Select Page

For more phishing samples, see my phishy email collection.

Extortion scams similar to this one fly around the internet all the time. The premise behind them is, an attacker wants you to believe they broke into your computer and copied your most embarrassing secrets. Send a bunch of money to an anonymous bitcoin address or they’ll show the world all the embarrassing things they found. Sometimes they claim to originate right from the victim’s email, which is obviously not true.

Find where any email really came from by examining its email header, as I did in another phishing sample. This one is not worth the trouble. It’s a cheap bluff.

Back in 2018, a similar extortion scam hit a friend’s inbox. My friend called in a panic, not that they did anything inappropriate with their computer, but that the attacker knew their password. After talking it through, it was a password for lots of places, including social media accounts that had recently lost data to attackers. Naturally, we had a conversation about good password management.

I give this attack a C. The attacks that include one of my compromised social media passwords, maybe a B-.