“I’m a programmer who cracked your email” extortion scam By Will Wisser Posted on November 1, 2018 3 min read 1 5,476 Beware of the new blackmail scam doing the rounds, where the criminal says ‘I’m a programmer who cracked your email account’ and extorts a ransom in Bitcoin. The hacker theme has got enough press coverage and depiction in action movies to be on everyone’s lips. People have learned that the infrastructure of entire cities can be disrupted by means of a successful cyber-attack, not to mention that someone’s email account is low-hanging fruit for a competent adversary. While realizing this common awareness, some online crooks have ventured into playing around with the scare, deploying scam campaigns that exploit the stereotypical hacking shenanigans subject. One of the recent waves of that kind involves misleading emails where the malefactor says, “I’m a programmer who cracked your email account”. The sender attempts to convince the to-be victim that he has some incriminating materials about them and asks for a Bitcoin ransom for non-disclosure. This is one of the types of what’s called sextortion. “I’m a programmer who cracked your email account” email asking for a ransom The main catch in this scheme is that the fraudster actually knows the password for the recipient’s email account. That’s most likely one of their previously used credentials, or it can even be the current one in case the targeted user hasn’t changed it for quite some time. This fact undoubtedly makes the scam more plausible as some people will fall for it after finding out that someone has their valid password. Here’s the thing, though: the swindlers got these details from some past breach of a major Internet service. Data leaks are happening once in a while, and we have to take it as a given. So, what else is this scam about? Here’s the full text of the message: Hello! I’m a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it. Your password from [victim’s email address] on moment of crack: [password] Of course you can will change your password, or already made it. But it doesn’t matter, my rat software update it every time. Please don’t try to contact me or find me, it is impossible, since I sent you an email from your email account. Through your e-mail, I uploaded malicious code to your Operation System. I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources. Also I installed a rat software on your device and long tome spying for you. You are not my only victim, I usually lock devices and ask for a ransom. But I was struck by the sites of intimate content that you very often visit. I am in shock of your reach fantasies! Wow! I’ve never seen anything like this! I did not even know that SUCH content could be so exciting! So, when you had fun on intime sites (you know what I mean!) I made screenshot with using my program from your camera of yours device. After that, I jointed them to the content of the currently viewed site. Will be funny when I send these photos to your contacts! And if your relatives see it? BUT I’m sure you don’t want it. I definitely would not want to … I will not do this if you pay me a little amount. I think $859 is a nice price for it! I accept only Bitcoins. My BTC wallet: 1HQ7wGdA5G9qUtM8jyDt5obDv1x3vEvjCy If you have difficulty with this – Ask Google “how to make a payment on a bitcoin wallet”. It’s easy. After receiving the above amount, all your data will be immediately removed automatically. My virus will also will be destroy itself from your operating system. My Trojan have auto alert, after this email is looked, I will be know it! You have 2 days (48 hours) for make a payment. If this does not happen – all your contacts will get crazy shots with your dirty life! And so that you do not obstruct me, your device will be locked (also after 48 hours) Do not take this frivolously! This is the last warning! Various security services or antiviruses won’t help you for sure (I have already collected all your data). Here are the recommendations of a professional: Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites! I hope you will be prudent. Bye. In a nutshell, the impostor hacker claims to have intercepted the user’s email password as they entered in on some unnamed insecure site about half a year ago. The con artist also states that he has thereby uploaded a RAT (remote access tool) onto the victim’s computer, which has allegedly allowed him to steal all the contacts and track down the web browsing history. Interestingly, the sender purports to usually just lock down the contaminated PCs and demand a ransom, but this time he chose a different tactic, having been “struck” by websites of intimate content the user often visits. The perpetrator then says he has made an embarrassing photo of the user via the computer’s camera while they were watching the adult content. In exchange for not sending these naughty pictures to all of the victim’s contacts, the attacker offers a trade-off. It boils down to a ransom. The typical amount is in the range of $850-870 worth of Bitcoin, with the BTC wallet address to send the money being indicated in the message. The good news is, no one has actually installed any spyware or RAT on the user’s machine. They haven’t made any screenshots or photos either. Therefore, paying the ransom doesn’t make sense at all. The bad news, though, is that one’s earlier or current password has actually been disclosed. Again, that’s probably due to a data leak that wasn’t on the victim’s end. However, it still won’t hurt to check the system for malicious code that may as well be part of the compromise. Automated removal of malware related to the “I’m a programmer who cracked your email account” email scam Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following: 1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button Download email scam virus remover 2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.