Spam email can be quite hilarious at times. Especially hilarious are spam emails which threaten you with some kind of horrible outcome if you don’t comply with the demands listed. Yep, extortion email! These, sadly, actually work in some cases, hence why they keep going.
You can find a previous example of this in an email I recieved a few months ago and wrote about here titled “The Craziest Spam / Scam Email I’ve Ever Received“. It was quite the stretch, to say the least, content wise and contrary to the threats within it, I clearly never was arrested nor did “Maud Hatcher” ever get their $10,000 worth of bitcoin. Hope they didn’t need that money. Hah.
The other day I got a somewhat similar email that was equally hilarious to me. This, among other email over the past few months which has, honestly, made me consider turning this into an irregular series of which this is the first entry.
Welcome to Spam Showcase, Vol. 1!
In this entry we will take a look at some email sent from… myself? Huh? Oh, this is probably important! Let’s open this lovely message titled “Be sure to read this message! Your personal data is threatened!”
Hello!
I have very bad news for you.
17/07/2019 – on this day I hacked your OS and got full access to your account chris@xadara.com.
You can check it – I sent this message from your account.
So, you can change the password, yes.. But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I’m talk you about sites for adults.
I want to say – you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea….
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!
I’m know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $995 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 15yF8WkUg8PRjJehYW4tGdqcyzc4z7dScM
You do not know how to use bitcoins?
Enter a query in any search engine: “how to replenish btc wallet”.
It’s extremely easy
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.
After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.
I hope you understand your situation.
Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
Do not try to contact me (you yourself will see that this is impossible, I sent you an email from your account)
Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker.
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just do my job.
Good luck.
Hmn, so, this guy claims to have infected my router with some kind of malware, stolen my email password for a publicly known email shared on this site? Seems legit.
Then they made a full “dump of my disk?” Really? You pulled a terrabyte of data off of this one machine? And I never noticed this? The HDD activity? The network access? The bandwith hit my ISP would have sent me an email about given how I have alerts set up to bandwidth usage? Yeah, fat chance.
Oh, and they wanted to lock my “device” and charge me a “not big” amount of bitcoin to unlock it? Huh… you’d think they’d just, you know, pull the normal attack methods that have been so infamous the past decade. No, instead they decide to snoop around and find, uh oh, adult sites! *gasp* I’m absolutely shocked by this revelation! Adult content? on my “device?” I never!
This is where the fun begins… I have to say the whole “I want to say – you are a BIG pervert. Your fantasy is shifted far away from the normal course!” line is hilarious! Not to mention a bit oddly worded, as is the whole email — typical for these kinds of email as they tend to originate from nations other than the United Stated, The UK, etc, where the English spoken is more, for lack of a better word, normal.
So, anyway, he’s made a “screenshot” of the sites, making sure I “understand what it is about” and then made a screenshot of my “joys” (using the camera on my device, no less) and “glued them together.”
In normal speak, he claims to have taken an image of one of the sites, an image of me with a camera (that doesn’t even exist on this computer, mind you) while I was looking at said content and doing what many would normally do viewing such, and put them together. Yep, typical extortion crap — I’ve got a photo of you wankin’ it to this stuff, give me money.
The way he ends that it’s what’s hilarious: “You are so spectacular!” Why, yes, yes I am, and I’m glad someone acknowledges that! Haha! Okay so seriously that’s just strange, but whatever, let’s move on.
Naturally, they suggest that the screenshots (oh there’s more than one now?) he’s made could find their way to people I know unless I pay $995 to keep him silent, and of course he wants money in bitcoin. I don’t know what the “spent a lot of time spying” line is about — maybe trying to get someone worried about something they may have looked at in the past?
Anyway, he gives the address, the usual crap about how to use bitcoin (or at least, how to find out how) and then says that I have 48 hours to pay and that he “knows” when the email is opened. Yeah, sure ya do pal, and I’ve got a 2019 Mac Pro on the way directly from Tim Cook.
Of course if I pay he claims the mysterious virus will self-destruct as well as the “screenshots of my enjoys.” I can’t get over that phrasing, “enjoys” just sounds hilarious. That is given my payment, which obviously won’t happen.
Lastly, as you would expect, they pull the old “don’t try to delete the virus, don’t contact me (because this was sent from your own email address) and don’t format your disk, I already have everything I need, blah blah blah. Your usual crap.
Then comes a bit more hilarity — not the claim that they won’t contact me again after payment, and that they have more victims, but that the above is “the word of an honest hacker.” Yeah, an “honest” hacker. Sure, I’d totally believe that, if this whole thing wasn’t bullshit already.
Then comes a suggestion that I update my antivirus in the future. Funny considering he claims his malware targets routers first, then the “OS of your device” — yep, magic malware that can attack all devices… such doesn’t exist, in case you didn’t know, so even if this was a genuine gesture it makes no sense.
Lastly, the lovely line “Do not hold evil! I just do my job.” As with everything else, an odd way of saying “Don’t be mad at me, I’m just doing my job.” Yep, your job as a scammer; a professional liar. Yeah, I don’t “hold evil” on that, I just think it’s scummy shit to do.
People, sadly, fall for these scams, as pathetic as they are, and that’s the saddest thing, that they do actually work.
One last thing of note: the email address. Yes, all header information makes it seem as if it was sent from my actual account here on xadara, but there’s one bit of info which hits at the true origin. Deep in the email source is this bit of information:
Received: from [177.228.80.44] (port=43809 helo=customer-CGN-HMO-80-44.megared.net.mx)
Hmn… .mx? Mexico? Let’s check out that IP Address.
Source: whois.lacnic.net
IP Address: 177.228.80.44
% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries
% LACNIC resource: whois.lacnic.net
% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2019-10-17 00:56:23 (-03 -03:00)
inetnum: 177.224/13
status: allocated
aut-num: N/A
owner: Mega Cable, S.A. de C.V.
ownerid: MX-MSCV17-LACNIC
responsible: Hector Javier Villa Monta?ez
address: Av. Lazaro Cardenas, 1694, Del Fresno
address: 44900 - Guadalajara - JA
country: MX
phone: +52 3337500020 []
owner-c: NIT
tech-c: NIT
abuse-c: NIM44
inetrev: 177.224/13
nserver: NS1.MEGARED.NET.MX
nsstat: 20191015 AA
nslastaa: 20191015
nserver: NS2.MEGARED.NET.MX
nsstat: 20191015 AA
nslastaa: 20191015
created: 20130220
changed: 20190925
nic-hdl: NIM44
person: NIC_Abuse Megacable
e-mail: nic_abuse@MEGACABLE.COM.MX
address: Lazaro Cardenas, 1694, Colonia de Fresno
address: 44900 - Guadalajara - JA
country: MX
phone: +52 3396900000 []
created: 20190912
changed: 20190912
nic-hdl: NIT
person: NIC TECH
e-mail: nic_tech@MEGACABLE.COM.MX
address: Lazaro Cardenas, 1694, Del Fresno
address: 44900 - Guadalajara - Ja
country: MX
phone: +52 33 37500029 []
created: 20030303
changed: 20120105
% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.
Oh, what do ya know, it looks to indeed be located in Mexico. Wonderful! So we have Mexican scammers this time! Marvelous. That would explain the particular English used here, which isn’t bad but is irregular, and different from what most scammers tend to use. Still, interesting to see.
So, what happened? Well, this email came way back on the 11th, and it’s the 16th now. As you can see, my computer is still working fine and if anyone out there has seen my “enjoys” just remember that I’m clearly spectacular! So, you’re welcome, I guess?
Ah, this one was fun. More to come as time passes — I at least hope the next ones don’t take so much to reply to. As always, thanks for reading.
I wonder if its possible to flag bitcoin addresses for being used in these sorts of things, not that I’ve ever bothered to report anything because I’m lazy. That aside its amusing that people think threats without proof work, the whole “I have something and I’m not showing you” stuff is really dumb.