Scam Dissection

“Caution! Attack hackers to your account!”

What, exactly, am I being instructed to do here? Attack the “hackers” who are allegedly accessing my account? Oh, are you trying to warn me of something?

Scam e-mails nothing new, and despite lacking professionalism, there are innocent victims falling for them every day. The most important thing we can do is raise awareness of the problem, while having some fun in the process. It’s dissection time!

Scam E-Mail
Caution! The original scam e-mail as viewed in Microsoft Outlook.

“Hi, stranger!”

As we progress through the e-mail, you may begin to wonder why I am being referred to as a “stranger” here. I was under the impression that they would have known everything about me, but sadly, they did not take the time to learn my name. This is the first red flag.

“I hacked your device, because I sent you this message from your account.”

While it does look like the e-mail was received by the same account which sent it, this is not the case and is commonly referred to as ‘spoofing’. If we observe the headers, we can obtain some information about the origin server. Headers may be accessed in Microsoft Outlook by opening the e-mail in a new window, navigating to ‘File’ and then ‘Properties’.

“If you have already changed your password, my malware will be intercepts it every time.”

If in doubt, run a scan for malware on your device; however, if you have received this e-mail, it is highly unlikely that there is any related malware present.

“You may not know me, and you are most likely wondering why you are receiving this email, right?”

Scam e-mails spread like wildfire and e-mail addresses can be obtained through a variety of methods. This may be the result of a hijacked contact or even a database leak.

“In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy (you know what I mean).”

I swear… I haven’t visited these websites for a long time (disclaimer: unspecified length of time). You must believe me!

“While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.”

The light next to your webcam to indicate it is operating is your friend, not your foe, so the next time you are watching “video clips”, keep an eye out for this.

“Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.”

A hijacked contact could easily be the reason you are receiving e-mails such as this one. It is important that you take steps to avoid ending up in the same boat.

“What I’ve done?”

I’ll face myself to cross out what I’ve become!

“I made a double screen video.
The first part shows the video you watched (you have good taste, yes … but strange for me and other normal people), and the second part shows the recording of your webcam.”

I don’t really need somebody to tell me I have good taste. Back to the Future is the best movie ever produced. I am sorry that is strange to all the other normal people, and especially you, though.

“What should you do?”

I couldn’t think of anything witty in response to this, so I searched the internet. Apparently, this is the title of an American reality show. I wonder if it was worth watching.

“Well, I think $622 (USD dollars) is a fair price for our little secret.”

I really wish this was our little secret, but I was disappointed to hear that a friend received the same e-mail. I would like an explanation as to why you are changing me $3 more, beyond the obvious favouritism.

“You will make a bitcoin payment (if you don’t know, look for “how to buy bitcoins” on Google).”

The scammer now believes they are a fortune teller. In addition to a Creative Writing lesson, may I suggest Psychic Studies to increase the accuracy of your claim?

“BTC Address: 1PH5CYMeD4ZLTZ2ZYnGLFmQRjnptyLNqcf
(This is CASE sensitive, please copy and paste it)”

At the time of writing, this address has been submitted to the Bitcoin Abuse Database 93 times. My friend received a different address, so be careful.

“Remarks:
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).”

Personally, I would prefer a Read Receipt in favour of a ‘special code’.

“If I don’t get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.”

The shame! The embarrassment! The cheek of even thinking I would fall for this!

“However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.”

This is where I burst into laughter. You can just imagine Voltorb using the move ‘Destruct Someself’, can’t you?

“If you want to get proof, answer “Yes!” and resend this letter to youself.
And I will definitely send your video to your any 18 contacts.”

In addition to the scammer not knowing how many contacts are linked to an account, this is not something a regular user would pay attention to either. If it is not extreme, offering statistics could make an e-mail look legitimate.

“This is a non-negotiable offer, so please do not waste my personal and other people’s time by replying to this email.”

I would still like to know why my friend gets to pay $3 less. Let’s negotiate.

“Bye!”

Bye, stranger!

Don’t let yourself become a victim of this scam. If you receive an e-mail which looks like this, delete it immediately.

This site uses Akismet to reduce spam. Learn how your comment data is processed.