Monday, July 16, 2018

F*(%ing Scammers

Many of you know that my Grandma was scammed out of many, many thousands of dollars and her piece of mind. In fact, Mom's pretty certain that Grandma chose death over going home, because the scammers had her convinced that they would kill her family and/or burn her house down if she didn't come up with more money. Yeah, they're assholes.

However, because of the scammers, we've been pretty vocal about trying to educate people about scammers. Sometimes, examples just fall into your lap. Like the email I received yesterday from Heath Willis (whjeffrystz @ I'm going to post it in its entirety and add comments that I hope you'll find helpful.

I will directly come to the point. I know that hxxxxxxx3 is your password. (Former password, I've changed my password several times since that was my password. I also don't ever use the "remember password" function on any devices.) Most importantly, I know your secret (Generic, he's playing on people's guilty conscious. Most people have said or done something they wish no one would ever find out about, no matter how small or innocent.) and I've evidence of it. You don't know me personally and no one hired me to look into you. 

It is just your hard luck that I stumbled across your bad deeds. In fact, I setup a malware on the adult vids (pornography) (hello, everyone's greatest fear - getting caught watching porn! The pearl-clutchers will keel over just reading this threat) and you visited this web site to experience fun (you know what I mean). While you were busy watching videos, your web browser started out operating as a Rdp (Remote control desktop) that has a keylogger which gave me access to your display as well as cam (just enough technical information that it sounds extra scary). After that, my software obtained your entire contacts from your messenger, facebook, as well as email. (This is where people get really nervous - who wants their co-workers, family, and friends, not to mention casual acquaintances to even *think* they've looked at a porn site?) 

Next, I gave in much more hours than I should've investigating into your life and generated a two screen video. First part shows the recording you were viewing and second part shows the recording from your web camera (its you doing nasty things). (This is really rich, because I disable all of my web cameras AND cover them with tape. I do have two cameras that aren't covered (phone and tablet), but they are disabled and require permission to enable them. Go ahead, send out the videos of the back of the piece of tape. )
Honestly, I am willing to forget all information about you and let you continue with your regular life. And I will give you two options which will accomplish this. These two choices are with the idea to ignore this letter, or perhaps pay me $ 1900. Let’s examine those two options in more details. 

First Option is to ignore this message. You should know what is going to happen if you pick this path. I will certainly send out your video recording to your entire contacts including close relatives, co-workers, etc. (This is what frightens most people. My life is pretty much an open book. Sure, there are things that I've said or done that I'm not proud of, but my life won't end from the humiliation threatened here.) It doesn't protect you from the humiliation you and your family will feel when friends and family discover your sordid videos (yep, the back of the tape covering my camera is truly sordid) from me. 

Second Option is to pay me $ 1900. We will name this my “privacy fee”. (He calls it a "privacy fee", I call it extortion.) Now let me tell you what happens if you choose this path. Your secret remains your secret. I'll erase the recording immediately. You continue on with your routine life as though none of this ever happened. 

Now you must be thinking, “I should go to the cops”. (I had planned to go to the cops, but there really isn't a thing they can do. But ... I can share this email and out the fucker in another way.) Without a doubt, I have covered my steps to ensure this mail can't be tracked to me also it won't prevent the evidence from destroying your health. I am not looking to dig a hole in your pocket. I just want to be paid for the time I place into investigating you. Let's assume you have decided to create all this disappear and pay me the confidentiality fee. You'll make the payment via Bitcoin (if you don't know how, type "how to buy bitcoins" in search engine) 

Required Amount: $ 1900 
Receiving Bitcoin Address: 1LMtLYR2vUzfvooVowaUqNLCzRyuf2XMA7 
(It's CASE sensitive, so copy and paste it carefully) 

Tell no one what will you use the Bitcoins for or they may not sell it to you. (In Gavin de Becker's book "The Gift of Fear" he mentions that the bad guy will tell you what their weaknesses are. That's exactly what happened here - if I dare tell anyone I'm buying the Bitcoin from, they won't sell to me. Why wouldn't I tell them, now that I know his weakness? You know, if I actually had the money and was scared enough of humiliation to pay the extortion fee.) The method to acquire bitcoin will take a couple of days so do not delay.
I have a unique pixel in this e mail (Again, sounds so scary. People like me, who aren't tech savvy are now scratching our heads, wondering if this is even possible. Hell, for all I know, it might be. I don't care, because his biggest threat is humiliation. Puhleeze, he doesn't know my life, he has no idea how frequently I open my own mouth and humiliate my self.), and right now I know that you've read through this mail. You now have 2 days in order to make the payment. If I don't get the Bitcoins, I will certainly send your video to all your contacts including friends and family, coworkers, and so forth (Ooooo.... the people in my contacts list might get a fake video of me. Or it might be real, from me laying in bed watching Netflix on my tablet (again, camera is disabled and I must give permission to enable them), but whatevs. The fact is, that he's going to have to go to a lot of work to make videos that look incriminating). You better come up with an excuse for friends and family before they find out. Having said that, if I do get paid, I'll destroy the video immediately. It's a non-negotiable one time offer, so don't ruin my time & yours. Your time has started (Now this threat is just lazy and screams Hollywood.). 
So there it is: play on someone's deepest, darkest secret (if they knew what it was, they'd address it directly instead of making vague mention, they play on the fact that so many Americans watch porn, and assume that's everyone's darkest secret); make specific threats (humiliation); demand money; and end with a witty one-liner.

Now, I will honestly admit I was afraid to open my email from my laptop (my personal emails go to my phone), because I didn't want to inadvertently give this guy access. After talking with the IT guys at work, I was assured that if I was running my malware I would be safe to go in and change my password again. Like I mentioned earlier, the password "Heath" said he had was from years ago.

A handful of my friends received similar emails yesterday, and Lee Lofland (of The Graveyard Shift) checked with some people he knows and was told it was most likely from the LinkedIn (or MySpace or even PoliceOne) breach from a few years ago. That makes sense, because that was my password back then.

I will be spending the day running scans and updating all of my passwords on all of my devices, though I do it a couple times a year anyway.

If this guy does try to send out emails to my contacts list, I hope you enjoy watching the back of the tape I cover all of my cameras with, though it would probably be in your best interest to not open any email from him - you don't want to give him access to your own accounts.