Yet another sextortion scam is sneaking into users’ inboxes. The scam which is using the “Warning! Account compromised!” subject line is relying on the spoofing technique to make the user believe their system has been hacked.
What Is Spoofing?
Spoofing is easy to spot – the spam emails appears to have been sent from your email address.
Such scams usually claim that the recipient’s email was hacked, and that’s why the email appears to be sent from it. And this current scam does the very same thing, with the scammer claiming to have obtained full access to the recipient’s system. However, these claims are far from the truth and you should not worry about your account or system being hacked.
The truth is that spam operators have been spoofing email addresses for a long time. The tools that enable email spoofing are surprisingly easy to get. All you need is a working SMTP server which is a server that can send email, and the right mailing software, LifeHacker’s author Alan Henry explains.
Did you know that any mail server can be configured to send from a specific domain, and there are even websites that will let you send emails using any email address for free. It should be noted that these methods leave traces that give spoofing away. That’s why it is important to learn how to read email headers.
However, showing your email headers depends on the email provider. For Gmail, open the email and click on the three vertical dots next to the reply arrow and select “Show Original” to revise the details.
The “Warning! Account compromised!” Scam Dissected
We’ve established that the reason the scam email appears to have been sent from your email is spoofing. Let’s further dissect the scam. Here’s the full text of the scam message:
Did you notice i’ve mailed you this e mail with your own e-mail address? This means i have FULL access to your system! I will tell you the way i did all of this. A bit of time in the past you checked out some adult internet sites, one of these websites was inserted with a backdoor i developed. This backdoor mounted itself upon your platform and gives me complete accessibility to all of your accounts, e-mails, data, contacts and so on.
Do not be concerned, later in this message i will explain to you what action you need to take.
While you checked out these adult internet sites i triggered your webcam and taped some clips and took some screenshots of you as you “satisfied yourself”…. if you know what i mean.
So here it is, i have accessibility to your e-mail accounts, to your system, i have some very compromising images and video clips of you and i have got all your email and social media contacts. No matter how frequently you alter your username and password, my backdoor will always grant me full access to your system.
Now you can perform two things.
You’re able to disregard this mail, sent from your own account. In this case i will deliver each of the pictures and clips i own of you “satisfying yourself” to each of your contacts, picture the impact this will have on your social life! Furthermore your device will lock-up in a certain amount of time and can never be used again.
Most probably you don’t want this so here is option number two.
I reside in a nation where it is quite tough to find any kind of work or support my family members, that’s why I really do this, that is why i am a hacker. You’re not targeted, you just checked out the wrong web site at the wrong time. So for my secrecy you will need to perform one thing for me.
You will need to send $780 (USD) in bitcoins to my address:
1LRuigr82sxPmQt5XDQ7PprJu9qX1rJFMN (copy paste this, it is case sensitive).
I can imagine you don’t know exactly how use bitcoins nevertheless that’s not a problem, browse Google, many web sites offer bitcoins utilizing a debit or credit card and the process is extremely fast.
Consider this as a donation.
From the moment you opened this message you activated a timer. My setup will now monitor this particular bitcoin address for any incoming transactions. You have 12 hours (just 12!) to make the transaction. If you do not generate the transfer within this timeframe your device will lock up, even if you disconnect from the internet or change all your online passwords. On top of that all your relationships will get all the nasty pics and videos i posses of you, this will have a big affect on your social life.
If the transfer does come in before its due my system will automatically shut down the backdoor on your equipment and remove all the data, pictures and videos i posses of you plus you will never hear from me again then you can go on to live your life as if this never ever took place.
I do not wish to do damage however i carry out whatever it takes to feed my spouse and children.
Since you have only 12 hrs you better start the transaction right now!
Long story short, you shouldn’t believe anything the scammer claims and you shouldn’t transfer any money to the provided Bitcoin addresses. Claiming that you have leverage on someone is an old extortion trick, and scammers are exploiting this approach in the hope that they will make some money out of gullible users.
A simple solution
Since all recent extortion-based scams are relying on purported recordings of the recipient watching adult content, simply cover up your laptop’s camera. This may sound silly but knowing that your camera is covered leaves no place for you to worry, regardless of the scammer’s claims.
Another simple thing you can do to avoid email harvesting (where scammers and third parties harvest email addresses in bulk) is the so-called email address munging, or simply changing the “@” sign into “at” and the “.” into “dot”. This is especially valid for individuals with business emails that are visible to the entire internet.
And once again, no matter how persuasive the email you received sounds, don’t fall for it because it is a scam.