I routinely receive scam emails, most of which are automatically filtered by my internet service provider, with many of the remaining being automatically filtered by my email client. However, one which landed in my inbox last week caught my attention because it cited my credentials - i.e. a login/password combination that I use - in the subject line and in the body of the email.
The email content was a long dissertation claiming to have placed malware on an unnamed but disreputable website which the blackmailer claimed I visited. This malware purportedly enabled the web browser to operate as a “remote desktop with a keylogger”, supposedly allowing him to view my display screen, access my web cam to videotape me, and to access details of all of my contacts.
The blackmailer threatened to release an embarrassing video to all of my personal contacts unless I paid $7,000 in Bitcoin, exhorting me to “think about regarding the humiliation that you receive”.
Naturally, I just deleted the email, but it strikes me that this strategy of inflicting shame and mortification is probably quite successful for blackmailers by embarrassing potential and actual victims into remaining silent.
So I’m using this opportunity to get the message out there to people not to believe the assertions of such emails and certainly not to give in to threats like this.
A former colleague who recently migrated to Australia received a phone call purportedly from the Department of Immigration advising him that his visa application - previously approved - was now deemed to be invalid due to a clerical error. He recognised the caller ID as the Department of Immigration’s phone number so believed the call to be legitimate. He was told that, if he paid a substantial fee via cash transfer, the matter would be resolved. He paid it and it turned out to be a scam. This was a matter of considerable embarrassment to him, let alone the financial loss, though he did report the matter to Police.
In my case, the credentials referenced are those I use for various recruitment websites so my credentials and contact details were probably harvested from the recent PageUp data breach. I’ve since trawled through the sites and changed my password. At the time I received the email, I reported it to ScamWatch.
On the evening after receiving the email, my landline - which rarely makes a peep - was ringing hot. I have no idea if it was my dear extortioner (who had given himself the charming moniker of “Vilhelm Grabar”) but I didn’t bother answering the phone.