When Scammers Come Knocking…

Krebs on Security recently wrote about investigations into the wave of extortion spam doing the rounds. As chance would have it, I recently started receiving these emails myself. I’ve had three, so far, over the last week or so. All from the same @yahoo.jp email address (obviously not the real origin), and all with slight variations on the same message, and a unique Bitcoin wallet each time. For example:

These are the first few mail systems used by the most recent message, before the message reaches my own setup:

Interesting things to note:

  • The password given must be from the Tesco data breach – I remember that one as their sign-up form cut off part of the password I had typed in – I don’t remember being a Tesco Bank customer, but I have used their online grocery store, and I assume it’s all the same login system.
  • The amount they want paid has decreased over time – it started at $3000, the most recent email is $1000
  • Similarly, the number of friends they threaten to send their “recording” to has gone from 9 to 5. Perhaps the scammer is testing at what “level” they get the most returns?
  • The English is good, but not quite native-speaker level.

Given I already know this is a scam (and I don’t even have a webcam attached to my PC, for another thing… 😅), I’m not exactly a prime “mark” for this. But I can easily see how some less clued-up person could be scared into handing over their savings.

[Addendum] – as I’ve been writing this, a fourth email has arrived. Same sender, same basic message, but this time asking for $5000, and threatening to send to 14 friends.

Update:- I added some of the mail headers to the post, for a bit more information.