A fake ransom request  

By now, most Internet users have heard about ransomware and ransom requests via Internet. For spammers who lack sufficient hacking skills, it is a simple matter to attempt a scam in which they pretend to have hacked your computer, and ask the payment of a ransom for not spreading private videos of you in "compromising" situations in front of your webcam. In the vast majority of cases, they have no video and have not hacked your Facebook account and computer, and they are only hoping that you are sufficiently anxious about the video being spread to your contact list that you might actually pay without analyzing the situation and the likelihood that what they say is true.

For example, this is a ransom request I received very recently:

Ransom request
Text of ransom request.

One first thing to note is that the text of the ransom request was sent as a JPG picture, probably to avoid the message being flagged as spam. My e-mail software (Thunderbird) did flag it as probable spam because the message contains only a picture, and no text.

Further points of interest:

  • The text contains a large amount of grammar, syntax and spelling errors, as well as poor general English form. It was obviously not written by a person with a significant education, let alone a formal training in writing. The writer even tacked a question mark at the end of the last sentence, where it makes no sense. Easily observable technical details in the source code show that the ransom demand was sent from an Android device, which would not be my first choice for careful word processing.
  • At a superficial analysis, the e-mail does appear to come from one of my e-mail accounts. However, a quick examination of the logs on my e-mail server shows that no such message was sent from my account. The sender only spoofed my address, which is a rather simple thing to do and can be done by scripting (so the same message can be automatically sent to each and all addresses on a long list). This is a first indication that the message is in fact just a mass mailing, no different from spam.
  • The ransom request contains absolutely no proof that the sender is in possession of any private information on the destinatary (or any information at all, except the e-mail address - which in my case is publicly available). Probably hundreds of millions of persons in the world engage in solitary sex and/or visit porn sites (and neither of these activities is a crime), so it is easy for the sender to cast a wide net in the hope of netting a few easily embarrased persons. I do not visit porn sites except by mistake or by following misleading links, and normally I don't have a webcam connected to my computer, which makes the claims in the ransom demand even more unlikely.
  • A careful examination of the source code of the e-mail message shows that it does not contain any link to Facebook. It only contains the picture shown above, as an encoded binary file in the text. The claim that the sender is using "a Facebook pixel" to detect that the message has been read is therefore just an empty threat, and removes any remaining credibility from the ransom request. In any case, most e-mail clients can be configured to never automatically access web contents unless the user gives consent. Thunderbird is configured by default in this way, so it never automatically accesses Internet contents unless its configuration is manually changed.
  • The instructions to "copy and paste" [the Bitcoin wallet address] make no sense, since one cannot copy text to the clipboard from an image. This proves that the ransom demand was hurriedly written, without much attention to simple logic and common sense. This makes it difficult or impossible for inexperienced users, who are the most likely to be fooled by this ransom demand, to follow the instructions and make the payment before having time to think twice.
  • One detail worth mentioning is the "co-workers" in the last sentence. Most people have co-workers, but I have none. I am retired. One more detail that shows this is not a true ransom request, but just a variety of Nigerian letter/spam.

One thing that may help to identify the would-be scammers or bind them to other ransom demands is their Bitcoin wallet address. I can easily tell, for example, that at the time of writing the Bitcoin wallet address of the spammers has not received any transactions, so their goal has failed (at least with this wallet):

Ransom request
Transactions on the spammers' Bitcoin wallet.

I am pasting below the ransom request OCR-converted to text, including the address, so that it can be stored by Google Search and other web crawlers and made available in public web searches. This might be useful to others who have received ransom demands with a similar text and/or the same Bitcoin wallet address:

This account has been infected! Modify your password immediately!
You probably do not heard about me and you may be most probably wondering why you're reading this email, right?
I'mhackerwho crackedyour email boxand all devicesseveral months ago.
It will be a time wasting to attempt to talk to me or alternatively seek for me, it is hopeless, since I directed you this message from YOUR account that I've hacked.
I developed malware soft to the adult vids (porn) site and guess you have spent time on this website to have a good time (think you understand what I want to say).
While you have been keeping an eye on video clips, your browser started out operating as a RDP (Remote Control) with a key logger that granted me authority to access your desktop and netvork camera.
Then, my software programgatheredall info.
You entered passcodes on the sites you visited, I caught them.
Surely, you'll be able to change them, or possibly already changed them.
But it really doesn't matter, my program renews information every time.
And what I have done?
I compiled a reserve copy of your system. Of all files and contacts.
I formed a dual-screen videofile. The 1 part presents the film you had been watching (you have a very good preferences, wow ... ), the 2nd screen displays the recording from your own webcam. What actually should you do?
So, in my view, 1000 USD is basically a reasonable amount of money for our very little riddle. You will make your payment by bitcoins (if you do not know this, search "how to buy bitcoin" in any search engine).
My bitcoin wallet address:
1FKD6ujjGrh2vY4nPaxyUJTRpAKq7qpDjH
(It is cAsE sensitive, so copy and paste it).
Warning:
You have only 2 days to send the payment. (I built in an exclusive pixel to this letter, and right now I know that you've read this email).
To tracethe reading of a letterand the activitywithin it, I usea Facebook pixel. Thanks to them. (That whichis appliedfor the authorities may also helpus.)
If I fail to get bitcoins, I will certainly transfer your videofile to all your contacts, such as family members, co-workers, and many more?

Needless to say, I simply ignored the ransom request except for sending a polite heads-up e-mail to an e-mail service which, based on the e-mail headers, might have been hijacked to send the ransom demand. It is now well past the "deadline" of the scammers, and nothing further has happened.



Distribution of page hits (whole site) during the last month.
Provided by clustrmaps.com

Number of page hits (whole site):

web counter
web counter

This site is ad-free. If you see any ads here, they are added by your ISP, or by spyware on your computer, or you are visiting this site through frames of another site.