We help IT Professionals succeed at work.

Your Thought On This Ransom (Hack) Email

Medium Priority
166 Views
Last Modified: 2019-11-20
Hi Experts!

Being overly cautious here and wanted your opinion.  I received the following (ransom) email below and thought it was suspicious. From what I can find on the web this looks like a phishing attempt (somehow gotten a hold of my email and old password from somewhere). On my desktops and laptops we have the paid versions of Avast Premium Security and MalwareBytes. Both are scheduled to run daily, and Windows Update is always on. We primarily use Google and that self-update. My email account has MFA enabled for awhile; so I know this person cannot access my email?

 After getting the email I manually scanned the desktops and laptops with Avast and MalwareBytes. Nothing found. Downloaded and ran Spybot seach and destroy and nothing bad found.

My thought that this is a phishing attempt is because if you have control over my computer when don't you lock it and demand payment instead of this email?

Here's the email:

Recorded You <recordedyouXXXX@XXXXX.com>
To:
myEmail@yahoo.com

Nov 18 at 1:30 AM

Hey, I know your password is: HeknowsMyPassword

Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

I can send the video to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are, I can publish all I found on your computer everywhere!

Only you can prevent me from doing this and only I can help you out in this situation.

Transfer exactly 900$ with the current bitcoin (BTC) price to my bitcoin address.

It's a very good offer, compared to all that horrible shit that will happen if I publish everything!

You can easily buy bitcoin here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my address, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.

My bitcoin address is: 1LfYcbCsssB2niFDummyAddress

Copy and paste my address, it's (cAsE-sEnSEtiVE)

I give you 2 days time to transfer the bitcoin!

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure you read it, my mailer script has been configured like that and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.

Next time update your browser before browsing the web!


Comment
Watch Question

Joe WinogradDeveloper
CERTIFIED EXPERT
Fellow
Most Valuable Expert 2018

Commented:
> wanted your opinion

I don't want to bury the lead...so I'll start by saying that it's nothing to worry about, imo...delete it!

My guess is that they got your email address and an old password for some site that was the victim of one of the many hacks that have occurred over the years. Of course, you should change that password if you're still using it anywhere (my guess is you're not), but they don't really have access to your computer or your email...they're just trying to scare you into paying. Regards, Joe
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
A lot of people re-use passwords.  If you ever had an account get hacked at Yahoo, Home Depot, or any of about an infinite number of other online sites and you used the same password, then all that's happening now is they are sending an email to you because they stole your email and password from that hacked site and they are trying to get you to believe you're account has been hacked on your computer.  99.99% you're fine.  BUT, strictly speaking, especially if you ever re-used passwords, there is a non-zero chance they aren't lying.  The VERY VERY probably are lying and trying to trick you, but it's a non-zero chance they aren't.

I wouldn't pay.  I'd just ignore this and treat it like the spam it almost certainly is.
Mal OsborneAlpha Geek
CERTIFIED EXPERT

Commented:
I have received at least a dozen of these. There are a LOT of websites and other services that fail to secure credentials.
VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017
Commented:
It's a HOAX. type your email in this site..... and be amazed at what sites have been hacked and leaked your old password

https://haveibeenpwned.com/

Ignore it delete it and move on with your life.

Please read all the comments in this Question....which was asked on a similar theme...

https://www.experts-exchange.com/questions/29158060/Received-a-ransomware-email.html
KimputerIT Manager
CERTIFIED EXPERT

Commented:
I still don't understand why people don't trip over this line (mostly because they don't even own a webcam???):

"I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!"

They KNOW they don't have a webcam, but still wonder and wonder if it might be true.

Though it would be funny that if I was wrong, and all these years I faced these questions from here on EE, colleagues, friends, customers, that all of them in fact have webcams, and they were all satisfying themselves in front of it.
noxchoIT Product Manager
CERTIFIED EXPERT
Top Expert 2009

Commented:
I received several times this email as well and just deleted it because I do not use a webcam and the text from linguistics point is too general. So ignore it and delete it.
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Delete + Ignore.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
One additional suggestion, if this is still your password for a site, you should change it if you did not when the compromised site notify you or forced you to change the password.

Andrew's link will help identify all the sites where your email address was used.

Author

Commented:
thank you all for your inputs; have a good day!

Explore More ContentExplore courses, solutions, and other research materials related to this topic.