I’m pretty impressed with Charter mail’s spam filter, especially when I’ve missed an email and I have to dirty my hands sorting through the trash in my junk email folder. When I look there it seems I get spam every hour.
That’s why I was surprised to see that some spam made it through all the defenses and landed in my actual inbox. Even better, it was a “sextortion” scam.
“Subject: seen you Mastrubating”
I can truly say that I have never spent even a moment “mastrubating.”
“Hi, I'm a hacker and programmer, I know one of your password is: [followed by a ten year old password]”
I am a programmer as well, plus I know the difference between a comma and a semicolon. Additionally, I would have added an “s” after “password” because otherwise the sentence makes no sense.
This is followed by a bit of terminology, and then the big gotcha:
"I collected all your private data, recorded few videos of you (through your webcam) and I RECORDED YOU SATISFYING YOURSELF!!!"
Well! Good for me. What kind of "mastrubator" would I be if I couldn't satisfy myself?
What follows are threats that:
- This "mastrubation" video will be posted on the dark web where "very sick people" are
- My contacts will see me "mastrubating" (Hi Friends!)
- The "mastrubation" (it never gets old!) video will be sent to social media
... followed by a promise that I can save myself by sending "exactly" $800 in bitcoin to a specific address in "3 days time."
"It's a very good offer, compared to all that HORRIBLE shit that will happen if you don't pay!"
Well, bring that horrible shit on, because I Googled the Bitcoin exchange rate, and that is $320,000 dollars.
I've gotten that one, too! I mean, variants on it. But since I 1. don't actually visit porn sites and 2. keep webcams covered with a post-it note anyway except when they're in deliberate use, the claims were, shall we say, less than plausible.
When I got the spam message and was frankly baffled, I contacted the organization through which I had that email address, and they said that someone had posted lists of tons of assorted username/password pairs online. Which I guess means "change your passwords more than every 10 years" or something like that?
Posted by: KC | July 06, 2019 at 11:14 AM
KC - yep, same here. I was briefly confused that they thought I would be in front of my computer AND pleasuring mayself at the same time, then I remembered videos.
Posted by: theQueen | July 07, 2019 at 08:35 AM
Mine didn't try to spell masturbating or any other "naughty words" and hence were clearer about the theoretical webcam videos of "getting excited" being tied to the records of the embarrassing websites visited at that time (which they threatened, of course, to publish simultaneously, because people would be So Shocked).
But yes. A specific target audience, and one that does not include me. While normally it's nice to be included, I think with spam/phishing/blackmail target audiences, I'd rather be out in the cold...
Posted by: KC | July 07, 2019 at 11:08 AM
KC - I only worry that they'll become more sophisticated just in time for me to get old and more vulnerable to scams.
Posted by: theQueen | July 07, 2019 at 01:02 PM
If it's any relief, some of the phishing scams actually aim their initial contact letters to *be* suspicious - that way, they only net people who are really gullible enough to be more likely to follow through with the rest of the process. So there's that. But yes, it is worrying.
The thing that gets me the most is the downgrade in professionalism from real companies (banks, etc.) in their communications and communications methods; I've gotten messages from real organizations which reflexively ticked my "oh, this is spam" boxes: not from the "right" domain name; mucked-up formatting; Click This Link! without the link text; Click This Link! with URL-shortener pass-throughs. Like, no. Please do not make the scammers' jobs easier by discarding your credentials...
Posted by: KC | July 07, 2019 at 02:16 PM
KC - Or when you look at the html and see the sender field for the Bank of America email is “chad52832@gmail” etc
Posted by: TheQueen | July 07, 2019 at 06:49 PM
Yeaaah. Always confidence-inspiring, that. (that's what I was referring to with domain name, and even though domain names can be spoofed in emails so it's not a 100% guarantee even if it looks like it's from the right domain name, real businesses really ought to send their real email from their own domain name rather than from Chad's personal account or marketing-proz.com or whatever.)
Posted by: KC | July 09, 2019 at 02:04 PM
KC - I generally ignore any email I get from all businesses, anyway. If you’re a business you need to leave me a voicemail with a phone number I can cross-check on the Internet.
Posted by: TheQueen | July 09, 2019 at 08:54 PM