Email Ransom Scam

In my book Guarding Against Online Identity Theft, I warn that scammers often rely on emotional triggers. To that point, you may encounter an email message that, for all appearances, seems to have been sent from your own email address:

Have you seen lately my e-mail to you from an account of yours? Yeah, that merely confirms that I have gained a complete access to device of yours…… transfer $1220 in Bitcoin equivalent to my wallet….The time for you to perform the transaction is 2 days (48 hours).

How can that be!!!!????

Well… it isn’t. First of all, I need to say, don’t be fooled. Faking the “from” email address is as simple as changing the “reply to” in an email program and there are simple ways a hacker can automate the process for thousands of email addresses. That’s what comes from sharing your email address too much. If the address used is an alias… by definition, there is no password to be compromised. An alias is a “Send to” only.

Even if the hoax were true, if your email account is hosted as a part of your web site, you are still in control. If it makes you feel better, you can change the password or direct your web host to make that change. When the the account is Gmail, Yahoo or AOL, you still have control though the respective customer support functions.

I have collected a video on the left screen where you enjoy wanking, while the video on the right screen shows the video you were watching at that point of time.

… There is no video.

If, get to know that you tried to send this message to anyone else, I will distribute your video as described earlier.

The first clue was the bad English translation with definite oriental flavoring.

A Google search of the provided Bitcoin wallet address reveals a dozen references to the scam. Further investigation of the actual reply-to address reveals the IP address of the scam source and a quick check at shows the source is Beijing, China. You can check it yourself here.