Posted on

Common bluff ransom notification – Emailed that a threat actor has dirt on me aka Sextortion

I recently had a friend reach out to me about a ransom email they received. This is very similar to an email I received and posted about HERE. The gist of it is, a threat actor claims they have compromised your system and has a recording of you doing something unpleasant, which they will blast to your contacts if you don’t pay them. You can pay them, and the problem goes away, or they will ruin your life by exposing the collected evidence.

What is key is how the threat actor convinces you they have what they are claiming. In my situation, they showed me “evidence” of exposing my username and password. Everything else was story telling meaning they explained how they infected my system with malware, recording things, and bla bla blaba. The only actual thing they showed was the username and password. I found that evidence very old and assume it was obtained from the large data dump of username and passwords posted on the darkweb. It is common for user account data dumps to occur, which is why the security industry recommends to continuously change passwords as well as use multifactor authentication so a stolen password can’t lead to anything.

For my friend’s example, they provided his full name, address and phone number. The followed it with “we could call you or visit your home but …. ” meaning they are auto filling these fields before sending out the ransom note. If you think of it this way, obtaining somebody’s phone number and mailing address really isn’t hard. Everything else in this note (shown below) is generic. They aren’t showing a sample screen show of the recordings they have because … they don’t have it.

I advised my friend to ignore this as well as warned the risk of opening a pdf from a threat actor. That action alone could cause his system to be compromised. Regardless, this specific threat isn’t real and my advice is to still reset any passwords as well as make sure multifactor is enabled for any social media, email, or other sensitive service.

One final thing to note is where the email came from. The sender is somebody that should automatically be moved to a spam email box. Its a hotmail account that looks like garbage while the user is Emmey Person. So again, just another red flag that you likely wouldn’t even need to know this is all bs. I could go deeper into doing a threat hunt / research on the sender but its just not worth the time.

Hopefully this gives you a heads up on this scam so if you ever run into it, you know to just delete the message.

Related posts:

No related posts.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.