Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,090 --> 00:00:02,760 This video, we're taking a look at a real scam. 2 00:00:03,870 --> 00:00:06,570 This involves bitcoin in its extortion. 3 00:00:07,320 --> 00:00:13,800 So I want to make this video because these these kind of emails have been making the rounds quite a 4 00:00:13,800 --> 00:00:19,950 bit lately, and this is actually one that hit a user at one of them at the place I am working at right 5 00:00:19,950 --> 00:00:20,250 now. 6 00:00:20,910 --> 00:00:24,300 So I took out some of the critical information, like actual email address and that. 7 00:00:24,300 --> 00:00:26,520 But let's take a look at this email. 8 00:00:27,720 --> 00:00:28,740 So in this email? 9 00:00:31,140 --> 00:00:33,270 The to address was spoofed. 10 00:00:33,420 --> 00:00:38,250 So it's actually spoofing one of the email addresses that that user actually had. 11 00:00:39,090 --> 00:00:40,930 So we continue on this email. 12 00:00:40,950 --> 00:00:42,810 It says, Hello, my name is dark. 13 00:00:43,110 --> 00:00:47,370 My nickname and darknet is Zachary, 31. 14 00:00:48,270 --> 00:00:49,380 That tends to change. 15 00:00:49,860 --> 00:00:55,080 Even if it's the same person running this scam, they tend to change whatever they're suppose a dark 16 00:00:55,080 --> 00:00:57,510 name is or darknet name. 17 00:00:57,510 --> 00:01:05,100 As I hacked your mailbox more than six months ago through it, affected your operating system with a 18 00:01:05,100 --> 00:01:09,990 virus trojan created by me and have been monitoring you for a long time. 19 00:01:10,500 --> 00:01:16,980 So your password is our password from and then they give the user email address is. 20 00:01:17,220 --> 00:01:22,740 Then they give the supposed password for that particular email. 21 00:01:24,210 --> 00:01:32,070 Now the way that works is typically the person will go grab information from a data dump so I can buy 22 00:01:32,070 --> 00:01:36,390 a data dump for around 10, $20 or so. 23 00:01:37,080 --> 00:01:38,830 Grab a bunch of username and passwords. 24 00:01:38,860 --> 00:01:45,180 And that's what these people are typically doing or searching Aaron and finding a data dump that was 25 00:01:45,180 --> 00:01:46,200 published for free. 26 00:01:47,510 --> 00:01:52,790 Now in here, they'll pick up to look for people with email addresses and passwords that got leaked. 27 00:01:53,300 --> 00:01:56,570 These may still be valid or they may be changed. 28 00:01:56,570 --> 00:02:03,350 They really don't know and generally don't care because once they send these emails out, when a person 29 00:02:03,350 --> 00:02:08,690 generally sees, Oh, this is my email and this is really the password that's associated to it. 30 00:02:09,230 --> 00:02:12,950 They begin to panic whether they actually did anything wrong or not. 31 00:02:13,460 --> 00:02:15,260 And that's how these scams work. 32 00:02:16,160 --> 00:02:18,350 Now let's continue with the email human. 33 00:02:18,350 --> 00:02:20,650 If you change your password after that, it doesn't matter. 34 00:02:20,660 --> 00:02:27,530 My virus intercepted all of your caching data from your computer and automatically saved access for 35 00:02:27,530 --> 00:02:27,800 me. 36 00:02:28,310 --> 00:02:32,960 I have access to all your accounts, social networks, email browsing history accordingly. 37 00:02:32,990 --> 00:02:37,580 I have the data of all your contact files from your computer's photos videos. 38 00:02:38,860 --> 00:02:43,940 I was most struck by the intimate con content sites that you occasionally visit. 39 00:02:43,990 --> 00:02:46,900 You have a very weird or very wild imagination. 40 00:02:46,900 --> 00:02:51,940 I tell you during your pastime entertainment here, I took screenshots to your camera of your device 41 00:02:51,940 --> 00:02:54,510 synchronizing with what you're watching. 42 00:02:54,520 --> 00:02:56,380 Oh my god, you're so funny. 43 00:02:56,390 --> 00:02:56,980 Excited. 44 00:02:58,260 --> 00:03:02,700 I think you don't want one of all your contacts, get these files right. 45 00:03:03,390 --> 00:03:10,350 If you are of the same opinion, then I think that 837 is quite fair price to destroy the dirt I created. 46 00:03:11,400 --> 00:03:13,530 So there is the extortion part. 47 00:03:14,340 --> 00:03:21,030 And generally, for people, whether they actually did anything wrong or not, they generally worry 48 00:03:21,030 --> 00:03:25,860 that, hey, my, so my critical data is out there days in a dump. 49 00:03:26,220 --> 00:03:29,310 Or maybe he's just going to dump a bunch of bogus information. 50 00:03:29,310 --> 00:03:32,730 I have been going all these crazy sites when I haven't been to my contacts. 51 00:03:33,900 --> 00:03:36,540 So this plays on fear for people. 52 00:03:39,910 --> 00:03:45,190 Since the above amount, my bitcoin wallet and he gives the bitcoin address, which I'm going to copy 53 00:03:45,190 --> 00:03:47,980 right now, and I'm going to show you why in a moment. 54 00:03:50,050 --> 00:03:53,020 As soon as the above amount is received, I guarantee the data will be deleted. 55 00:03:53,830 --> 00:03:54,680 I do not need it. 56 00:03:54,710 --> 00:03:59,920 Otherwise, his files in history of his insights will will get all your contacts from your devices. 57 00:03:59,920 --> 00:04:05,050 I'll send everyone your contact access to your email as access logs. 58 00:04:05,830 --> 00:04:09,540 I have carefully saved it since reading this letter. 59 00:04:09,640 --> 00:04:11,980 Have 48 hours after reading this message. 60 00:04:12,550 --> 00:04:16,570 I'll receive an automatic notification that you have seen the letter. 61 00:04:18,210 --> 00:04:19,140 And it goes on to. 62 00:04:21,170 --> 00:04:22,670 Essentially saying that. 63 00:04:24,560 --> 00:04:27,110 That they feel like they're doing you a service. 64 00:04:28,200 --> 00:04:30,750 So let's break this down a little bit. 65 00:04:30,840 --> 00:04:33,570 Supposedly, someone has her email and password. 66 00:04:34,170 --> 00:04:41,010 So in general, again, that usually freaks people out because let's be honest, people usually have. 67 00:04:43,190 --> 00:04:48,410 Really bad passwords, and they have a bad habit of recycling passwords, that's why you shouldn't recycle 68 00:04:48,410 --> 00:04:50,060 passwords of all possible. 69 00:04:52,340 --> 00:04:57,170 The legitimacy of this is a lot of people say, Yeah, that is my email, that's my password or that 70 00:04:57,170 --> 00:04:58,700 used to be my password. 71 00:04:59,690 --> 00:05:05,150 As he knows the contextualize it by saying, even if you change your password, I still have access. 72 00:05:05,630 --> 00:05:09,410 So that that also freaks people out. 73 00:05:10,670 --> 00:05:12,980 But again, this generally comes from data dumps. 74 00:05:14,090 --> 00:05:17,270 So you do want to keep that in mind in that regard. 75 00:05:17,300 --> 00:05:18,410 It's kind of worthless. 76 00:05:20,140 --> 00:05:24,280 But they are trying to scam you, they are trying to get money from you. 77 00:05:25,150 --> 00:05:30,730 And if you're doing Olson, then this gets a little tricky. 78 00:05:30,730 --> 00:05:35,080 So bitcoin are designed to be anonymous, so it is kind of hard to track them. 79 00:05:35,230 --> 00:05:40,540 What you can do is there are certain tricks where if you send. 80 00:05:41,870 --> 00:05:45,600 A certain amount of bitcoin to someone you can kind of trace where it's going. 81 00:05:45,620 --> 00:05:51,950 I don't recommend actually spending money or giving any amount of money to anyone that's trying to scam 82 00:05:51,950 --> 00:05:53,060 you, extort you. 83 00:05:55,170 --> 00:06:02,610 But in order to help alleviate some fear from people, if you're doing a Olson investigation for someone 84 00:06:03,390 --> 00:06:05,820 again, they don't have to do anything wrong. 85 00:06:06,090 --> 00:06:09,750 People that don't do anything wrong still might freak out because they, you know, they're still worried 86 00:06:09,750 --> 00:06:11,790 that this person is on my account. 87 00:06:11,790 --> 00:06:17,160 They have my, you know, critical information that they have email that's confidential and they're 88 00:06:17,160 --> 00:06:18,370 going to send it out to everyone. 89 00:06:18,390 --> 00:06:26,550 Or they might spread a bunch of lies about me and embarrass me, especially people in higher up positions 90 00:06:27,720 --> 00:06:32,500 as CEOs, managers and whatnot. 91 00:06:32,520 --> 00:06:37,920 It's kind of hard for them to have their reputation tarnished, whether it's real or not. 92 00:06:39,460 --> 00:06:42,460 So a lot of people feel compelled to actually pay these ransoms. 93 00:06:43,480 --> 00:06:46,840 So what you could do is there's a couple of things you could do. 94 00:06:46,870 --> 00:06:47,650 One is you could try. 95 00:06:47,830 --> 00:06:51,400 You could do a bitcoin look up and if you go to Bitcoin. 96 00:06:51,430 --> 00:06:52,210 Who's who? 97 00:06:52,630 --> 00:06:58,150 Dot com, you could enter in the bitcoin wallet and kind of see a little bit of the transaction history 98 00:06:58,150 --> 00:06:58,450 of it. 99 00:06:59,330 --> 00:07:06,700 Now the other thing you could do is you can go to Hashed and have I been conned and put that email address 100 00:07:06,700 --> 00:07:09,460 in that that they said they got a hold of? 101 00:07:10,390 --> 00:07:13,030 And you also can go to pwned passwords. 102 00:07:14,350 --> 00:07:16,060 I generally like to use all these sites. 103 00:07:16,090 --> 00:07:17,890 You put the email address, you put the password. 104 00:07:17,890 --> 00:07:24,790 In that way, you could say, Hey, your email has been part of, you know, eight data breaches dates 105 00:07:24,790 --> 00:07:31,360 back at this time, which kind of matches in this information here your password is also came up in 106 00:07:31,360 --> 00:07:32,140 a data breach. 107 00:07:32,320 --> 00:07:36,310 It's been part of these breaches, so this is where this is coming from. 108 00:07:37,150 --> 00:07:37,570 You know? 109 00:07:38,810 --> 00:07:42,710 So this is how they got your information, it's not they actually hacked your account. 110 00:07:42,860 --> 00:07:44,450 This is your actual information. 111 00:07:45,070 --> 00:07:50,180 Well, that point you tell the user you changed your password if you don't change it already. 112 00:07:51,200 --> 00:07:56,270 If you're using Gmail or there's similar services, make sure you sign out of all the accounts. 113 00:07:56,270 --> 00:07:57,610 Review Security Check. 114 00:07:57,630 --> 00:08:00,130 Make sure that no one's been logging your account. 115 00:08:00,140 --> 00:08:05,390 Chances are no, they haven't logged in your account, but it's always good to run that check. 116 00:08:06,500 --> 00:08:09,470 Now, let's go back to the bitcoin address, look up. 117 00:08:10,920 --> 00:08:12,150 So I'm going to pieces in here. 118 00:08:13,070 --> 00:08:18,290 And we have there a bitcoin war, I'm just going to click a little magnifying glass and start to search. 119 00:08:22,360 --> 00:08:23,720 Can we give this sick? 120 00:08:23,740 --> 00:08:25,600 And here we go. 121 00:08:27,960 --> 00:08:33,930 OK, so this is pretty cool, so we can actually see quite a bit of history on this so we can see this 122 00:08:33,930 --> 00:08:35,940 bitcoin address appeared on four web sites. 123 00:08:35,940 --> 00:08:38,070 I can click to see what websites you've been on. 124 00:08:39,300 --> 00:08:40,560 There's a wallet name. 125 00:08:42,140 --> 00:08:45,620 The current balance is almost one bitcoin and. 126 00:08:47,760 --> 00:08:53,040 Well, you could see there's eight transactions, which when I looked this up yesterday, you only had 127 00:08:53,040 --> 00:08:53,470 two. 128 00:08:53,490 --> 00:08:55,590 So apparently he got a few more people. 129 00:08:56,820 --> 00:09:00,120 Now you can look at the first transaction. 130 00:09:01,050 --> 00:09:05,880 If we click on scam alert, we could see all these people that reported this a scam. 131 00:09:05,880 --> 00:09:10,020 And again, this can add legitimacy to your report. 132 00:09:10,020 --> 00:09:13,560 When you're reporting back to someone, say, Hey, this is a scam, don't pay it. 133 00:09:14,610 --> 00:09:21,150 Here's a bunch of scam alerts for that particular email, and you can see all these are sextortion, 134 00:09:21,150 --> 00:09:24,200 hack, blackmail and whatnot. 135 00:09:24,210 --> 00:09:26,280 And if I click on any of these things here. 136 00:09:28,100 --> 00:09:30,110 You could see it's a similar format. 137 00:09:30,560 --> 00:09:33,340 My nickname is darknet, and the name has changed. 138 00:09:34,040 --> 00:09:35,460 Kelby 27. 139 00:09:35,480 --> 00:09:40,820 I hacked to your mailbox six months ago and a your operating system with the Trojan password is blank 140 00:09:40,820 --> 00:09:41,420 like blank. 141 00:09:42,500 --> 00:09:44,720 So essentially, it's the same email address again. 142 00:09:45,680 --> 00:09:51,620 And the other thing I like about running the Bitcoin wallet through here is some of these other ones 143 00:09:51,620 --> 00:09:51,850 here. 144 00:09:51,860 --> 00:09:58,070 They people did get additional information, including the IP address. 145 00:09:58,400 --> 00:10:00,210 And again, you can take that IP address. 146 00:10:00,230 --> 00:10:01,970 You can run through your IP tracer. 147 00:10:02,630 --> 00:10:09,530 And if you do that, you'll find out this person's from South America, which kind of lends credibility 148 00:10:09,530 --> 00:10:12,470 to why voice English is a little broken. 149 00:10:13,890 --> 00:10:17,660 Is not a Native American United States individual. 150 00:10:18,230 --> 00:10:18,710 So. 151 00:10:20,730 --> 00:10:22,200 That's all great information. 152 00:10:22,650 --> 00:10:28,890 And again, it's this will really go a long way for when you put it in the report that saying that, 153 00:10:28,890 --> 00:10:33,270 hey, don't pay this, you could see all these people report all these different scams. 154 00:10:33,810 --> 00:10:40,170 And if I click on here, I could see the different websites and it's come up on scam survivors dot com. 155 00:10:41,190 --> 00:10:43,740 This Twitter post is talking about it. 156 00:10:44,160 --> 00:10:50,310 Another Twitter post talking about we could take a look at the transaction history, so we could say 157 00:10:50,310 --> 00:10:57,240 that we could see this bitcoin wallet paid that address in how much they they got and all the time and 158 00:10:57,240 --> 00:10:57,660 date. 159 00:10:58,920 --> 00:11:03,300 So that's that's additional interesting information just to have. 160 00:11:03,870 --> 00:11:09,600 Again, it's going to be pretty hard to trace back to the actual individual, but it is interesting 161 00:11:09,600 --> 00:11:12,150 to take a look at what the pattern of this is. 162 00:11:12,990 --> 00:11:20,670 And also, you can run this through a Maltego if you want to verify this information, which I did yesterday 163 00:11:22,080 --> 00:11:23,550 when it had two transactions. 164 00:11:23,550 --> 00:11:28,740 Those transactions also appeared to Maltego same amount, same wallets and whatnot. 165 00:11:28,770 --> 00:11:37,200 So again, if you really need to prove that to your client that, hey, this is a scam, this is all 166 00:11:37,200 --> 00:11:44,120 the old things going on with it, the way you can kind of verify the information is diminished. 167 00:11:44,250 --> 00:11:46,410 Have I been Pwn2Own passwords? 168 00:11:47,490 --> 00:11:54,330 Bitcoin address lookup, which is bitcoin, who's who dot com and then run a Maltego scan? 169 00:11:55,170 --> 00:11:59,670 So this is all about bitcoin scams and extortion scams. 170 00:12:00,240 --> 00:12:01,500 Thank you for watching the video. 16657