Today when I checked my inbox, I saw an email titled “account was hacked”. Nothing unusual there. I often get people writing me saying that their account was hacked and asking for help. On second glance, I noticed it had one of my own email addresses showing as the “From” address. To be precise, it’s my @RomanceScamBaiter account. That was my very first site, and hasn’t been updated in years after being superseded by StupidScammers. First thought, “Oh crap, someone’s hacked the server”, followed a second later by “Oh hang on, I know what this is going to be”.
Sure enough, on clicking it I saw this:
account was hacked
I’m a member of an international hacker group.
As you could probably have guessed, your account XXXXXX@romancescambaiter.com was hacked, because I sent message you from it.
Now I have access to you accounts!
For example, your password for XXXXXX@romancescambaiter.com is XXXXXX
Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we’ve created, through an adult website you’ve visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we’ve gotten full damps of these data.
We are aware of your little and big secrets…yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..
But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one…
Transfer $700 to our Bitcoin wallet: 13DAd45ARMJW6th1cBuY1FwB9beVSzW77R
If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy.
I guarantee that after that, we’ll erase all your “data”
A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.
Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.
You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.
We’ve been reporting this kind of scam since August of last year. You can see the thread at https://scamsurvivors.com/forum/viewtopic.php?f=20&t=60846 and follow along with how the scam has evolved during this past year. Spoiler alert: It hasn’t changed that much at all.
Back to my email though. The first thing I did was check for a “Reply to” address, but unfortunately it doesn’t have one. It did however have an IP address we could check out. That leads to a mobile connection originating from Kosice in Slovakia. Checking out the Bitcoin reference shows that one person appears to have paid; not the $700 demanded, but around $90. Not much info that can be used unfortunately, but it does mean that I can now speak as someone who’s received one of these emails myself, and not just posted up ones others have sent us. What I can say is that the password is old. It’s VERY old. I haven’t used that account to sign up to anything in around seven years. It’s so long ago I can’t even remember what the password was for, which is a shame as I could have said what breach it came from if I could.
Now I’ve received one myself, can I call myself an “expert”?