Clearly my peccadilloes have increased in value:
They want $1,000 now. That’s a marked increase from last summer. I mean, seriously, does anyone believe this cack? Unfortunately, yes, they do.
These scams have become very profitable, with scammers making over $50K in one week, and this new variant is no different.
This is worrying – after all, I discovered the details of this scam with a quick Google and found out all I needed to know about it in seconds. Don’t people stop to do this? Yes, sure, I realise that the shock factor might cause someone to go into a panic, but really? Just paying up without doing any checks that this might be a scam? How stupid do you have to be? The whole thing is littered with clues.
A spying pixel in an email, for crying out loud. Although the Facebook Pixel is a new twist. No such thing exists. It’s bollocks on stilts and that much should be blindingly obvious if nothing else is. I’ve had several of these over the past six months and have not paid them a penny piece and have no intention of doing so and no one has released any compromising videos to friends or colleagues – because no such video exists. Incidentally, they did spoof my email – but that’s a simple enough matter, so, no, they haven’t hacked my email account.
Actually, a “spying pixel”—that is, a 1px x 1px transparent image—is exactly what most mass mail applications use to know whether you have opened an email.
When you do so, the image is requested from the server, with your individual key appended: this tells the app that you have opened the email (though not, of course, whether you have actually read it).
The rest of it, of course, is bollocks on stilts (though mostly technically possible)…
DK
You learn something new every day.
And you’ll also learn that tracking images are blocked by most mail clients because of the default (and sensible) “don’t download any images until the user clicks the notification that they’ve been blocked” policy.
So just reading the email in the initial text form doesn’t allow any tracking images (malicious or not) to function – unless you’ve changed your settings to a rather insecure “download everything from the remote server” sort of thing.
That bit I did know.
You are of course spot on DK, however if you use a desktop client as I do (Mozilla Thunderbird), the program downloads the message then immediately deletes it from the server. I believe the use of the pixel by scammers also to be bollocks on stilts as is everything they claim, they just fire off a few thousand messages and hope that some of the recipients have been on porn sites and have a webcam. The return percentages are very low, for example if the scammer is demanding $1000 and they have sent out, say 1000 emails in one week (being extremely generous there, its usually much more), the money made in the article ($50k) only equates to 50 dirty old men from 1000 possibilities. This number will also decrease as the scam becomes more widely reported. No doubt though, that there would be a few who would still fall for the Nigerian 419 scam.
What makes me laugh is the way they instruct you to copy/paste the bitcoin wallet address, yet the body of the mail is a graphic. I’ve had several of them too, all in the last 2 months. From the message headers it seems they come from all over the world, the first this year from the ‘Mountains of the Moon’ uni in Kenya. I’m not in the habit of emailing myself so as soon as I see my own email address as the subject line I know its going to be a scam. I don’t visit porn sites, neither do I have a webcam/mic so these messages go straight to the recycle bin now. What would interest me would be a way to hack into these bitcoin wallets, if such a thing exists but they don’t appear to be up for long.
However, you can go to:
https://www.bitcoinabuse.com/
and enter the bitcoin wallet ID and this will show you all the reports from others. There is also a link on the report page which redirects you to https://www.blockchain.com/ and there you will find a statement showing number of transactions and balance. Take this one, for example…
https://www.blockchain.com/btc/address/1FDsczpSEwxqyqZYPwbspB79s4zyLPfdK6
Shows a balance of 0.25 BTC, but scroll down and you will see this was generated in 7 payments from other wallet IDs. One week later the whole amount was moved to another wallet. Would this be because the money is being passed on, or has the wallet been abandoned since it was reported?
The use of a graphic seems to be a new thing. Last summer they were all plain text. Interestingly enough, the one in my email appears not to be valid.
I won’t be able to recall getting one in plain text since I had never had one before late last year. All of the sextortion emails I’ve had, have been graphical. Because its a scan of plain text I only found that it was a .jpg image because I tried to select the bitcoin wallet ID to copy/throw it on Google. As it was I had to type it. Bastards.
Oh yes it does.
I think we established at above. Not convinced a special Facebook one exists though.
Sorry LR, there’s a link in my previous post (the words ‘yes it does’) which will tell you what it is and how it works. Its a little different from the type that DK described and is put on web sites. Its all to do with tracking browsing habits for targeted advertising, but it leaks much more information than simply whether you opened an email. Its primarily for businesses advertising on Facebook but the same can be found on many other sites that carry adverts.
Okay, missed the link. Well, again, you learn something new every day. That said, this is web browsing rather than email, but I guess for scaring people, it makes no difference.
Now here’s an interesting thing. I use adblock. I don’t see any ads at all. Ever. I wonder how that affects this code.
Yes, that’s the difference – rather than requesting any keys back from the server, the Facebook pixel is a watcher. It knows, for example if a user has clicked on something then aborted before buying. It tracks you around and knows where you go on the web. All this data is housed in 3rd party cookies.
The way around the pixel is to block 3rd party cookies but this can break web sites. If you use Firefox, it has excellent content blocking, in addition Mozilla have a browser add-on called Facebook container (in FF go to Tools>Add-ons and enter it into the search box). This extension stops the pixel in its tracks.
I use Adblock too but I don’t know what effect it has on tracking. I don’t think that is Adblock’s purpose, rather it just blocks the ads to let pages load faster. I doubt whether Adblock would have any effect on cookies.
But you are correct, the Facebook pixel is on web sites and uses cookies so it wouldn’t work with email, though it may have a chance at working with web based mail, I don’t know.
What I do know is, the scammer is able to spoof mail addresses because very few mail servers run any kind of validation. If you are getting these messages at all, its because your email address has been involved in one of the major data breaches. I know mine has. You can find out here:
https://haveibeenpwned.com/
Ahem. It’s true and old hack (users prefer “pretty” above security): if HTML/View-images enabled in email reader – sender receives IP and email client data. Off by default in Pegasus and “Warning” displayed if view html selected.
Viewing the pixel confirms email has been read with html enabled; malicious html then sent and active email address sold.
As for suckers that believe and pay, are they predominately socialists and politicians?
Well, yes, I’ve already been told. That said, my scepticism has paid off.
As to who the suckers are, I wonder. To me, these emails scream scam at me. Perhaps I am overly cynical.
Meh I’ve also had one of these on the go since October. Still waiting for an attack, and all emails now going into the Deleted box via message rule
Can these people be tracked and dealt with?
Not easily.