Phishing scams are becoming increasingly common, and they can be very convincing.
One such scam that has been making the rounds lately is the "I RECORDED YOU!" email, which threatens to release embarrassing footage of the recipient unless they pay a sum of money in Bitcoin.
While people who are educated in digital safety knowledge and good practices can easily discard this type of email as phishing, there are some other people who may fear that the email is legitimate and act on it.
If you got an email that mentions a password you recognize as your own, what would you do?
Below we have copied a real email that one of our colleagues has received, but note that we have made one change:
- We have substituted the actual password with the word <PASSWORD>. To protect the anonymity of our colleague.
Email title: I RECORDED YOU!
From: John Blue <[email protected]>
Sun 12/03/2023 15:12
Hi, today there are sadly some bad news for you.
Your device was infected with my private malware, your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more, Google: Drive-by exploit.
My malware gave me full access to all your accounts, full control over your device and it also was possible to spy on you over your cam.
If you think this is some bad joke, no, I know your password: < PASSWORD>
I collected all your private data and I RECORDED YOU (through your cam) SATISFYING YOURSELF!
After that I removed my malware to not leave any traces and this email was sent from some hacked server.
I can publish the video of you and all your private data on the whole web, social networks, over email and send everything to all your contacts.
But you can stop me and only I can help you out in this situation.
The only way to stop me, is to pay exactly 1200$ in Bitcoin (BTC).
It's a very good offer, compared to all that horrible shit that will happen if I publish everything.
You can easily buy Bitcoin (BTC) here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for Bitcoin (BTC) ATM near you, or Google for other exchanger.
You can send the Bitcoin (BTC) directly to my wallet, or install the free software: Atomicwallet, or: Exodus wallet, then receive and send to mine.
My Bitcoin (BTC) wallet is: 14hAgJ1ZsReHU2JBJi1hk4AEyKd1YaqQ7a
Yes, that's how the wallet / address looks like, copy and paste it, it's (cAsE-sEnSEtiVE).
I give you 3 days time to pay.
After receiving the payment, I will remove everything and you can life your live in peace like before, don't worry, I keep my promise.
Next time make sure that your device got the newsest security updates.
The Clues That Show That The Scammer Has Nothing On You
How did our colleague figure out that this is a scam and the scammer has nothing on him?:
The first and the best obvious clue is if the scammer would have pictures or videos, he would at least copy one image as evidence.
The second clue is that the email has a reference number (ClientMailID). Because this kind of email is sent to hundreds of people and the scammer needs some sort of reference to identify those victims that actually respond to the email threat.
And the last clue is that, even though the email mentions a password that our colleague could recognize as his own, this was a unique and obsolete password that he does not use anymore.
Most probably the scammer obtained the password through a data breach, which is something that nobody can avoid. If you don't know what is a data breach and how to find out if your data has already been part of a data breach, have a look at our article:
How The Scammer Uses Social Engineering To Create Panic
The "I RECORDED YOU!" email is a classic example of a phishing scam that uses social engineering to trick people into sending money or providing sensitive information.
Here are some of the social engineering tricks used by the scammer. Learn from them:
Fear: The scammer uses fear to make the recipient believe that they have been caught doing something embarrassing or illegal, such as watching explicit content on their device. By making the recipient afraid of the consequences of their actions being exposed, the scammer hopes to convince them to pay the ransom.
Urgency: The scammer creates a sense of urgency by giving the recipient a deadline of three days to pay the ransom. By doing so, they hope to pressure the recipient into paying before they have time to think or investigate the validity of the threat.
Authority: The scammer claims to have full access to the recipient's device and accounts, giving the impression that they have a high level of technical expertise and authority. By doing so, they hope to convince the recipient that they are legitimate and that their threat is real.
Intimidation: The scammer tries to intimidate the recipient by claiming that they have recorded them through their webcam and have access to all their private data. By doing so, they hope to make the recipient feel vulnerable and exposed, and more likely to comply with their demands.
Confusion: The scammer creates confusion by using technical terms such as "Drive-by exploit" and "iframe" to make the threat seem more complex and difficult to understand. By doing so, they hope to create the impression that the recipient is at fault for not being knowledgeable enough to prevent the threat.
Overall, the scammer uses a combination of fear, urgency, authority, intimidation, and confusion to manipulate the recipient into complying with their demands. It's important to always be cautious of unsolicited emails and to verify the legitimacy of any claims before taking any action.
The Probability Of Falling For a Phishing Emails - Your Loss is Their Gain
The probability that someone will act and respond to a phishing email like the one described in this post varies depending on various factors such as the person's level of awareness about phishing scams, their emotional state at the time of receiving the email, and their level of trust in the authenticity of the email.
Generally, scammers send these types of emails in large volumes, knowing that only a small percentage of people need to fall for the scam to make it profitable.
This technique is known as a "spray-and-pray" approach.
According to a 2021 report by Verizon, around 1 in 4 (or 25%) of people who receive phishing emails open them, and about 1 in 5 (or 22%) of those who open them click on a link or attachment.
It's important to note that even if only a small percentage of people fall for a phishing scam, the consequences can be significant for those who do.
This is why it's important to remain vigilant and educate oneself on how to identify and avoid these types of scams.
Help Others By Sharing Your Stories And Experience.
We know that there are people out there that have had a very bad time after receiving a similar email.
Sharing our own 'I RECORDED YOU!' story will help others who may receive similar emails but not be sure what to do in such a situation.
If you have some minutes, consider ANONIMOUSLY sharing your story with others so they learn from the lessons you have been through.
Thanks for your time, and thanks in advance for making the crypto space a safer place.