Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Extortion emails back on the rise, says report (2019) (cpacanada.ca)
35 points by digital_nomad on April 10, 2020 | hide | past | favorite | 22 comments


I had multiple friends pull me aside about similar email and asked to deal with it confidentially, I've probably had other friends pay up in attempt to avoid humiliation.

I think it's well worth talking to friends and family about these types of scams and how to deal with them - they can cause an immense amount of stress, humiliation and potentially financial stress. Nobody deserves to be put through this kind of abuse.


I have to admit I've not seen any evidence of this in any of my e-mail accounts. I check the spam folder for false positives periodically and while I've seen the periodic your password is XXX and we have webcam footage of you (which I can trace to the Perl hackers website password leak), I haven't seen any of the others or, for that matter a significant flow of spam in general. It's certainly a lot better than things were in the '00s or the '90s when I ended up abandoning e-mail addresses after they got flooded with spam.


I had one get through my spam filter maybe six months ago. Someone was claiming to have used my webcam to capture me carrying out [actions] while looking at [illegal content] on my computer.

They said they had access to my computer. As proof, they were sending the email from my own account, and sure enough the email had been sent from my account.

Finally, as proof that they weren't messing around, they attached part of the video to the email, which I could download and open and use to verify that they really did have me.

Imagine being someone that uses the internet but doesn't understand email, who had actually done the things they described:

1. Someone sent an email describing your illegal act.

2. They proved they have control of your computer by sending you an email from your account.

3. They sent part of the video. Downloading. Installing. Why's there no video?


I saw a lot of porn blackmail scam emails getting past my filters from between late 2018 to mid 2019. All followed the same pattern: hacked webcam, threatening to send video to all my contacts unless I sent bitcoin, claiming to know when the email was opened. [0]

In my case, it also contained a password I had only ever used for a LiveJournal account I had forgotten about and not logged into for several years by that point.

[0] https://kitsunesoftware.wordpress.com/2018/08/09/anatomy-of-...


I saw a couple of these in my spam folder a while back (sadly more than a month ago, so they're gone). They claimed they hacked me through my router and had compromising videos of me in a couple of fairly similar formats. I chalked it up to the fact that I have my email in a number of fairly public places.


First time I saw one of these, I started laughing. I don't have a webcam. It's hard to believe but people have actually paid the ransom. I seem to remember a post on HN matched some Bitcoin transactions by time and amount.


I don't think it's that hard to believe. I had a very smart lawyer friend call me the other day to ask for help regarding one of these. He said something like "I probably would have disregarded it, but they knew my password. I'd never pay, but it's very disconcerting."

I'm guessing there are many people who've been doing stuff online they'd worry about their friends knowing, who would pay.

Fwiw,I checked haveibeenpwned with him, and we found where they would have got the password from. My spam filter had caught lots of emails with identical wording, so it was reassuring for him to see the same emails, understand how it happened, and learn some password management stuff.


I get a lot of these, but got two concerning ones yesterday.

They were both to/from 'catch all' addresses at my domain (hosted on G Suite) and had passed SPF and DMARC. I looked at the headers, and they originally came from an Ecuadorian consumer ISP and failed SPF and DMARC, but then they somehow got forwarded within/by Gmail making Gmail see them as legitimate.

I've never encountered this before but I'm guessing G Suite does something funky with catch all addresses that causes them to be forwarded within Gmail itself and then appear legit?


I seen this all the time. Our colloquial term for these is "my malware uses the driver." since most of them seem to make this claim.

"Why your antivirus did not detect malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent."

A common example:

https://www.myantispyware.com/2018/12/23/i-sent-you-an-email...


I always wonder who is naive enough to fall for this scam, but clever enough to figure out how to use Bitcoin. Teenagers?


Not surprising. Widespread availability of cryptocurrency tech is what makes this possible for these hackers.


Before that it was Western Union.

Cash finds it's way.


Western Union is connected to real bank accounts, making it straightforward for the authorities to trace compared to cryptocurrencies.


1. The authorities don't care.

2. The recipients use stolen credentials


1 is a huge assumption, and 2 is a lot of work.


It is a lot of work in 1st world countries. Just like it is to make real money out of BTC.


Stupid question but why is your username green and all the others' are black? :)


I think because it's a new ("green") account.


Ahh that makes sense, thanks!!

I thought it was more like "verified" or something.


Why did you create a new account to post this?


Everyone's got to start somewhere.


srl's account was created ~9 years ago.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: