The article will give you insights into the new scam where the con artist poses as a “hacker who cracked your email and device” in pursuit of a ransom.
Social engineering is a powerful instrument for manipulating people, even though it may lack hi-tech backing. Indeed, cybercrime isn’t restricted to writing malicious code and depositing it onto computers – it’s a human problem, too. All sorts of email scams making the rounds in the wild are based on a mix of deceit and pressure that, when combined, incentivize people to make hasty and irrational decisions. Whereas the so-called tech support frauds dominate this landscape, a relatively new type has splashed onto the scene and continues to gain momentum. It comes down to emails sent by someone who claims to be a “Hacker who cracked your email and device”. While threatening the recipients to send some kind of embarrassing information about them to all their contacts, the ne’er-do-wells mention the prerequisite for not doing so. Specifically, they demand a ransom in Bitcoin.
Now, let’s break the gist of the “hacker who cracked your email and device” scam down into fragments. The most disconcerting part of it is that the con artist who sent it knows the real credentials for the intended victim’s email account. Moreover, no matter how bizarre this may sound, the villain has actually sent the message from that account. The password, which is a valid one, is indicated in the email body. This fact plays into the malefactor’s hands as it gives some targets the shivers and makes them easy to influence. Then, the message also says that the purported hacker has placed malicious code onto the host operating system, which allowed them to access the user’s contacts and monitor pretty much event going on with the machine.
This way, the scammer was supposedly able to take a picture of the victim as he or she was visiting a “site of intimate content” and compile some compromising material. In order to keep this information from being sent to all friends, colleagues and relatives, the user is instructed to send a certain amount of Bitcoin to a specified BTC wallet. The size of the ransom varies and can be anywhere between $800 and as much as $8000, although the former is a more common occurrence. Here’s the full text of the blackmail note:
I’m a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from [recipient’s email account] on moment of hack: [valid password]
Of course you can will change it, or already changed it.
But it doesn’t matter, my malware updated it every time.
Do not try to contact me or find me, it is impossible, since I sent you an email from your account.
Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.
You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.
I am in shock of your fantasies! I’ve never seen anything like this!
So, when you had fun on piquant sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.
There will be laughter when I send these photos to your contacts!
BUT I’m sure you don’t want it.
Therefore, I expect payment from you for my silence.
I think $876 is an acceptable price for it!
Pay with Bitcoin.
My BTC wallet: [scammer’s Bitcoin wallet address]
If you do not know how to do this – enter into Google “how to transfer money to a bitcoin wallet”. It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.
My Trojan have auto alert, after this email is read, I will be know it!
I give you 2 days (48 hours) to make a payment.
If this does not happen – all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)
Do not be silly!
Police or friends won’t help you for sure …
p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.
I hope for your prudence.
At this point, it’s about time to bust the biggest myth in this entire story: whilst the email password is authentic indeed, the allegation about malware is a fake. This means that the scammer doesn’t actually have any private photos of the victim doing anything ignominious. It’s all bluff aimed at convincing the user into coughing up money. So, recipients can heave a sigh of relief and not worry about anything shameful happening to them in the near future – at least in the way depicted in the message. Meanwhile, the sender has most likely obtained the password to the target’s email account from some past data leaks that aren’t rare. This is an issue of personal online hygiene, and users should change their credentials once in a while.
One way or another, the “hacker who cracked your email and device” themed message is an outright fraud that can be safely deleted from your inbox. And just to ascertain that there’s no spyware inside your system that may have transmitted your email access details to criminals’ Command and Control server, you’d better have your PC checked for unwanted objects right away.
Automated removal of malware related to the “hacker who cracked your email and device” email scam
Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:
1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button
2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.