The media seem to love the term “vigilante” when it comes to anyone in the anti scam community. Some may love it, but we definitely don’t. It implies doing things outside the law, and that’s not how we work. There have been times when the police have approached us asking us to explain how we managed to identify a scammer’s real details. It would be impossible to do that if we in any way did anything that wasn’t completely legal. Likewise, when the media contacts us, we have to be able to jump through numerous hoops to keep their legal departments happy. Most of the time we even have to prove that it was the scammer that contacted us first so we can’t be accused of entrapment. In short, we have to be whiter than white and be seen to be so. That’s why seeing the media bandy round the term vigilante drives us round the bend. We’re not Batman. Most of the time we’re nothing more than people sitting at a desk copy and pasting information between Google and our forum. It’s not exciting, it’s not glamorous and it’s definitely not vigilantism.
Nothing to report. Seriously, there’s not been anything exciting or even remotely interesting to post about here. Is that a bad thing? Nope. We’ve had no issues, no threats, nothing major to complain about and nothing to write about. I mean sure, we’ve had a few gripes, but not anything worth kicking up a fuss over. There’s some news on the horizon, but we’ll talk about that when it happens. Until then, this post is the equivalent of “9am and all’s well”.
Today when I checked my inbox, I saw an email titled “account was hacked”. Nothing unusual there. I often get people writing me saying that their account was hacked and asking for help. On second glance, I noticed it had one of my own email addresses showing as the “From” address. To be precise, it’s my @RomanceScamBaiter account. That was my very first site, and hasn’t been updated in years after being superseded by StupidScammers. First thought, “Oh crap, someone’s hacked the server”, followed a second later by “Oh hang on, I know what this is going to be”.
Sure enough, on clicking it I saw this:
account was hacked
I’m a member of an international hacker group.
As you could probably have guessed, your account XXXXXX@romancescambaiter.com was hacked, because I sent message you from it.
Now I have access to you accounts!
For example, your password for XXXXXX@romancescambaiter.com is XXXXXX
Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we’ve created, through an adult website you’ve visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we’ve gotten full damps of these data.
We are aware of your little and big secrets…yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..
But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one…
Transfer $700 to our Bitcoin wallet: 13DAd45ARMJW6th1cBuY1FwB9beVSzW77R
If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy.
I guarantee that after that, we’ll erase all your “data”
A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.
Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.
You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.
We’ve been reporting this kind of scam since August of last year. You can see the thread at https://scamsurvivors.com/forum/viewtopic.php?f=20&t=60846 and follow along with how the scam has evolved during this past year. Spoiler alert: It hasn’t changed that much at all.
Back to my email though. The first thing I did was check for a “Reply to” address, but unfortunately it doesn’t have one. It did however have an IP address we could check out. That leads to a mobile connection originating from Kosice in Slovakia. Checking out the Bitcoin reference shows that one person appears to have paid; not the $700 demanded, but around $90. Not much info that can be used unfortunately, but it does mean that I can now speak as someone who’s received one of these emails myself, and not just posted up ones others have sent us. What I can say is that the password is old. It’s VERY old. I haven’t used that account to sign up to anything in around seven years. It’s so long ago I can’t even remember what the password was for, which is a shame as I could have said what breach it came from if I could.
Now I’ve received one myself, can I call myself an “expert”?