November 20, 2018

It’s one one the oldest tricks in the book.

“I know what you’ve been up to. Leave £50 in used notes in a plain brown paper envelope behind the pipes in the men’s cloakroom on Shrewsbury station and we’ll say no more about it. If you don’t then I’ll tell all your friends and colleagues just what you’ve been doing.”

Here’s an email I got recently, apparently from M****lle D***s (aussie********

I thought long and hard before redacting the email address and name. My initial feeling was that I should publish and be damned. The I came round to the idea that its owner was just as much a victim as anyone else in this situation. Permanently identifying it as a scammer’s would remove the ability of its owner to recover from this, should she manage to regain control of the account from the hacker.

You can visit the police station but nobody will help you. I dont live in your country. It means they can not catch my location even for 4 months. Your system is controlled by my malicious soft. We turned on your webcam, during your porn-site visit. Now we have the video material with you, caressing yourself. Having VNC session we copied all your contacts and if you ask us to delete this compromising evidence I need to win 510 USD in bitcoins. Use this bitcoin address for payment ( 13jug4nwCXEDGMvoLQ8RY9NAMJfMA7SHq1 ) (something like a credit card number) You have 24 h after you open this message for making the transaction. It is not necessary to tell me that you have paid. This bitcoin wallet was connected to you, everything will be removed automatically after payment verification. You can get 48 h only write back +. Good luck. Think about the disgrace.

Hmm, nasty and potentially scary.

A few Google searches will reveal this to be the scam that it so evidently is. But sometimes it’s hard to think straight when threatened so take a step back and consider the claims in order:

  1. We turned on your webcam. I don’t have a webcam.
  2. …your porn-site visit. Not me, guvnor.
  3. We have video [of] you. Good luck with that. See above.

See, if they did have video, the easiest thing in the world would be include a frame from it to add credence to their claims.

Sometimes they will include a password harvested from an old breached account like this one

It is technically possible to hijack a web cam, so if you have one built in, do like Mark Zuckerberg does and tape over it when not in use. Then click delete and consign the latest scam from the scum to the bit bucket. Then breathe deeply, go off and enjoy a nice relaxing cup of tea (other beverages are available) and get on with the rest of your day.

Do NOT send them any money. By doing so you’ll likely end up on a mark list as someone easy to scam. Then the floodgates would truly open.

Stay Safe™