Playing with the Scammers

Image by Pete Linforth from Pixabay

If you know me at all, you know that I like messing with the minds of scammers and spammers (well, and other people, too). If you don’t know me yet, you’ll need to check out my “Snotty Phone Meets the Telemarketers” video series (Episode 1, Episode 2, Episode 3). That will give you an idea of the sort of thing I like to do.

Recently, though, it’s email scammers I’ve been playing with, rather than telemarketers. Perhaps you know the ones I mean: They send you an email telling you that your accounts have been hacked, that they planted malware on your phone and computer, and they caught you going to a porn site, at which time they turned on your webcam and recorded you, ahem, “doing your thing,” along with a split-screen of the video you were watching at that time. They say they also have your complete contact list and, unless you send them a certain amount of bitcoin right away, they are going to send the video to all of your contacts and ruin your reputation.

Maybe you’ve gotten some of these emails. Maybe you are like at least one friend of mine who got one of these emails and told me she doesn’t even have a webcam…

You do understand these emails are crap, right? Even when, as they occasionally do, the scammer includes an actual password of yours in the email as “proof” that you’ve been hacked. Yup, the password is real. But it’s from an old data breach of 10+ years ago — mine was from MySpace, although I’m not sure if they all were. And unless you never changed that password in 10+ years or you’ve been using it on lots of websites, you really don’t have anything to worry about. And even then, it would only give them access to your accounts on those websites, not to your phone and computer, as they claim to have.

Some people do pay this ransom, though. You can tell because the bitcoin blockchain is public, and you can check any bitcoin address for all transactions that have been made to and from that address. Every time I get one of these emails, I go check the address the scammer is using to receive his extortion payments.

A surprising number of those addresses have received payments in the day or two surrounding my receipt of the email — that is, over the time when the scammer has been mass-mailing people with this scam.

Anyway, I digress. Since I like messing with these people, every once in awhile I will reply to their email. This is not always easy, because the “From:” addresses on the email are often faked. Many times, they even use your own address as the “From:” address (yes, this is easy to do, even when you’ve not been hacked — I can show you how…). But every once in awhile, there’s a return address that does actually look real, and so I respond. Like the response I sent earlier today:

Hello! Thank you for your email! But I have a small complaint…. I have been receiving these emails from you for some time, and I have never paid you any money or bitcoin. And yet you still have NOT sent my videos around to my contacts.

My wife, among other people, has been looking forward to receiving them. They all want to see how entertaining I am.

So please understand that you are NOT getting any bitcoin from me, so you should simply send around my videos ASAP. My wife, in particular, is really looking forward to it.

I have sent several variations of this email to these scammers from time to time. Unfortunately, none has ever responded.

I did get a response once when I played dumb and told the scammer I could not make the bitcoin payment because I needed his bitcoin private key to do so. (The private key gives you access to all funds in the wallet.) He didn’t fall for that one, but we did engage in a little email tete-a-tete for a few days. It was kind of interesting.

Now you know a few of the things I do in my spare time. Hey, it makes me chuckle, at least….