By Guruka Singh
Hackers Hacked My Email, Demanded Bitcoin (Scam)
A recent question from a Sangat member sparked this month's column. Here's his question:
"I get emails from hackers a few times a week saying that they have cracked my email account. As proof, they have supplied me with the correct password for the account. The message goes on to say that they have planted a Trojan on my computer which allows them to spy on me.
Here's where it gets interesting. The hackers say I have been visiting websites of people in the buff. They are demanding I pay them bitcoin (worth $831) to keep this quiet, otherwise they will send images from the purported site I've visited and also a picture of me on my webcam.
The English used in the messages is strange to say the least. I get the same message from other 'hackers', but the bitcoin wallet is different.
What do you think? "
This is a scam. Here's how it works:
At some point in the past, you visited a website and created a user account using your email and password. Later, real hackers compromised the site, then downloaded the database of user accounts (including your name, email, and password used on the site). They then used this information to mass email all the people in the database with the same scam message - just like the one you're describing.
In order to legitimize their "masterful hacking techniques" they supply you with your email password. This is icing on the cake and will frighten most people into believing the next line, where they claim to have planted a Trojan on your computer capable of spying on your every move.
It's not uncommon for regular users to visit raunchy websites of 'people in the buff'. It's also not uncommon that users use the same password on multiple sites. Scammers realize this fact, then play the numbers game by mass emailing all the people in the database with these claims, hoping that someone is frightened enough to hand over their hard earned money.
Even if 1 person out of 3 million possible user accounts pay the ransom, that's still $800 in the scammer's pocket.
Now that you know how the scam operates, you can safely ignore the message.
Instead, change your passwords on all the sites you visit, making sure they are strong and unique. Never, ever use the same password on more than one site - otherwise hackers (and scammers) can use this information to gain access to other sites, or send you scam emails like the one you mention.
If you use different passwords on all the sites you visit, you severely limit the potential attack vector.
If you are concerned your computer has been hacked, I suggest you hire a professional - like myself - to look over the system. My contact link is here; review my credentials here.
Scam Message from Hackers Claiming to Have Hacked Your Email (and PC)
For the record, here is the scam message that was forwarded to me:
I'm a hacker who cracked your email and device a few months ago. You entered a password on one of the sites you visited, and I intercepted it. This is your password from abc[at]example.com on moment of hack: abcPassword. Of course you can will change it, or already changed it. But it doesn't matter, my malware updated it every time.
Do not try to contact me or find me, it is impossible, since I sent you an email from your account. Through your email, I uploaded malicious code to your Operation System. I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources. Also I installed a Trojan on your device and long tome spying for you.
You are not my only victim, I usually lock computers and ask for a ransom. But I was struck by the sites of intimate content that you often visit. I am in shock of your fantasies! I've never seen anything like this!
So, when you had fun on piquant sites (you know what I mean!) I made screenshot with using my program from your camera of yours device. After that, I combined them to the content of the currently viewed site. There will be laughter when I send these photos to your contacts! BUT I'm sure you don't want it. Therefore, I expect payment from you for my silence. I think $831 is an acceptable price for it!
Pay via Bitcoin. My BTC wallet: 1GcwYRfWesiSe2fBmsVSpNG2K11zDMhksG
If you do not know how to do this - enter into Google "how to transfer money to a bitcoin wallet". It is not difficult. After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system. My Trojan have auto alert, after this email is read, I will be know it!
I give you 2 days (48 hours) to make a payment. If this does not happen - all your contacts will get crazy shots from your dark secret life! And so that you do not obstruct, your device will be blocked (also after 48 hours). Do not be silly! Police or friends won't help you for sure ...
p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.
I hope for your prudence.
A few things to note:
The English used throughout the message is atrocious. This is a big tip-off that the message was written (poorly) by someone in a third-world country.
Scammers use the fact that they have your email password as "proof" of their hacking abilities, then claim to have uploaded malware to your computer. Nothing could be further from the truth. Your email password has nothing to do with hackers being able to magically connect to your machine, even if you used the same password to login to Windows (for example). The fact is, hackers can't gain access to your machine just because they say so; they stole your password from another site (which was in fact hacked) and are using this information to legitimize their false claims.
Another big tip-off that this is a scam is the fact that the bitcoin wallet changes. This should be a big red flag that the message is simply a template being mass emailed to thousands, hundreds of thousands, or even millions of people.
If you are concerned your computer has been hacked, contact me and I'll be happy to look over your system.
If you are tired of receiving these scam emails, you will need to sign up for another email account and stop using your old one :-(
You can help make this column better by sharing your topic suggestions, tips or experiences you have had with your own tech with the Sangat through this column in our Ashram newsletter. Email me and tell me your story, and keep sending me your suggestions for column topics, along with your own favorite smartphone app recommendations and reviews so I can share them here. Just email them to me at [email protected]