[conspire] (forw) Y??u're my vi??tim

Mon Jul 30 03:21:52 PDT 2018

This is a new-ish variety of scam mail, and I wanted to call attention 
to how the scam works.  Actually, I received two copies yesterday that 
were freakishly almost-credible.  For present purposes, I wish I hadn't
deleted those.

Last night's pair were both addressed to 'josh at unixmercenary.net', my
friend and former co-worker (Josh Neal) who died about a decade ago.
The Subject header in _that_ case said 

  Subject: josh at unixmercenary.net:abracadabra 

Well, not abracadabra, but rather a commonly used English word that I
happen to use in one place where security doesn't matter very much -- 
and it claimed that 'josh at unixmercenary.net' had been using that
password on an (unspecified) porn site -- about which it told a
convoluted and buzzword-laden story trying to guilt-trip 'josh' 
about sexual escapades and demanding Bitcoin payment.

It claimed that the the sender's e-mail was bugged with a hidden picture
file such that he'd know when I read it -- which was a bit hilarious
given that it was an ASCII e-mail.  If I failed to pay the guy off, blah
blah blah.

Thing is, it's actually possible that some scammer script process _did_ 
record somewhere my use overy plaintext of the password represented
above by substitute password 'abracadabra'.  With unexpectly accurate
details like that, such a scam threat can _seem_ credible and
threatening, if you don't read attentively and stop to think. 

The scammers will make money if even a tiny percentage of target parties
buy the story.  (Like spammers, they make it up in volume.)

I wanted to mention that this illustrates _yet another_ reason to use 
all unique passords -- to never use a password in multiple places.  
Because any password can get stolen.

The 'josh at unixmercenary.net:abracadabra' scam-mail, the one from
yesterday, relied on the target getting spooked by the implication that
'josh' used that password elsewhere, in lots of places, including porn.
Which is the sort of thing _most people do_.

One tiny believable detail surrounded by a pile of semi-credible
lies and glued together by social engineering -- the very model of a
scam threat.

Oh, and the sending e-mail address is probably someone's genuine one
that has been broken into.  (The one from yesterday was.)

----- Forwarded message from wmbiqzv <help at 188gametransfer.net> -----

Date: Mon, 30 Jul 2018 10:00:17 +0100
From: wmbiqzv <help at 188gametransfer.net>
To: respond-auto at linuxmafia.com
Subject: Y??u're my vi??tim

Hi, viсtim.
I write you bесause I рut a malware оn the wеb раgе with рorn which you hаve visited.
My virus grabbеd all your personаl infо аnd turned оn yоur cаmerа whiсh cарtured thе prоcеss оf your onаnism. Just after thаt thе sоft sаvеd your contaсt list.
I will dеletе thе cоmprоmising vidеo аnd infо if you раy me 400 EURO in bitcоin. This is address for pаyment : 1G8TaC3eD6CAaKVFi7DoXbEhk7UZwSK2BD

I givе yоu 30 hоurs аfter yоu оpen my messаge fоr making thе transасtiоn.
Аs soon аs you rеаd thе messаgе I'll see it right awаy.
It is not nесеssаry tо tеll me that you hаve sent mоnеy tо mе. This аddress is сonnected tо you, my system will dеlеtе еverything automatiсally after transfer соnfirmatiоn.
If yоu need 48 h just reрly on this lеtter with +.
Yоu cаn visit the роlice statiоn but nobоdy саn help yоu.
If you try to decеivе me , I'll seе it right awаy !
I dоnt livе in yоur сountry. So thеy сan nоt trасk my locаtion evеn fоr 9 mоnths.
Goоdbye. Dоnt fоrgеt аbout the shаme аnd tо ignоre, Your lifе cаn bе ruinеd.

----- End forwarded message -----