Last Friday I received an email addressed to me using my name and address in the subject line with a pdf file attached named phil.pdf. I rarely ever open an email from a suspicious sender, but this caught my attention, as it seemed to be personally addressed, unlike a mass mailing.
I stared at it for a few minutes and, contrary to my own best advice, opened it. The following is the content of PDF letter attached: ( I replaced my home address in the letter with ##########)
……………………… Letter …………………..
PhilBaker,
Is visiting ########## a more effective way to contact if you don’t cooperate
Nice location btw
It’s important you pay attention to this message right now. Take a minute to relax, breathe, and really dig into it. We’re talking about something serious here, and I don’t play games. You don’t know me however I know you very well and right now, you are wondering how, right?
Well, You’ve been treading on thin ice with your browsing habits, scrolling through those filthy videos and venturing into the darker corners of cyberspace. I actually placed a Spyware called “Pegasus” on a app you frequently use. Pegasus is a spyware that is designed to be covertly and remotely installed on mobile phones running iOS and Android. And when you got busy watching those videos, your system began functioning as a RDP (Remote Protocol) which provided me with complete control over your device. I can look at everything on your display, flick on your camera and mic, and you wouldn’t have a clue. Oh, and I have got access to all your emails, contacts, and social media accounts too.
What have I done?
Been keeping tabs on your pathetic existence for a while now. It’s just your hard luck that I found your bad deeds. I put in more time than I probably should have investigating into your personal life. Extracted quite a bit of juicy info from your system. and I’ve seen it all. Yeah, Yeah, I’ve got footage of you doing embarrassing things in your house (nice setup, by the way). I then developed videos and screenshots where on one side of the screen, there’s whatever garbage you had been watching, and on the other half, its someone jerking off. With just a single click, I can send this garbage to all of your contacts.
What can you do?
I feel your worry and confusion. In good faith, I want to wipe the slate clean, and let you move on with your daily life and forget you ever existed. I will provide you two alternatives. Either disregard this warning (bad for you) or pay me a small amount. Let us understand those two options in details.
Option 1 is to turn a deaf ear my email message. Let me tell you what will happen if you opt this path. Your video will get sent to your entire contacts. The video is straight fire, and I can’t even fathom the embarrasement you’ll face when your colleagues, friends, and fam check it out. But hey, that’s life, ain’t it? Don’t be playing the victim here.
Other wise choice is to pay me, and be confidential about it. We will call it my “privacy fee”. Now Lets see what will happen if you pick this path. Your filthy secret remains private. I’ll destroy all the data and evidence once you come through with the payment. You’ll make the payment via Bitcoin only. Pay attention, I’m telling you straight: ‘We gotta make a deal’. I want you to know I’m coming at you with good intentions. My word is my bond.
Amount to be paid: $1950
BTC ADDRESS IS: 14MwvMrDvTNpuqvYtnfM2eMwJX41vF34aW Or, (Here is your Bitcoin QR code, you can scan it):
Once you pay up, you’ll sleep like a baby. I keep my word.
Pay Attention: You got one day to sort this out. (I’ve a special pixel in this mail, and right now I know that you’ve read this email). My system will catch that Bitcoin payment and wipe out all the dirt I got on you. Don’t even think about replying to this, it’s pointless. The email and wallet are custom-made for you, untraceable. I don’t make mistakes, Phil. If I notice that you’ve shared or discussed this email with anyone else, your video will instantly start getting sent to your contacts. And don’t even think about turning off your phone or resetting it to factory settings. It’s pointless.
Honestly, those online tips about covering your camera aren’t as useless as they seem. Don’t dwell on it. Take it as a little lesson and keep your guard up in the future.
…………………………………….. End of letter ………………………….
My first reaction was a bit of anger, then puzzlement, wondering how they got my information. That turned to amusement, blaming myself for taking this seriously. Our names and addresses are all over the web for anyone to find. I know that…….but what about that photo taken in front of my home? I quickly went to Google Maps and looked at the street view in front of my home and found the exact same image as in the letter.
I’m pretty tech savvy and very aware of many of the scams on the web, but this one fooled me for a minute or two. It’s a well crafted letter, written in good English, probably with help from AI, and contains a frightening, but conceivable story about being able to access our phones and cameras. And it likely took a little more time to create it, compared to the other spam mail that are typically mass mailings.
I still felt a bit of anger and thought about how best to respond. I knew not to respond to the sender, but I did want to report it. Most advice on Google suggests reporting it to the FBI. I filled out a simple form on the FBI’s Internet Crime Complaint Center at www.ic3.gov.
I thought no more of this for about a week, when a friend called me and said he wanted to tell me about an email his wife received. It was a similar threatening letter and they were about to go to the police with it. We compared our letters and they were almost word-for-word identical. That couldn’t be just a coincidence, and confirmed to me that this must be just another large extortion campaign that’s been unleashed. They just seem to get more brazen each time. Since I received the original I’ve received two more nearly identical emails from different addresses.
If you consider at the economics, you can see why these persist. For every 1000 letters they send out demanding $2000, they receive $20,000 for each 1% that responds.
I got one today and I had pretty much the same reaction, but I didn’t have to visit Google Maps / Street View to recognize the picture the scammer attached as taken from there. It’s good to know that the exact text I received was also sent to (likely) countless others, as this felt like a new step in the “scare people” tactic they’ve been using without this extra technique of the name, address, phone and picture of the house.
Thank you for posting this!
If you use a VPN, & an authenticator with your email, you would have known it was a scam, and the name on the pdf should also have been a clue not to open it. The problem with opening attachments or pdfs from unusual/unknown/unexpected senders is that they can contain malware, which can be a bigger problem.
I have received variations of this over the years — at least 5 years ago, perhaps longer. I looked into it, and came across something that led me to believe it is all a scam. The gist was similar to the one used with you — they claimed I was looking at a lot of porn and were going to send this information to my email address list if I did not pay up. Then for several years nothing. Then a few months ago, I got another variation of the same blackmail…just ignore it.