “virus. or weed in our other example. As the images load into your email, the virus or script loads into your PC. You are infected.

Take a look at the image below. A screen shot from a rogue or unknown “news letter” that arrived in our mail box. Notice anything?

fake newsletter
fake newsletter

Well, the first thing you may notice is the comment: “looks legit, from a known brand.” For some people maybe. Although it is difficult to read, small font, the sending domain is digiormoos.com. However, at a quick look it may be mistaken for Digiorno, a popular prebaked, frozen pizza manufacturer which has a following of many thousands. If you were one of their followers, likely you might click the email without too much careful thought. Again, it is a numbers game.

You may also notice the red dots and the empty image icon and read the warning: “Images have been removed for security purposes.” So not only are we wise enough not to click the tempting links, but our email client has refused to load images it doesn’t know or trust. We do this from the SETTINGS in our email options. So, take a few moments now, go to your email settings and activate this feature. If your client doesn’t have it, find another email provider.

The last thing to do then is, as above, bring up the full headers, copy them and paste them in to your SPAMCOP report spam page that we used before.

Remember, if it isn’t a strawberry or in our subscription it is spam – report it

Ok, last few short paragraphs, we are alsmost done. But not quite. Fighting spam and hoaxes, rip offs, cheats etall is a community effort, the Internet community of which you are a member. So don’t hesitate to report spam, it works for all of us as a team.

But there is still more you can do. Socially. A very large part of those usually taken advantage are the elderly among us. People who have saved all their lives for retirement, generally kind hearts and un tech. A dangerous combo today. They are easy prey and lose everything. So, get among your community, hit the street, into rest homes, community education centres, neighbours, help up skill, educate and inform our senior citizens. Starting with parents, aunts and grandparents.

For scammers and on line cheats, it is easy money. A good return for little effort. This is the attraction. When the effort involved exceeds the return the attraction fades and they move onto something new. Scammers and online cheats can be beaten, if we all work together.
So, with that in mind, again, please feel free to share, reproduce and publicise this widely. Criminals by nature look for easy cash. When everyone knows this is a scam they will give up. We can never eliminate crime and those tempted by it, but we can make it harder work for them.

Reality Check

Ok, now, as we have mentioned above, this is not necessarily going to stop scammers and their gang. It may, perhaps, cause them some inconvenience and frustration. Mostly though, we hope we have proven to you this is a scam and you can do something about it to empower you. However, in realty it is very, very hard to actually stop this. Bitcoin is hard to track, nigh impossible in 2021 and anonymous. Which is of course why criminal gangs love it!

Education is the key. Again to repeat; the more people know this is fake, the harder it is for scammers to succeed. They are forced to find a new game. This link: How to Report Bitcoin Scammers and Why You Should covers the reality and background to reporting Bitcoin scams in more depth. Worth reading. The Bitcoin Whos Who Web page – sic – explains “Tainting a Bitcoin Wallet” and provides a method for you to do that. Sort of future proofing for a day when authorities do have more powers. The site also points to other ways you can report scams. The Bitcoin Abuse database also enables scam reporting and records current scam’s history.

Too late Mate – I’ve Paid.

Ok, well, that does complicate matters some what. If you have read this far, hopefully you are now a little wiser and won’t be fooled again. You are now probably keen and ready to read on about how to get your money back. Sorry, we are going to disappoint you.

As we mentioned above, Bitcoin is a secure, anonymous platform. It is very, very hard to get your money back. Not impossible. But it needs to be looked at from a cost effective base. The first step is to follow the above procedure and report it. Not just to help others being tricked or feel you are pushing back but to create some form of record. Make sure you also report it to the authorities. If you are in the US, the link we gave above is a good step. If like us, living elsewhere, report it to your own police or fraud squad etc. Again, create a paper trail – well an E trail!

Step 2 is a cost v/s return analysis. If you are only down a few hundred bucks, it may not be economically viable to purse professional reclaiming. Of course, if the amount is considerably larger, then you do the maths. We said “professional reclaiming. Two points here. If you are going down this road, take legal counsel. You need to have someone do some due diligence on your behalf. Research. Why? That brings us to point two.

With all due respect, let’s point out that you were fairly easily fooled the first time. You panicked and paid without thinking it through. Without doing any research. You maybe about to repeat that. Very likely you have searched on line for something like: “How to recover scammed Bitcoin. ” You have happily found many links. Many sites offer to do this for you. Such as this one.
Tread light young grasshopper.

Some, if not many of these are also scams. Some run by the gang who scammed you just before. They figure if you’re dumb enough to pay once, now you are desperate and dumb enough to pay more to get it back. Of course, you wont. So be very, very wary of online recovery agents. Or tele-recovery agents. By the way, we are not saying the above link is fraudulent, just making a point.
For best results and piece of mind, look for reputable private investigators with a proven track record and B&M office. And as we said, your friendly lawyer can likely help you there.

Good luck.

Bitcoin Sextortion, blackmail Scams updated

August 23: a new twist with even more focus on confusing tech language. Still the same old same old though. In short, a claim Pegasus spyware has infected the main servers for all Android and I phones and, by extension, your phone too. After that the usual blackmail threat for Bitcoin.

Additionally, there is also a telephone version, just like other spam calls, someone, oft with a foreign accent calls purporting to be from Apple or Google or ??? warning you of the danger. You are oft given a number to call for support where a service fee needs to be charged to your credit card. it is all down hill from there.
This page has a good round up.

Be aware, however, that the “PEGASUS SPYWARE ACTIVATED” error is a scam, a fake message that has nothing to do with Apple. Cyber criminals claim to be certified technicians and attempt to trick users into paying for technical support that is not required – the malware simply does not exist.

https://www.pcrisk.com/removal-guides/12056-pegasus-spyware-activated-scam-mac

This page give more detail into the email scams origins: PEGASUS IPHONE HACKS USED AS BAIT IN EXTORTION SCAM plus other links here.

New BITCOIN SCAM Report Site

In addition to the links in the main article body please add this to your quiver. Click the BLUE FILE REPORT button. And, for your convenience, this is the original link to Bitcoin Scam Alerts mentioned above.

Thanks for reading our China news, marketing, tech and social media article – we hope it was useful, relative, informative, valuable.

No?
Not Useful?
Then perhaps you may like to chat directly and personally with Everlyne?

But please, be aware of local (China) time when calling from overseas. Despite rumours to the contrary, Everlyne is human, not a bot, she do does eat, drink and sleep – sometimes.


Whatever your question re Chinese Business, Marketing Tech or Social Media, she will know the answer, or know someone who does! A brief intro below;

Everlyne-Yu-Uengager

In 2003 Everlyne Yu co-founded WPBeijing Marketing Studio with Englishman Peter Bic, now known as Bic Brands.

She began Uengager, a company focused on customer engagement, as a SaaS MarTech company in 2017.

Hello, Nihao, I’m Everlyne

I love to talk about and help people understand the amazing ways MarTech and SaaS can work to strengthen your business engagement with Chinese consumers.
I know you have questions or want to talk about your brand or business in China so please, drop me a line opposite. If you prefer live chat, call and talk to me live, in person direct.

PRESS TO CALL ME NOW

Everlyne is also a key note speaker, lecturer and KOL on MarTech in China. She is CEO of Uengager, business development officer for Bicyu.

Everlyne hs been privileged to work with a variety of international organisations, from VW, Cushman Wakefield, Sodexo, Bristol Myers Squibb to local Chinese firms such as Midea, and OK Order.

If you’re looking for guidance, tips, advice on any aspect of starting or growing a business in China or training, coaching your existing China marketing team for excellence, be sure to check out Uengager. Home page and base for Everlyne Yu. Read her short bio – opposite left – or contact her direct – below – for a free, heart to heart chat.

Bicyu client logo bar
A selection of Bicyu clients since 2003

CONTACT EVERLYNE

Published by The Bic

Bicyu is a NZ registered, British owned MarTech business based in Beijing providing marketing, tech, education and information services to European, NZ, Australian, UK, African, and Asian firms doing business in China. We work with local ones too. We've been here doing this since 2003. We also incorporate Aim2D and Uengager in our small brand list.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website with WordPress.com
Get started
%d bloggers like this: