Would you like to save yourself £1,100 and a world of worry? Then read on ...
I have come across a particularly unpleasant form of email blackmail recently and I want to tell you more about it.
In my Web Safety Guru Email Masterclass I explain how the scammer is thinking and what his objectives are.
This is a classic example of how the scammer will attempt to scare you with bold claims
and use a very tight deadline to prevent you from having time to assess whether the threat is real.
This particular scam is also interesting because of the use of Bitcoin as a payment method. Because the scam
aims to blackmail the victim, the victim needs to remain anonymous and it is difficult to tie a
particular Bitcoin address to a particular individual.
How the classic Bitcoin blackmail scam works
The anonymous emailer starts by claiming to have have infected your device somehow and then taking control of certain
hardware and functions.
What follows is the precise text of the email, I have hidden the target email address for privacy reasons..
I have to share bad news with you.
Approximately few months ago I have gained access to your devices, which you
use for internet browsing.
After that, I have started tracking your internet activities.
Here is the sequence of events:
Some time ago I have purchased access to email accounts from hackers (nowadays,
it is quite simple to purchase such thing online).
Obviously, I have easily managed to log in to your email account (email@example.com).
One week later, I have already installed Trojan virus to Operating Systems of
all the devices that you use to access your email.
In fact, it was not really hard at all (since you were following the links from
your inbox emails).
All ingenious is simple. =)
This software provides me with access to all the controllers of your devices
(e.g., your microphone, video camera and keyboard).
I have downloaded all your information, data, photos, web browsing history to
I have access to all your messengers, social networks, emails, chat history and
My virus continuously refreshes the signatures (it is driver-based), and hence
remains invisible for antivirus software.
Likewise, I guess by now you understand why I have stayed undetected until this
While gathering information about you, I have discovered that you are a big fan
of adult websites.
You really love visiting porn websites and watching exciting videos, while
enduring an enormous amount of pleasure.
Well, I have managed to record a number of your dirty scenes and montaged a few videos, which show the way you masturbate
and reach orgasms.
If you have doubts, I can make a few clicks of my mouse and all your videos
will be shared to your friends, colleagues and relatives.
I have also no issue at all to make them available for public access.
I guess, you really don't want that to happen, considering the specificity of
the videos you like to watch, (you perfectly know what I mean) it will cause a
true catastrophe for you.
Let's settle it this way:
You transfer $1600 USD to me (in bitcoin equivalent
according to the exchange rate at the moment of funds transfer), and once the
transfer is received, I will delete all this dirty stuff right away.
After that we will forget about each other. I also promise to deactivate and
delete all the harmful software from your devices. Trust me, I keep my word.
This is a fair deal and the price is quite low, considering that I have been
checking out your profile and traffic for some time by now.
In case, if you don't know how to purchase and transfer the bitcoins
- you can use any modern search engine.
Here is my bitcoin wallet:
You have less than 48 hours from the moment you opened this email (precisely 2
Things you need to avoid from doing:
*Do not reply me (I have created this email inside your inbox and generated the
*Do not try to contact police and other security services. In addition, forget
about telling this to you friends. If I discover that (as you can see, it is
really not so hard, considering that I control all your systems) - your video
will be shared to public right away.
*Don't try to find me - it is absolutely pointless. All the cryptocurrency
transactions are anonymous.
*Don't try to reinstall the OS on your devices or throw them away. It is
pointless as well, since all the videos have already been saved at remote
Things you don't need to worry about:
*That I won't be able to receive your funds transfer.
- Don't worry, I will see it right away, once you complete the transfer, since
I continuously track all your activities (my trojan
virus has got a remote-control feature, something like TeamViewer).
*That I will share your videos anyway after you complete the funds transfer.
- Trust me, I have no point to continue creating troubles in your life. If I
really wanted that, I would do it long time ago!
Everything will be done in a fair manner!
One more thing... Don't get caught in similar kind of situations anymore in
My advice - keep changing all your passwords on a frequent basis
The message continues by making a specific threat, that the blackmailer has acquired compromising information about you.
Then comes the demand, "Pay me or I send the compromising information to all your contacts".
Next follows a list of things you mustn't do. This is designed to add credibility to the threat and increase your fear.
The important thing to know about this particular kind of email threat is that it is a total bluff. The criminal
hasn't infected your device, does not have any compromising material on you, and in fact probably doesn't even know who
you are. This identical email will have been sent to hundreds or perhaps thousands of people. N.B. there is a
particular variant of this scam which tells you your password. In this case the password has been stolen separately
(for example via a data hack on your broadband provider) but has been included in the email to add a lot of credibility.
At this point I want to plug two of my own courses. The general Web Safety Guru course will teach you about
making your passwords safer and will run through how to deal with these kinds of emails. The Web Safety Guru
Email Masterclass is an in depth look into email fraud. How the criminals think, how they want you to think,
the techniques they use to put pressure on you, the tell-tale signs that the email isn't genuine (there are absolutely
loads in this particular email) and also some interactive exercises so you can test out your investigative powers
for yourself. Once you know the key signs to look out for and practice doing it you will become accomplished at
avoiding the scam emails.
If you received an email like this and believed it, I imagine you'd be very worried. There's the threat of damage to
your repuation, but also there's the worry that your computer has been infected with a virus, even when the virus
checker tells you you haven't. You wouldn't know what to trust.
So let's see how this particular scam played out. The blackmailer was asking for $1,600 in Bitcoin and the scam email
was issued on August 19th. Because the blackmailer has provided a Bitcoin address, it is possible to check the
Blockchain and monitor any activity for that address ...
Sadly in the 24 hours following the email, two people paid up the $1,600 ransom. I must confess I thought the
email was so outrageous it would never succeed. In the following 24 hours a third victim paid up. $1,600 is
worth approximately £1,150 at the time of writing.
Within six weeks, the scammer's Bitcoin account had received 16 payments, ten of which were consistent with the price
being asked in this particular blackmail. Note the dollar values of the payments were now greater than previously
due to a rise in the price of Bitcoin between August and when I took this snapshot in November.
The Web Safety Guru Email Masterclass costs £50 would have saved
any of these poor victims £1,100 and lots of worry.