Hello again from Aim2D real time, 24/7 China Business, Marketing, Tech and Social Media News Portal of Bic Brands based in sunny Shunyi. Tuesdays we look at business, marketing, tech or social news in and around China. Friday is image gallery where we examine a place, topic or subject giving you greater insight, background to life in China, and of course, your Chinese consumer.
Update: 6th August 2022
After months of inactivity, the old SEXTORTION scam is back under the subject heading: Don’t miss your unsettled payment. Complete your debt payment now.
It is just a long ramble of everything that has gone before which we have also described in detail here. Bottom line: it is fake, a scam, report it and delete it, do not pay.
This updates a very popular, piece we released May 2017 as part of a Bic community service to help educate computer users about online security threats and what they can do about them.
This update covers:
Dead social media accounts scams.
In particular Facebook, where scammers “clone” the account of dead users to “invite” followers with the ultimate aim of lightening their financial burden. The story is covered in detail here at 1News NZ: Scammers create copycat Facebook account of dead woman.
This is not a new scam, it’s been around for a while but it seems now to becoming more frequent. Of course, it’s not just Facebook , although they seem to be the more popular. Moral here is be careful from whom you accept “friend” requests.
Please note: this page is no longer recommended as a “cover to cover” read (although you can) it is too long. Try the links index for better results.
Originally we focused on Email scams, the flavour of the day being sextortion. Over the years we have updated it. However, since circa end of 2021, we have noted a drop off in these and a steady uptick in the old phone and email financial scam. A few weeks ago we were hit by a series on our business landline number which has prompted us to update this article.
Given we are China based, it is very unusual ,in fact unheard of, for anyone other than “family or friends” to use this line. Everyone else uses WeChat. So when we saw an “unlisted” number we were cautious. Before we had time to speak the caller began (in Chinese): Hello Aunty, I’m your nephew.” Without blinking, we asked: “which nephew, I have dozens.” The caller hung up.
He was of course expecting the confused “aunty” to question his name: “are you Ming LI?”
He would have confirmed and then began some sad story ending with a request for money.
Clearly he was, like most of the Bittcoin sextortion scammers, small time. A petty scammer. Recently though we have noticed that the professional gangs are also becoming more sophisticated in their operation. Most of these are still using the same operation technique, they have just moved the level up several notches and are now sounding more believable. Today we will take a look at these.
Financial Cyber Criminals – fake bankers
Ok, lets analyse this:
- these are the guys and gals who email you, or more commonly today, call you pretending to be your friendly bank manger or support team.
- MAKE NO MISTAKE: THEY ARE NOT.
- How can we be sure?
- NO HONEST BANK WILL EMAIL OR CALL YOU AND ASK FOR YOUR ACCOUNT DETAILS.
- But they already know so much about me, my name, birthday bank details.
- PROBABLY YOU HAVE TOLD THEM AND THE WHOLE WORLD ON YOUR FACEBOOK ETC
What do do – and not to do
They use the same techniques as petty scammers; they play on your ignorance of technology and how banking works, plus fear and panic. So the same rules apply as to sextortion scams.
If you get a call from a bank follow these 5 steps:
1/: Relax, take a breath, most of all DO NOT PANIC. This is EXACTLY what they want you to do. You are not a robot, you are human and humans being emotional creatures are easily panicked into making errors.
2/ : HANG UP! Yes, its as easy as that. Don’t start a conversation, just hang up! These guys are GOOD! REALLY GOOD. If you begin to talk they will screw with your mind and you’ll end up a victim.
3/; Call your bank and ask if someone called or emailed you re your account.
If they say no, congratulations, you have just saved yourself from loosing a massive amount of cash. If they say yes, well, what have you lost? Nothing.
4/: Make an appointment to visit your bank and talk about security – learn how to protect yourself and your money, set up a double factor authorisation. This stops most scams before they start.
5/ Jump onto your fave social media and spread the word in your circles. Most scammers have used your social media account against you, turn the tables and warn everyone, friends, family – everyone Just as in Sextortion the more we work together the harder we make it for cyber criminals – call local radio or TV station. PUBLICISE IT! And don’t forget your local boys in blue, fraud squad or anti scam team.
Banking Scam Jargon
Maybe you enjoy nothing more than a few hours by the lake or river fishing. The satisfaction of patience and a bit of skill (huge luck) in catching a decent fish for supper is overwhelming. As it is for scammers.
They work the same way, bait a hook with the fear your account is compromised then wait to see who swallows it. The hook is they can access your account, the reward; potentially millions of dollars . Fishing or phishing – same thing.
Spoofing: This is basically just copying or duplicating something. Usually another company’s email or website. This is not difficult, an average 12 year old could do it inside a few hours. And it would look 100% authentic. They plant a link in a victims email, (hook) if he clicks it bingo -fish for dinner. Fake links can be sent via Email, SMS (text messages) social media, apps, images.
Cyber gangs have also SPOOFED other companies sales or support sheet notes. So they can imitate exactly what your bank has said to you in the past. It’s worth repeating “ THESE GUYS ARE GOOD – HANGUP!”
Cyber Criminals are ingenious and creative
Think back to our “Hello aunty” example. When one scam is exposed or no longer works, they will invent another. Today’s e-com life presented a good opportunity. Victims would receive a message saying their package has arrive. But – please input your back account details to cover some extra fee. Of course, the link is to a fake bank web site and your account will be cleaned out. This seems to have worn thin, so new tricks are being deployed.
As above, 95% of scam victims only have themselves to blame. Carelessness, ignorance and stupidity are the roots causes. If you don’t understand how banking works, in the modern world, learn. Same as your computer and Internet. Take some basic classes, upgrade your system, your security – passwords – learn how to turn off all but trusted “Cookies” and learn how to keep yourself and your family safe on line.
The 5% exception are the elderly among us – and sadly, they make up the biggest prize for professional on line thieves. So take time to visit your parents, grandparents, retirement homes and help spread awareness of the dangers of the Internet and ways to stay safe.
Over time scammers change or update their game. Our original article dealt mostly with sextortion as that was the flavour of the day. However, email scams come in many forms – today most depend on Bitcoin as ransom payment because of its anonymity. We will outline them and their history below.
REMINDER: As of May 2022, the page is now a little unwieldy, so maybe the link index opposite is useful?
UPDATE: As scammers and thieves are exposed they come up with newer trick. We will update them here so check back often to stay ahead of the curve.
Current or Latest Bitcoin Sextortion scam
September 29th 2021 and we have, yet again, a different game. But as always, it is the same variation of the old model. There is a small change of play in that the emails no longer come from our own “spoofed account” trying to masquerade as a payment request. He is a bit confused by his own double talk though as he later refers to our email address. We suspect he is cutting and pasting, forgetting to edit.
From: <firstname.lastname@example.org> <email@example.com> Subject: You have an outstanding payment. Date: 28 Sep 2021 19:15:38 -0400
It’s the longest email we have ever had, he spends 2/3 of it trying talking about hitech software using terms you may have heard on the news or James Bond movie. Despite all his waffle, it is still the same conclusion. Another garbage email. Relax, report it and move on. If this is your first experience of this and want to learn more, please scroll on John.
Common forms of Email scams
If this is the first time you have received this, the first rule is relax. The email and contents are largely bullshit. The scammer is preying on your fear and ignorance to panic you into not thinking clearly and quickly paying her or him.
This list can never be complete. As we come up with new tech, low life come up with ways to use it to cheat and steal. As we note below, they run on 3 basic human traits; greed, fear and sex. Let’s begin with the older, but still, occasionally, around scams.
For clarity and transparency, we need to state we are not aligned to any of the links we quote here. Nor are we affiliates receiving any form of payment, either in cash or kind. Secondly, whilst we are a tech firm, we are writing for everyday, non tech people. We keep it simple to make readers aware of their options, empower them to take action, hopefully step up their security or learn more.
Opportunity to make HUGE money (greed)
Originating out of Nigeria, this initially involved a Gvt official trying to transfer funds out of her country and offering you a substantial slice of the action for your help in laundering. It evolved to become global and took other forms such as a wealthy, obscure death to which you are the sole beneficiary. There are many other forms – all similar, all with the same end game. To con you.
The hook was you needed to pay some form of “Legal fee” and provide your bank / credit card details. They would then transfer your share. Of course, it worked the other way around – they cleaned out your account or overdrew your credit card by millions. Less common now as most people are aware of this but we still find the odd, rich but dead relative turning up on our doorstep.
Damsel or Family Member in distress (sex / family bonds)
In the case of family member, it is an email or ?? from someone claiming to be or on behalf of a (usually very distant) son, daughter, grandson or other family member. This often, but not always, preys on non Euro targets who may have large families. It also targets seniors who may not know their family tree. In all cases, the supposed relative is in some sort of bind and needs financial assistance from Grandma! It then follows the same steps as above.
The email is usually frighteningly convincing with plenty of “personal details” supposedly only known to the family. Frankly, most of these details we could probably find with a 5 minute search of most popular social media pages.
IT IS A SCAM, DON’T PANIC, CERTAINLY DON’T PAY, CALL THE COPS.
A damsel in distress will promise you money and other benefits in return for your help. It then followed the same track as OPPORTUNITY / GREED (above) With the same result. As the scam evolved she would share tantalising photos of herself seeking more money for unexpected expenses.
Another variation would beg you to come to her to appease her family and cultural laws. However this turned into a kidnapping with ransom demands back to your family. Whilst mostly targeting males, there was also a lesser known variant with handsome young men offering marriage and a good life to vulnerable women. Usually these women were recruited for the sex trade or porn industry. Again not often seen as they have had a lot of publicity.
Bitcoin Scams – (fear)
Dubbed “Sextortion Scams,” the current favourite, and a more “Hi-Tech” version of the basic common scam. We used “Hi Tech” tongue in cheek as it actually isn’t. However, it is packaged as such to instil confusion and fear. Let’s be clear; the only part of these E-mails with any credibility is that the scammer has spoofed your email account so he is sending it to you, from you. This is not at all difficult to do. She will mention this early in the scam to try to convince you of her tech wizardry. Anything that follows after this is the realm of science fiction and David Copperfield. It is an illusion.
The original variant, circa around 2016 / 17 simply claimed he had not only accessed your email – the spoofed email address as proof – but also now, because of the scammers technical superiority over you, total control of your machine. She had recorded all your conversations, videos and surfing. Which just happened to include adult content which they would release to all your friends, contacts – reminding you, they have control of your email. Of course, a small Bitcoin payment would stop this.
Version 2 was a similar MOA. However, now, rather than just your email they claim to have exploited a zero day vulnerability in your router. Again, the use of tech terms such as “zero day vulnerability” mixed with some imaginative, special self developed software that overrides your system’s anti virus software further adds to the confusion and raises the fear level. It is just intimidation; his superior tech against your ignorance. Again, an illusion.
We can never say scammers are not creative. Early 2020, as lock downs became the “In Thing” and millions worked from home, scammers claimed to have exploited a weakness in ZOOM and installed a back door Trojan giving them access to all your conversations. Again the usual threats; re distribution and Bitcoin settlement.
The current version as @ July 2021 claims to have cracked your Mobile Data Cloud Storage. Although still a scam and an illusion, it is more dangerous as it plays to the recently widely publicised, huge, multi national organisations cloud data storage breaches.
Keep a clear head and remember:
- Although you may never have visited a porn site, used ZOOM, have a camera or web cloud storage they know out of a million emails Y% will have. And if just 1% of that target believe them and pay, it is a lucrative business. The fact you are reading this strongly suggests you have however and are now at least concerned.
- The second point is that many of the claims they make re their control of your device play on fear, the average person’s lack of technical knowledge and headlines we read in today’s mainstream media. OK, yes, technically it is possible, in some cases, to take control of someone else’s mic and camera. And software breaches do happen from time to time. But the scammer’s claims mix in a large amount of creative licence!
The why me Question?
Simple answer is: it isn’t. This is nothing personal, and, despite what the email may infer the scammer does not know you or anything about you. Take time to think and you will likely find flaws in the email. For example, we are China based, yet most emails assume we are Western.
We do not use ZOOM and the spoofed email address is actually a fake which we established as bait back in 2017. Since then we have deflected literally hundreds of such emails, reported each one and never paid. Yet a week later we receive an identical threat, same contents, same Bitcoin address. This despite the previsions threat of public humiliation within 2 days.
Secondly, it is very likely that today you use online shopping, have at least one e-com account and pay via some E-wallet. If you were a “Tech Genius” would you scrape in the gutter for a few hundred dollars – maybe – or use the alleged fact you control my device to empty my bank account and buy easily fenced, high priced luxury goods on my e-comm account?
Think of scammers as fishing trawlers: where fishing nets scrape and catch everything at the bottom of the ocean. Among the old sneakers, 6 pack ties, plastic bags, soft drink bottles and general rubbish they hopping to catch enough fish to sell on the market. Your friendly email scammer uses the same approach. For her it is a numbers game, same as a lottery ticket, someone has to win.
OK, so its a scam- how did it happen?
If this truly is your question, we respectfully suggest you unplug your computer and don’t use it again until you have at least been through a basic computer class at your local adults education centre and learn about basic Internet security, email and social media dangers and traps.
There are multiple ways your email address may have been compromised. Your Internet Service provider ( ISP: the company you use to connect to the Internet) might be insecure. It can happen if you are using a free email provider or cheaper email or hosting server or service. ISP is one of those things you get what you pay for.
Whilst several providers may look the same statistically, the price difference may be in “intangibles.” The degree to which they secure and protect your website. Maybe a scammer has cracked their weak security and harvested every email address saved on their machine, including yours.
It could even be down to you if you are using a week password, such as your name or birthday~
It also happens with monotonous regularity that some of the very sites we trust, such as Facebook, Google, LinkedIn, Instagram or those we willingly gave our email address to for their newsy emails turn out to be less than secure and our personal details stolen.
Downloading software included in Emails or opening unknown links can also open you to malware being installed on your device. Being a little too social also has its risks. If you put to much information on your public social media account it is not to difficult to track you.
Humans tend to think they are unique but in truth, maybe not. Possibly your passwords are based on your birthday, marriage, yours, your wife’s, lover’s pet’s or child’s name? Drivers licence, social security, apartment or work locker number? Or some other anniversary or data “unique” to you. Many people’s are. Yet, this is the very information you willing post up on social media for the world to see. A very basic script can run through hundreds of password combinations in a few seconds. Don’t make it too easy for scammers.
Even images we innocently upload may contain data in their EXIF GPS files that could lead to you being identified. Visitors might download and extract any location data from images you post. This article gives a beginner run down: How To Find Metadata of Images
It’s not a big thing, and usually this depth of investigation is used by organised crime targeting global organisations, not your average scammer- but one can never be too careful on the ‘net. Remember, it isn’t called the web for nothing. It can be a dangerous place – just ask your average fly.
A word about Operating Systems – O/S
Sometimes your own O/S may be your problem. This is especially likely if you are using one of the old Windows O/S, such as Windows 2000, XP, Vista or Win 7. These no longer have security updates from Microsoft so are easy prey for even amateur spammers. Alternatively, a family member, colleague or friend may be using an insecure or out dated O/S. Your email details held on her computer are also available for basic scammers to harvest.
An expired Windows opens you up to more serious risks than just Email spam. It then becomes possible for someone to hack your machine and access your entire hard drive. If you do any on line shopping or banking, your bank and credit card details are also sitting waiting for someone to pocket. We have already talked about that.
If you, or family / friends are using an expired operating system, upgrade to the latest Windows; currently 10, to be replaced by Win 11 2025. There are some factors which may cause you to hesitate, example, cost. Another hurdle may be your current hardware will not support Win 10. You are then faced with not just buying a new O/S but a new machine.
All is not lost. In either case you can very likely switch to a Linux system. The software is free and runs on very old machines. Bear in mind, Linux was the grandfather for both Mac OS and Windows, so is not as different or as complex as you think. And no, Linux is not immune to virus, but is less likely. You should still have some form of protection
This link to Zorin is a good start. If you do have a VERY old computer, we suggest Zorin lite – although we have 20+ year old machine using Zorin Core. Zorin has a familiar XP feel and set up. They also have a very friendly and helpful support user base. And no, we do not receive any commission from or favours from Zorin.
Email Extortion: what to do
Well, first up, what not to do: DO NOT PAY!
Let’s just clarify again, this is not real. It is a scam. It is fake. A hoax. A pack of lies. A wild guess. You have not been specifically targeted. Despite the impression they are trying to create, the writer does not know you, from a bar of soap. He is an opportunist, using jargon, fear and threats to intimate you. In short, it is Bullshit. We’ll do this in a step by step basis.
Most important, take a deep breath, relax, don’t be panicked into any knee jerk reaction, such as paying. Remember blackmail is never a one off. It will keep coming back, like herpes. Do not forget, in the case of these email extortion scams, the scammer does not know you and will, unwittingly, eventually contact you again, and again.
First thing; change your password, make it cryptic and a lot more secure. Experts say the best password is one YOU can’t easily remember, so write it down. Also, check your operating system. Is it outdated. Follow up with friends, relatives etc as above. Is the security up to date? Do you have an anti virus- is it up to date, activated?
Run an anti virus check often, at least weekly on your own machines. There are multiple AV software on the market. Some freemium, others costly. The average home user/ small business does not need a multi hundred dollar subscription to a fancy AV SaaS. If you run a current Microsoft system, it comes with Windows Defender pre installed, free. It is as good as most people need. Activate it and install it. Set it to auto scan, auto update. Microsoft also issue regular security patch updates and notifications, such as this: Microsoft issues urgent security warning: Update your PC immediately
Has a third party leaked your private details?
As well as your ISP, mentioned above, any one of your on line accounts may have been breached. Facebook and many big social media sites as well as your regular news feed or favorite brand mass mailer can be subject to a data breach. Again, your details as well as millions of others which are held on their computer are simply sucked up by the spammer.
Usually the thief will then offer to sell the data back to the firm – blackmail. If they refuse, this list is then put up for sale on the black web and your details become public. Spammers buy it. Even if a ransom is paid, there is no guarantee that the list will not become pubic at some future date. Think of it as money laundering. Many brands, big and small buy lists, usually quite innocently not realising it has been composed from stolen data. Bear in mind there are many, many lists available on line, not all are stolen data.
Press here to check to see if, how and where your Email and personal details have been compromised. If yes, tighten your security, change your password. If your Email has been compromised chances are scammers also have the data of your address book. So let your contacts know their email may have been compromised so they can check and make changes if need be. Fighting spam, ID theft and extortion is a community effort, so share that link with everyone in your circles or friend lists.
Bitcoin Sextortion Scams – in detail
Now we know some of the causes, let’s look at what you can do, other than tighten your security.
The initial scam Email may look something like this:
We have attached both 2020 and the current version. There are many different themes and flavours. Yours may vary slightly or greatly. No matter the wording or detail, if it claims to have accessed to your personal data and is demanding a bitcoin ransom, it is a scam. The following section goes over some of what we have already stated, but in more detail.
If however this is new to you, you are still not convinced or want to read on and learn a little more detail and specific strategies the following is a detailed explanation and guide. This may also be reassuring: HAVE YOU RECEIVED A THREATENING EMAIL ASKING FOR BITCOIN? from the Official Bitcoin Who’s who Blog
|With reference to your cloud storage |
Date:Thursday, Jul 1, 2021 5:09 AM
I am sorry to inform you that your device was compromised. I’ll explain what led to all of this. I have used a Zero Day vulnerability with a special code to infect your device through a website.
This is a complicated software that requires precise skills that I have. It works as a chain with specially crafted and unique code and that’s why this type of an attack can go undetected.
You only need one not patched vulnerability to be infected, and unfortunately for you – it works that simple.
You were not targeted specifically, but just became one of the quite a few unlucky people who got hacked that day.
All of this happened a few month ago. So I’ve had time to collect information on you.
I think you already know what is going to happen next.
During that time, my software was quietly collecting information about your habits, websites that you visit, searches you do, texts you send.
There is more to it, but I have listed a few reasons for you to understand how serious this is.
For you to clearly understand, my software controlled your camera and microphone as well and it was impossible for you to know about it.
It was just about right timing for me to get you privacy violated.
I’ve been waiting enough and have decided that it’s time to put an end to this.
So here is my offer. Let’s name this a “consulting fee” I need to delete the media content I have been collecting.
Your privacy stays untouched, if I get the payment.
Otherwise, I will leak the most damaging content to your contacts and post it to a public tube for perverts to explore.
I understand how damaging this will be for you, and amount is not that big for you to keep your privacy.
Please dont blame me – we all have different ways of making a living.
I have no intention of destroying your reputation or life, but only if I get paid.
I don’t care about you personally, that’s why you can be sure that all files I have and software on your device will be deleted immediately after I receive the transfer.
I only care about getting paid.
My modest consulting fee is 1650 US Dollars transferred in Bitcoin. Exchange rate at the time of the transfer.
You need to send that amount to this wallet: 1C8a9b9X5vVCDNbspzxFYiJGAR5v9YMPtF
The fee is non negotiable, to be transferred within 2 business days.
We use Bitcoin to protect my identity.
Obviously do not try to ask for any help from anybody unless you want your privacy to violated.
I will monitor your every move until I get paid. If you keep your end of the agreement, you wont hear from me ever again.
The subject, in blue is apt to change as the scam becomes better known. The email address here is obviously fake yet he tries to convince you he is real by warning against emailing him back. Scammers also “move with the times” from Covid , ZOOM to Cloud Storage.
But the format and MO is always the same. Appealing to you or trying to help you, at the same time dropping just enough tech language in to confuse you and sow doubt. It sounds plausible to the inexperienced for whom the jargon means nothing. Then the threat of exposing you to all your friends unless you pay a bitcoin ransom.
However, remember the best bit of advice he offers is; “don’t stress.” Don’t panic. This is exactly what they are hoping you will do. They want you to panic, to stop thinking clearly, knee jerk reaction – and pay. Remember, this is fake, it is not real and he has no idea who you are. And he is not as clever as he thinks. Let’s just back the truck up a bit. What do you think is the most popular topic on the web? You are right, sex, porn.
Now, if you were in the food business, where would you set up your stall? In the dessert of middle of a busy square? Right, you need to be where people are. He is also gambling that you have a mic and camera built in. Most modern devices do. So the scammer knows he has a probably 60+% chance of reaching someone who has been watching porn and enjoying it. What he doesn’t know is if it is you or not.
To her that is not important. She is playing the numbers which are in her favour. Assume she sends 200,000 emails, if just 1% reach a potential target and just 1% pay she has potentially earned 20 times her US$2000 fee. Not bad for a few moments work.
A quick look at jargon
The primary aim here is to use words you have heard of on the news or seen in the movies or TV series but may not understand. Many are made up expressions – 007 would be proud. They are gambling you don’t know that. Scare tactics. A zero day vulnerability is an unexpected security hole in a piece of software. Sounds serious? It is. But usually developers know about it and are working on a fix. If some thing like Zoom were impacted, the developers would quickly make sure the entire world knew about it. You and every user would be notified.
Of course, not all software. Some very small apps might actually take a bit of time to fix so yes, they are vulnerable to our hacker friend. But, ask your self, where is the value in that? Where is pay off? If only a few people use it? The odds are against the hacker. In short, they know a major piece of software is NOT corrupted, they are gambling that some of you don’t know that and will pay.
If you have been paying attention, you will have noticed we say the same thing over and over in different ways. One last time with feeling: they are playing on your guilt, fear and tech ignorance.
Tor is actually just another browser, same as Chromium or Firefox. However, TOR is a lot more secure as it hides users web activity. It also gives access to what is called “The Dark Web” a place where people with alternative minds like to post and read stuff that that law enforcement authorities are not so happy about. Many paedophiles use this browser. Pages on these web are not indexed by popular search engines so harder to trace. You can download Tor here if you are so inclined.
Please, before you read on, do take some time to relax, we are about to turn the tables, and whilst it is not so difficult or nerdy, you will need a clear mind.
So now, hopefully, you know this is a bluff. His email address is a fake and neither of you actually know each other. It is a stand off. A draw. The first one to blink loses. There is nothing he can do to enforce his demand, other than scare tactics and nothing you can do to retaliate. Or is there?
He might not be as clever as he thinks. We will explore that with two options. Firstly open this link, the BITCOIN spam register. Yes, we CAN actually check on Bitcoin users! As you can see from our image below, there is an option to insert the spammers bitcoin address – highlighted in yellow in our email copy above which we have done. This is just one of several online tools, a quick search will throw up others. Use any or all of them!
Once you have copied the Bitcoin wallet address and pasted it into the box, press the search – show as a magnifying glass- and wait a few seconds. You will then be rewarded with the below image. You can see this has been reported 8 times already- probably more unless the account has been taken down, and that no one has fallen for his scam. No payments received You also have an option to report it – top right, above the QR code. DO THAT. Remember, Bitcoin is community driven. We work together to police it.
When you press “REPORT SCAM” a little popup appears as below. If you have time, DO include an image but as it says, block out your contact and personal details. If there is a website listed, name it. Select the best SCAM TYPE match from the drop down menu. There is more than just sextortion scams although they were trending in 2020! Add any comments, or a copy of the email. This helps others. And as the scammer says: Don’t Stress, you have now proven to yourself it is a fake and have done something positive to derail his game.
More than a one trick pony
There are other options open to us. First off, head over to report any type of internet spam, scam, hoax or fraud. It is a US Gvt site; they ask a lot of questions. Only complete the fields or give them the personal details you’re comfy with. In case you have not learnt by now, the more detail you spew onto the Internet, the more chances there are of you being scammed, spammed or cheated. You might as well paint a huge target on your back.
Next up, Spamcop where we will try to make life a little more irritating for our scammer. This involves a bit more effort than the last tricks so we will walk through it. The link opens to a free registration page. Click the REGISTER button as shown in the image below. This will take you to the details page, towards he bottom you have opportunity to sign up. Input your name, email address, complete the security code and press “Send Authorisation Email.”
A little later a confirmation email will arrive in your email box. Copy and save your password – you will need it soon. Follow the instructions. There should be an auto link to the login page, if not return to their home page and press login. We have begun!
Their logon page is simplicity itself, even if you have never done this before. You need your account or user name, as stated in the email, and the password you copied a few moments ago. At this point you can either use the drop down to change the password expiry from 12 hours to one year. Or, make a mental note to go into your dash board and change the password to something you can remember when we have finished- as explained in their email.
We are going to move onto your email next – but DO NOT CLOSE THIS PAGE- LEAVE IT OPEN. DO NOT CLOSE THIS PAGE – DO NOT CLOSE THIS PAGE- LEAVE IT OPEN. DO NOT CLOSE THIS PAGE- LEAVE IT OPEN.
To be any use to SPAMCOP you need to send them more than just the email. They need the full Email headers. Often known as the full email. it has a lot more info re the process. Now this is where we have to let you go on your own for a while as there are numerous email providers and each has its own way of finding the headers.
Some providers include a “MORE” or similar phraseology link in their email. It may look like this:
Print | Show Original Message | Export as .eml File | Message garbled? | Forward as Group Message | Save to Calendar | Send as Attachment
We want the Show Original Message link
Spamcop providers links to many here, otherwise you may need to surf on line using: “How to find headers in Gmail” for example. If yours isn’t there maybe you need to contact your email provider’s support team. In which case, you may need to log in again to Spamcop.
It may likely look something like this: warning – this goes on a bit!
Received: from 188.8.131.52 (unknown [184.108.40.206]) by newmx38.qq.com (NewMx) with SMTP id for <your email.com>; Mon, 26 Apr 2021 05:59:25 +0800 X-QQ-SPAM: true X-QQ-FEAT: 39PxFzJiqTgv9ReLG4ImbtMLoagG4JOh X-QQ-MAILINFO: MAQuN/jG9sB+SIPHh2066r4WkabwICcglsQbjrzzZ+HXfLemJKIQWdG3J naCrt/ALljSLUtYrCfXfHRRYHLPSYEsxQMO+XCdK/xMR389WLuJ830j2kdqg1lj0u/EMJAH NcJFEkuUjDyr8HwjHS40ZEV9dBLz/1RvheJbc/P57vVz/XDrDHHHXfANvHXGTcCteT+n94A X-QQ-mid: mxszb55t1619387962tprj1wbrs X-QQ-ORGSender: firstname.lastname@example.org X-QQ-XMAILINFO: Mxeqk3bnxrvBV2xDiDaF4vGzqLgv3mFtduuqwvMXlTY9Os9G3b2/TKPGwh5yZB F0YfYOV2HTEImWqTdrv29YmT5BokuFMYEXUFNV2X6fECXWC+9TT5uEu3M9o3cuhc2/pyXcko fktCzyuBpTD7bbr2Ya8CnHJR5IWwHpkgAqy0RBdmt0IVUCTqN5h6UsNeu2tkQWkB2hSKlfrY /Zfju3CZ4O3QwgZ+d9YhzhJyJfBWHD3tWVJr6P8bW0p+Bxj7kEyRqjPK3hc+CDWFVjKEzmff aWI89VMKl85YaRJXKR8CkSpYjG0HZDGX4vJua0Br8F3rSReq43dwfm5b0Raw7MtNr/oy4UYR W87b1GgBw26CmTNwueC63hxGKNGoc8CI/akauhCUrOPY8aHfKYXaPboxDGCozsMlUqvSpIp6 sWWZCVTaxZGh4kWhENMsl/Rnj9eP+IRadhI2tbFvP3UHaRF28k55kSOSwR017Lk21o9+BjLv 1xc3rB4X5QtvkN6QH5mwVsjbWnxfZrEGMbUeAChj8JEBPrfiK6a3JXD43rZ8dh60dMYLXrgY eb43v7LvUT0h/KkEdQhGVnA1TPEh2U5SKpLsIv1IxbQgj+0Z4KZgq/u5HHhKeHsEm/dmWlNj MrFpVp2Qq7KO0whugVkgcwYMPFV9sps25RdhQuIgn4+Xbp0hTzQY2eRCAWnYlbwNaPV3TDdK PMxy+DzJTwuaaAqosmMx/gj/w2SDjzeBAI/vOIO3eE7oQQSsfziAzvMVW6HW84uqBJcOCSvL MUA2eYN/qHPod/Y+6lGBPDZrAIDKguFtOAYV8Jv9RqwaCp86ajocAxa7oXcYHFYHlaTP0xxh 4YSlWe/8F5mfkbAoIXvXTlWb0YSyzIVrv9fxhMrUyJKwOIYyIytVFDW97tjHbTiA== Received: by mail-wm1-f50.google.com with SMTP id p10-20020a1c544a0000b02901387e17700fso4024546wmi.2 for <your email.com>; Sun, 25 Apr 2021 14:59:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:message-id :from:to:subject:date:mime-version:content-transfer-encoding; bh=Bt2vL1i+p6HssHsDwyY3d5qtyBhs99Lwmt5x8HxTEGc=; b=NuAHSHFTZ9MhCTUs3539Al64FLELLINykyH+14/4wjvqxR6avcLJCzVnRpLQL3LbFE /KUS6L+gA+YOM/nUNzQw7FBl8XN6fWWZq6A9/RO6rIYClB5BDRAdjLZFvZCVfTYSCvSl GlUo8578zB7+AYNvyEjakaYCT+UouLGJyIRjwP6isVT2heoJVpKBNmObwPbYAVzvWEB8 xlnMjlN2hVdqsEO6LA2WSHHxhjnGrc2uBzaeLzrDtDm62SaUpHqAgDarhdSx3CIP 1dNpW3CAMht1wVirgW7MUDzcvpXaygpACZNDjbBhhK6oOeaBZ/LlK+RAgjWFgdHz3Bo X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 220.127.116.11 is neither permitted nor denied by best guess record for domain of email@example.com) firstname.lastname@example.org X-Gm-Message-State: AOAM531vNb9ZTC1im9WozBs6QSquLuKaNWeRyoMar/+jN3PEzCkmHyeI FDtDNkxpvzQU9jRqwzNQLpQy4co1qCuNaCQc1A== X-Google-Smtp-Source: ABdhPJyanEdz6MUor5f4I6KNhDjQ4CBF9zlsCdFBpIoQdJjrMNy6KrglF7thpkWIGQjTjZFTQ1yqA/KbraS5uOmMLxE7/O96ff4= X-Received: by 2002:a7b:c157:: with SMTP id z23mr17678492wmi.146.1619387961584; Sun, 25 Apr 2021 14:59:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619387961; cv=none; d=google.com; s=arc-20160816; b=TWwf/i+QBAo+7URxd6cAVbPjNqCMwF6muLE3iAfdCMqgH1uP6e27UFv1/FQTdZv36E z9LYah1bLsOKlTyE1mxd1l4zLV7hWnroD3+mTnTDjDOkMvA44adwYEFzyTOJla0M5ViP exVDSGyYnimkY68N4qM/gM+VUQOJZcCbcAi6dc2Q4mqh7rJvufP8Va1aGQ+7rYof4tPb CawJl4gTVs5SZI/v+GbdZFfiP8lWLgEEYw05ydZ9XbBKOBA0sJOWeCP1mUDIOnfrpdxO WLJjMDzWudCpZiBevU+zDFLZ69QFjrrI6cVciUURwhi4xkhYcmAqAt9W+ptv21WsE49 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:date:subject:to:from :message-id; bh=Bt2vL1i+p6HssHsDwyY3d5qtyBhs99Lwmt5x8HxTEGc=; b=xAmRjylnwr/bE1KqxrWbXs13awbBuIaDIW8gLDUjXhkILKoqqi819yZzel2BKxOyER wt3B09lzCzqG9Pi22Uep2/Y9AIRaWXh5nyhfD9gO69vij83FZwOliSR0+cktY9m6/Lmh aWu431VCGeRMEoV5LYQUCf846IgzqzbJkbyKMWQMOP49CSDDSlNZdk+6SwBK8Wyjj 9BfvWjD7dKkQl+WjgFPk+PysHJxEEKRUfQkqmglnFIMhq8+KBPDFOQDlEwpMBzxTlPL2v7G/ ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 18.104.22.168 is neither permitted nor denied by best guess record for domain of email@example.com) firstname.lastname@example.org Return-Path: <email@example.com> Received: from [22.214.171.124] ([126.96.36.199]) by gmr-mx.google.com with ESMTP id s21si998114wmh.2.2021.04.25.14.59.20 for <your email.com>; Sun, 25 Apr 2021 14:59:21 -0700 (PDT) Received-SPF: neutral (google.com: 188.8.131.52 is neither permitted nor denied by best guess record for domain of firstname.lastname@example.org) client-ip=184.108.40.206; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 220.127.116.11 is neither permitted nor denied by best guess record for domain of email@example.com) firstname.lastname@example.org Message-ID: <BBD192D84AF89B006A2963F14320BBD1@N6UILQMINA> From: <email@example.com> To: <your email.com> Subject: Cooperation Offer Date: 26 Apr 2021 12:20:19 +0700 MIME-Version: 1.0 Content-Type: text/plain charset="windows-1250" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.4988 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.4988 < REAL SPAM OR HOAX MESSAGE BEGINS HERE>
OK, finish line is in sight. Once you have your headers open, copy them, then return to your still open SPAMBOT page and press login in, and then REPORT SPAM. Paste the FULL HEADERS AND EMAIL BODY you saved before into the content box as shown below. Press the PROCESS SPAM button and wait a few moments. Another screen will appear showing the ISP the spammer used to send his email. Press report spam, et voila, he is noticed.
Be aware, this is NOT going to stop her, she is unlikely to use the same ISP twice and very likely has other ISP’s lined up. There are also many, many ISP’s around the globe so she has plenty of choice. Note also that although it may APPEAR that the email is originating in Iran, Russia, Nigeria, or China this is a decoy. In most of our cases, the originator is traced back to the US.
Sadly though, in poorer countries ISP do not do not really care what the content is or where it came from as long as they are paid. So reporting may fall on deaf ears. However, it does cut down on options ever so slightly, and eventually they come under pressure as the major Internet providers black list them. So in this case we are playing the long game. Most important, it empowers you in knowing you have created a little bit of aggro for the spammer. PAY BACK!
It’s not all about sex, babe!
While we have focused, so far, on sextortion type scams and emails, they are not the only shark in the ocean. They may not be as blatant, obvious and ‘in yer face” as sextortion scams, but there are others, just as dangerous. Maybe more so as they seem benign and harmless. Let’s now look at those “brand” or news letter type emails than we – in the west – frequently subscribe to.
These are a little more cunning as they take advantage of us in a few ways. Firstly, as we said, many western people subscribe to several news links, brand emails, or interest news letters. We are used to opening these and enjoying a good, interesting, informative read. Our defences are down. So when one pops up, we often don’t take too much time to think about it. By the time we realise it is not on our list, it may be too late.
Secondly, they may carry the branding of a well known and popular EDM organisations [Electronic Direct Mail] such as Mailchimp. As a market leader, Mailchimp is often used because again, we tend to trust anything that comes from them. But just because it is dressed in Mailchimp’s clothes and carries that cheeky monkey image doesn’t guarantee its authenticity. Third rate scammers can very easily clone or spoof the Mailchimp or any other brand effect. And even if it is genuine, occasionally a bad banana slips though the screening net.
A rose by any other name is still a weed
Let’s digress a moment and step back a few years to a young apprentice working in a strawberry farm. The backbreaking task of weeding. The farm also cultivates carnations in glasshouses for export. Later, as the boss inspects his work he points to a carnation plant growing in the bed. The lad explains it is a carnation so he has left it, expecting some praise for being able to discern the difference. Instead the boss explodes: “anything that isn’t a strawberry is a weed. Pull it out.”
The lesson here is: anything you have not subscribed to or requested is spam
OK, we said earlier these emails may be more dangerous than the sextortion type. Why? Well it comes down to payload, or what code or script they are carrying. This script will ultimately be loaded into your computer via the O/S or C drive in Windows. Once activated it might simply burrow into your email account and harvest every contact in your address book. The scammer may then compile a list and sell it on the black market, as we have discussed above.
Or she may have developed a script to search though all your data searching for bank account details. Once she has this it is a relatively simple step to break the password, access your account electronically, and withdraw the funds. Your bank will no doubt be sympathetic, but as the data breach happened on your machine, they will not accept any liability.
We need to feel a little sorry for scammers. As fast they they discover some way to make easy money, some spoilsport, like us makes it publicly known. So their scams and tricks have a limited life. Consequently, they are always having to come up with something new. Most of us now know that we don’t click, press or open links in Emails. Especially if we don’t know the sender. So the poor spammer needs a new approach.
A picture’s worth 1k words – and more
We all love pretty pictures. Marketers know this, and in recent years we have seen bigger, more detailed, higher resolution, unique images being used on the web. Scammers have noticed too. But for scammers at least, beauty is more than skin deep. Very often an image can also be loaded with a script – what is colloquially known as a “virus. or weed in our other example. As the images load into your email, the virus or script loads into your PC. You are infected.
Take a look at the image below. A screen shot from a rogue or unknown “news letter” that arrived in our mail box. Notice anything?
Well, the first thing you may notice is the comment: “looks legit, from a known brand.” For some people maybe. Although it is difficult to read, small font, the sending domain is digiormoos.com. However, at a quick look it may be mistaken for Digiorno, a popular prebaked, frozen pizza manufacturer which has a following of many thousands. If you were one of their followers, likely you might click the email without too much careful thought. Again, it is a numbers game.
You may also notice the red dots and the empty image icon and read the warning: “Images have been removed for security purposes.” So not only are we wise enough not to click the tempting links, but our email client has refused to load images it doesn’t know or trust. We do this from the SETTINGS in our email options. So, take a few moments now, go to your email settings and activate this feature. If your client doesn’t have it, find another email provider.
The last thing to do then is, as above, bring up the full headers, copy them and paste them in to your SPAMCOP report spam page that we used before.
Ok, last few short paragraphs, we are alsmost done. But not quite. Fighting spam and hoaxes, rip offs, cheats etall is a community effort, the Internet community of which you are a member. So don’t hesitate to report spam, it works for all of us as a team.
But there is still more you can do. Socially. A very large part of those usually taken advantage are the elderly among us. People who have saved all their lives for retirement, generally kind hearts and un tech. A dangerous combo today. They are easy prey and lose everything. So, get among your community, hit the street, into rest homes, community education centres, neighbours, help up skill, educate and inform our senior citizens. Starting with parents, aunts and grandparents.
For scammers and on line cheats, it is easy money. A good return for little effort. This is the attraction. When the effort involved exceeds the return the attraction fades and they move onto something new. Scammers and online cheats can be beaten, if we all work together.
So, with that in mind, again, please feel free to share, reproduce and publicise this widely. Criminals by nature look for easy cash. When everyone knows this is a scam they will give up. We can never eliminate crime and those tempted by it, but we can make it harder work for them.
Ok, now, as we have mentioned above, this is not necessarily going to stop scammers and their gang. It may, perhaps, cause them some inconvenience and frustration. Mostly though, we hope we have proven to you this is a scam and you can do something about it to empower you. However, in realty it is very, very hard to actually stop this. Bitcoin is hard to track, nigh impossible in 2021 and anonymous. Which is of course why criminal gangs love it!
Education is the key. Again to repeat; the more people know this is fake, the harder it is for scammers to succeed. They are forced to find a new game. This link: How to Report Bitcoin Scammers and Why You Should covers the reality and background to reporting Bitcoin scams in more depth. Worth reading. The Bitcoin Whos Who Web page – sic – explains “Tainting a Bitcoin Wallet” and provides a method for you to do that. Sort of future proofing for a day when authorities do have more powers. The site also points to other ways you can report scams. The Bitcoin Abuse database also enables scam reporting and records current scam’s history.
Too late Mate – I’ve Paid.
Ok, well, that does complicate matters some what. If you have read this far, hopefully you are now a little wiser and won’t be fooled again. You are now probably keen and ready to read on about how to get your money back. Sorry, we are going to disappoint you.
As we mentioned above, Bitcoin is a secure, anonymous platform. It is very, very hard to get your money back. Not impossible. But it needs to be looked at from a cost effective base. The first step is to follow the above procedure and report it. Not just to help others being tricked or feel you are pushing back but to create some form of record. Make sure you also report it to the authorities. If you are in the US, the link we gave above is a good step. If like us, living elsewhere, report it to your own police or fraud squad etc. Again, create a paper trail – well an E trail!
Step 2 is a cost v/s return analysis. If you are only down a few hundred bucks, it may not be economically viable to purse professional reclaiming. Of course, if the amount is considerably larger, then you do the maths. We said “professional reclaiming. Two points here. If you are going down this road, take legal counsel. You need to have someone do some due diligence on your behalf. Research. Why? That brings us to point two.
With all due respect, let’s point out that you were fairly easily fooled the first time. You panicked and paid without thinking it through. Without doing any research. You maybe about to repeat that. Very likely you have searched on line for something like: “How to recover scammed Bitcoin. ” You have happily found many links. Many sites offer to do this for you. Such as this one.
Tread light young grasshopper.
Some, if not many of these are also scams. Some run by the gang who scammed you just before. They figure if you’re dumb enough to pay once, now you are desperate and dumb enough to pay more to get it back. Of course, you wont. So be very, very wary of online recovery agents. Or tele-recovery agents. By the way, we are not saying the above link is fraudulent, just making a point.
For best results and piece of mind, look for reputable private investigators with a proven track record and B&M office. And as we said, your friendly lawyer can likely help you there.
Bitcoin Sextortion, blackmail Scams updated
August 23: a new twist with even more focus on confusing tech language. Still the same old same old though. In short, a claim Pegasus spyware has infected the main servers for all Android and I phones and, by extension, your phone too. After that the usual blackmail threat for Bitcoin.
Additionally, there is also a telephone version, just like other spam calls, someone, oft with a foreign accent calls purporting to be from Apple or Google or ??? warning you of the danger. You are oft given a number to call for support where a service fee needs to be charged to your credit card. it is all down hill from there.
This page has a good round up.
Be aware, however, that the “PEGASUS SPYWARE ACTIVATED” error is a scam, a fake message that has nothing to do with Apple. Cyber criminals claim to be certified technicians and attempt to trick users into paying for technical support that is not required – the malware simply does not exist.https://www.pcrisk.com/removal-guides/12056-pegasus-spyware-activated-scam-mac
This page give more detail into the email scams origins: PEGASUS IPHONE HACKS USED AS BAIT IN EXTORTION SCAM plus other links here.
New BITCOIN SCAM Report Site
In addition to the links in the main article body please add this to your quiver. Click the BLUE FILE REPORT button. And, for your convenience, this is the original link to Bitcoin Scam Alerts mentioned above.