Last time it was “stupid”, this time it’s “greedy”.

Early this morning, I was checking my social media feeds and spotted this comment from Avast! on Facebook:

Earlier that day I’d picked up a copy of a newspaper that had an article on sextortion we’d worked with them on.  The last quote from me in that was “Don’t let shame kill you”.  Now I’m seeing this company publicly call victims of “all online scams” greedy.  They also posted it on their Twitter feed, but this time the wording was slightly different:

Not “All online scams” this time, but rather “Online scams”.  This shows someone took the time to edit the wording before posting it.  Due to this, we’ve made the decision to no longer recommend Avast!” antivirus on our site and have removed the links to their download page from both our steps and the “read this first” thread.  We’ve also removed their software from our own computers and switched to a different company.  It’s a constant struggle fighting the “victims are stupid and greedy” myth, and posts like this only make it harder.  Now we’re not denying that some people get caught up in scams due to their own greed, but many become sucked in due to naivety, desperation, even the desire to do good.  Are charity scam victims greedy?  Are “work from home” scam victims greedy?  Are romance scam victims greedy?  What about the victims of hitman scams?  Grandparent scams?  Phishing?  “Tech support” scams?  I could go on.  Dismissing all scam victims as greedy is not only lazy reporting, but puts victims at risk.  We at ScamSurvivors refuse to support anyone who makes such sweeping, harmful statements.  We should all be better than that.

Who do people insist on using the “S” word?

Almost every interview I do, I make a point of saying that scam victims aren’t stupid.  Naive maybe, uninformed, possibly unaware, but not stupid.  Today I see someone again refer to scam victims as stupid, and it pisses me off!  What made this one worse is that it was an “industry insider”.  We have a hard enough time as it is trying to shake perceptions that scam victims are greedy or stupid as it is, without having to fight people within our own ranks who feel it fine to throw this kind of crap around.  I’ve met scam victims face to face on many occasions, and not one of them could be described as “stupid”.  I’ve met people who ran their own companies, who were smart, well spoken and who had simply made an error of judgment.  But yes, let’s go the lazy route and joke about “stupid victims” shall we?

Ways to help spot a phishing email.

Recently I had a conversation about phishing emails on Twitter.  Today a perfect example of a phishing email to use for a tutorial popped into my inbox.  Phishing emails are ones that try to fool you into clicking on a link a scammer has control of, while thinking you’re clicking on a completley different one (your bank for example).  It could be to trick you into giving them information or to load a virus on your computer.  Let’s pick the one I have apart to see the signs that it’s a scam.  Firstly, if you receive an email with links, the safest thing to do is not click on it.  If you get an email from your bank etc. and you’re worried, then go directly to the site itself rather than click on the link.  However, some of us like digging deeper.  Some of us even go as far as to get as many details as we can so we can attempt to get the fake site shut down.  This is for the more curious of us.

The very fact I received it at an address specifically set up to collect scam emails tells me it’s fake.  However, we’ll skip over that fact and look at the email itself.  I’m using a PC to do this.  Those using touch screens won’t be able to do all these steps, but can still do some.  Here’s a screen grab of the email in question.  If you click on it, you can see a larger version.

Even from this, it’s obvious to me it’s a scam.  Take a look at the email address.

Why would “Diamond Bank Plc” send out an email from a completely different domain?  The scammer could have faked the email address to make it appear as if it had come from the bank, but didn’t in this case.  That site used in the email actually does exist, and has been around for a while.  It’s likely the scammer has hacked into the site to use as a way to send out emails.

Let’s hover over the link.  This is the single step you usually see as advice, but as you’ll see, there’s much more an inquisitive mind can do.  Hovering shows up a completely different link.

Gee, that’s not the bank’s address now, is it?  Scammers can alter the link to make it appear as if it’s genuine.  Not in this case though.  This is a nice, easy one to spot.  The site is genuine and likely another one hacked by the scammer (or hacked by someone else and the details sold to the scammer).

What next?  Well, let’s take a look at the bank’s logo.  By right clicking on it and copying its address, we get this link.

https://ci4.googleusercontent.com/proxy/8iaLuXT6miPo0hQH8VyUz38=
sz0XuF3lJ0TOfYnud9xblce1XitvZBJGik6UVx__Yz5I3t0dKj_T3e1DcuoJMEOLe9kmcJNUlaX=
78zsTdp7eKfizCuYDES3RYiKxqhA=3Ds0-d-e1-ft#http://www.diamondbank.com/wp-con=
tent/themes/diamondbank/images/logo.png

The image link is from a Google search and not the actual site.  Real emails would link directly to the actual image on their own server.  Some scammers do that of course, so while it’s something to check, don’t take it as being genuine just because the image is from the right place.  Everything we’re doing are pieces of a picture, one that’ll show the email to be a scam.

Now, here’s something cool regarding that image.  When I took its location, stripped out all the Google stuff and put it into my browser, the way the word “content” is broken up throws up an error page.  Want to see it?

Click here to see the magic. The link will open in a new tab.

See, I told you it was cool!

We haven’t even looked at the headers yet.  Let’s do that now to see what we can see.  My catcher account is a Yahoo one, so I click “More” and “View raw message”.  Other accounts may have “Show original”, “show headers” or something similar.  What you should see at this point is a lot of text, most of which will look like garbage.  We’re going to look at a few things here, and let’s start with the originating IP address.  This can be another piece of that picture if we’re lucky.  IP addresses in headers are a clue to the route the email took to get to you.

The IP address in this case is 173.236.35.66 so let’s look it up.

Let’s look around for another IP address to see what that gives us.  Your location will be on the top, theirs on the bottom.  Sure enough, we find one last IP address just below the one we showed earlier.  You can ignore the one starting with 192.  That just an internal number that identifies the computer to any other devices connected to the router.

Before we get to the other IP address, did you spot that site address, and did it ring a bell?  It’s the same as the details from the previous IP address.  We’ve now got three possibly compromised websites listed.  OK, so back to the new IP address.  Where does that lead us?

Now there’s a place we all recognise as a hot bed of scammer activity.  Seems we’ve found the actual source of the email at last.  We’re not in an episode of CSI though, so we can’t go any further than that on the IP address route.  Time to move on to see what else we can find.  How about those links?  We’re going to look at the coding of the links.

For those with an understanding of HTML, there’s no need for me to explain.  For those without, ignore all that stuff in the square brackets.  The only things you need to look at are the links. The link you’ll be taken to if you click it is in the quotation marks, and the text you’ll see on the link to make it appear legitimate is next.  That could say anything at all, but the scammer used a web address to make it appear on first glance that’s where you’ll go if you click it.

So, what did we get out of this phishing email?  Hovering showed us it was an obvious fake, but more digging not only showed us where the scam was sent from, but gave us a list of three different compromised websites and let us see the code the scammer used.  Hovering can work in detecting an obvious fake, digging deeper can show you so much more, but not clicking on any links you receive in emails or messages will 100% guarantee you, your data and your computer remain safe.

Burn-out…

Sooner or later all of us in the Anti-scam community will suffer from burn-out at some level. For those who do not work in the Anti-scam community think of what we do as a second job. One that you never get paid for in money but only in the satisfaction of doing the right thing. I have worked more than one 8 hour night after working my real life job during the day doing Anti-scam activities. It can be fun posting Scammer information and doing whatever I can to hurt the scammers and help victims find out that they are being scammed and get them back into the real world outside of the scam. But doing this can also wear you down at times. It is no fun hearing a victim tell you that they sent their life savings to their scammer. It is no fun getting an E-mail from a victim who says they took out a loan so they could send the money to their lover ( the Scammer) and will spend years paying that loan back.
So what keeps me going?
One is that I work with a great team here at Scamsurvivors.com. We all work hard to keep this site up and running and helping victims. Knowing there is a great team of people I work with here makes the work I do easier. But in the end, it’s about helping the victims. It’s about helping those people who have lost everything to the scammers and need our help. Its about posting scammer information so people can find it in a Google search and be warned about the scammer. We do this for the countless victims that we have helped and can post on our website that they are out of the scam and will be ok and those who never will post on our site that we helped them.

New and improved, or just repackaged?

More and more we’re seeing so called “experts” announce some “new” scam that are in fact nothing more than old scams with a slight twist.  The latest one is an email sent out with the person’s password and a claim that their computer has been compromised and footage of them visiting porn sites have been made.  The email starts with this sentence:

I’m aware that XXXXXX is your password.

That part’s new, but it’s the only part of it that is.  The rest is identical to emails we’ve been receiving for almost a year.  You can see the thread in question at https://scamsurvivors.com/forum/viewtopic.php?f=20&t=60846

It’s the same format, same threats, even the same method of payment.  This evolution comes about due to the scammers using hacked lists that feature email addresses and passwords.  Here’s samples, first of the ones we received way back in September of last year, then of one of these so called “new” emails.  See if you can spot the similarities:

All in all- if you want me to destroy all this compromising evidence, here is my BTC wallet address- 16NqZUQSH8VbJSzn8Hj1W7dU3geSQ7AehM (it must be without «spaces» or «=aquo;,check it). If you do not know how to use it, you can ask google or youtube for help- its very easy. I suggest, that 290 usd will finish our problem and will destroy our touchpoint in perpetuity. You have thirty hours after reading this message(I put tracking pixel in it, ill know when you read it). If you wont finish transaction, ill share the compromising with all contacts I’ve collected from you.

Now the second one:

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google) .

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72

(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email

The amounts change, the Bitcoin address changes, but the threats pretty much stay the same.  They even both mention the “tracking pixel”, though one calls it “an unique pixel”.  This “new” email suddenly doesn’t look so new, does it?  Let’s go even further back and look at the emails that were sent out after the Ashley Madison hack back in 2015.  This thread is at https://scamsurvivors.com/forum/viewtopic.php?f=20&t=38976 if you want to check it out.  How do they compare?  Let’s take a look at a snippet of one of those emails:

 If you would like to prevent me from sharing this dirt info with all of your friends, family members, spouse, then you need to send exactly 1 bitcoin (BTC) to the following BTC address:

Bitcoin Address:
19qbfGUPRTvZ9yAtRNusbLdyg5Pbe6DSK 4

We are providing a chance to solve this case. You make a payment to the above mentioned btc address. The time ends in the next 24 hours. We will not publish your data and we will not inform your contacts.

You can get bitcoins at an exchange like Expresscoin.com, Localbitcoins.com, Clevercoin.com, Coincorner.com, Coincafe.com, Coinbase.com, Circle.com or a Bitcoin ATM machine Coinatmradar.com.

If you pay within 24 hours of receipt then we will delete your record. No payment? Then you will see what happen after this period. Once this period has expired, we can’t do anything more for you. Our website is launching soon. We will surprise your family, friends and colleague with it. We will give you this one last chance.

You may be wondering why should you and what will prevent other people from doing the same, in short you now know to change your privacy settings in Facebook so no one can view your friends/family list. So go ahead and update that now (I have a copy if you dont pay).

Suspiciously familiar isn’t it?  Now tell me again about these new scam emails that are doing the rounds…

What do a sexortion scammer’s threats look like? Here’s an example.

Do not try to cut the cam or stand up otherwise I think you’ll see me act in the minutes that follow.

Listen I remind you that your video is 55% on the site www.youtube.com

So to avoid any sort of problem I just give you 2s to restart this cam or I swear I’ll start publishing your video.

Would you really like this video of you to be well and truly accessible to all your friends and loved ones without forgetting your friends? I SWEAR TO SWEEP THIS VIDEO OF YOU TO ALL YOUR FAMILIES FRIENDS CLOSE TO YOUR CLOSE IN THE OCCURENCE AND WELL HEARD WITH ALL YOUR COLLEHUES TO THE MEDIA WITHOUT DOUBT IN THE PRESS THEN IF YOUR NOT WANTED THAT THE SALES YOUR NAME AND YOUR IMAGE TO THE EYES OF ALL DOES WHAT I ASK FOR YOU

Would you like me to send this to the inhabitants of all your present city and to the media like the FIGARO?

Believe me I’m more than determined to rot your life Make your life a shame, a disgrace, a hell, a real disaster, a hell on earth and also I remind you that I’m heartless I have no pity for rot a life and if you have doubts, try and you’ll see

I’m more than determined to rot your life to make it a waste, a garbage can, a shame, a disgrace, a real disaster, a hell on earth and also I remind you that I am heartless I have no pity for rot a life as well as yours.

So tell me, Would you like this video of you to be shared on all these online video sites such as:

www.france24.fr
www.youtube.com
www.tv5.fr
www.tf1.fr
www.hotmail.com
www.msn.messenger.fr
www.twitter.com
www.wat.tv
CTV Television Network
www.youtube.com
Canal +
LCP AN / Public Senate
BFM TV
RMC Discovery
Number 23
Antenna 2
The Parliamentary Channel
NT1
Europe 2 TV
RMC Discovery
Canal +
euronews
Sport Stars Trace

You would like, that this video of you is shared on all these sites I listen to you ??????????

You would like this video of you to be shared on all these sites
I’m listening to you???????????

You want to have a limited freedom because I would not hesitate also to make you famous also in all the NGOs that fight against these kinds of practices of sexual exhibition in lines present in your locality like these person on the pictures I listen to you.

so if all of this seems like you’re having fun, then go, try to play hard, hold my head or even try to play the fugitives and you’ll see if I lose a single moment sharing this video from You with your knowledge and place of work XXXXXX I guess that’s what you want ??

I will send to your contacts the link of your video on youtube and I will create profiles in your name with an image of you extracted from the video and I will also send this image by fax to the tradesmen of your district. I am able to make all that you know?

Believe me I’m not kidding because I would not hesitate a second published this video of you all over the web by placing it on all the major online video sharing sites of the world

I am the devil who is just there to rot you, so you can never escape from me wherever you go, if you try to play hard and run away you will regret it all your life.

In spite of that I would put everything in my power so that the media and the newspapers make noise on you and your video and I will make of you and your video an encyclopedia because your video to harden me enough to rot your life.

Would you like it to be within the reach of all the inhabitants and also to all the inhabitants of your current city: XXXXXX?

According to article 227-23 of the French Penal Code which incriminates any representation (drawings, virtual images, etc.)
You are accused of insulting the public morals of a state, of perverse acts and of pedophilia.

you know very well that this act that you have just made is illegal according to the article 25 of the law 765465 of the 7 OCTOBER, You will be locked up of 5 years of prisons and followed of a fine of 75.000 €.

Would you like this video of you to be published worldwide?

0k Well, if you have this idea to go to the police or gendarmerie run quickly and do it, mas know one thing there you will only make the situation worse and you will pushed me to the end, I swear that people do not will be able to prevent me from diffused, shared, published this video of you in all the world and put it with the port of all your

It’s not just sex that needs to be done safely.

I’ve just read an article on someone playing with romance scammers, and feel the need to point some things out.  It’s safe to say I know a thing or two on the subject, having baited my first romance scammer back in 2006.  Back then it was a different beast, as almost no one was dealing with romance scammers, so we had to learn as we went along.  We made mistakes, but learned from them and became better and safer baiters for it.  The one big thing we learned was never to use our own identity to bait scammers.  Everything from our date of birth to our pet’s name would be made up.  Locations were fictitious and photos would be taken from mug shots and the like.  Even when I do interviews, I use a fake name even if I have to show my actual face.

Now imagine my surprise when I read a story today that had someone using their real details to bait scammers.  Name, photos and location.  Seriously?  This is stuff we realised a dozen years ago was a bad idea, yet people still do it and the media praise them for doing so.  Me, I’m sticking to keeping everything fake and keeping myself safe thank you very much.

How easy is it for a scammer to fake stuff?

It’s a common question we get asked, and the answer is a resounding “very”.  Let’s take a few things and explain why they’re so easy.

A phone number – There is literally “an app for that” when it comes to spoofing phone numbers.  I made a video about a year ago showing my mobile phone being called by what appeared to be the White House.  If you haven’t seen it, here it is:

Email addresses – Now this one has multiple ways of being achieved, but can be done by something as simple as putting an email address into the name of the email account.  If I use theprez@thewhitehouse.com as my name on a different account rather than an actual name, people would see that and assume it was coming from that address.  See, I said it was simple.

A photo – Image manipulation software has been around for years, with the most well known being Photoshop to the point that altered images are quite often referred to as having been “Photoshopped”.

A voice – Again, with nothing as complicated as a voice morphing app, you can change your voice to sound completely different.  Scammers love using them to sound female, and Slaphappy loves using it to sound like a chipmunk.

Webcam – The software to fool programs like Skype into seeing a different input as a webcam has been around for at least a dozen years now, and was one of my favourite tools back in 2006/2007 as part of my dealing with scammers from the Philippines.  Throw in some screen capturing software and you have the sextortionist’s toolkit.  It’s not rocket science, and it doesn’t take a master hacker to do it, no matter what the scammers say.

See, it’s not difficult.  Most of the tools have been around for years.  It doesn’t take a rocket scientist to fake stuff.  In most cases, all it takes is a bit of free software.

What can YOU do about scams?

Not everyone can set up a website, join a campaign or appear on TV talking about scams.  There’s a much simpler option out there, and that’s to simply talk about scams.  Talk about them with your family and friends.  It doesn’t cost anything, and if you don’t want to say you were scammed then you don’t have to.  “Did you see that program on TV?” or “Have you heard about that scam that’s doing the rounds at the moment?” is all you need to open up the subject.  Not everyone knows about scams, and someone who may know about one type may not know about another.  Discussing it may save someone you know from losing a fortune, so what’s stopping you?

Time to quote some Doctor Who.

Firstly, some quick background.  I discovered Doctor Who at the age of 5, and have been a sci-fi fan for the 40+ years since.  Every year, my wife buys me a Doctor Who calendar for my “office” wall.

On a seemingly unrelated subject, a question I’m occasionally asked when speaking to journalists is “Dealing with scammers every day must make you suspicious of people”, and they seem surprised when I tell them the answer is in fact quite the opposite.  If anything, it makes me want to trust people more.  I expect scammers to lie, and am never disappointed.  However, the people I deal with on a daily basis out in the “real” world shouldn’t be tarred with the same brush as the scammers in my eyes.  It may seem naive, especially given what I do, but assuming everyone is lying to me would make me bitter and twisted, and I refuse to let the scammers do that to me.

What does this have to do with the calendar?  Each month has a quote from the associated Doctor (first for January, second for February and so on).  This month’s quote comes from the fifth incarnation, and it goes like this:

“I think it does us good to be reminded the Universe isn’t entirely peopled with nasty creatures out for themselves.”

Words to live by.