Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,090 --> 00:00:02,760
This video, we're taking a look at a real scam.
2
00:00:03,870 --> 00:00:06,570
This involves bitcoin in its extortion.
3
00:00:07,320 --> 00:00:13,800
So I want to make this video because these these kind of emails have been making the rounds quite a
4
00:00:13,800 --> 00:00:19,950
bit lately, and this is actually one that hit a user at one of them at the place I am working at right
5
00:00:19,950 --> 00:00:20,250
now.
6
00:00:20,910 --> 00:00:24,300
So I took out some of the critical information, like actual email address and that.
7
00:00:24,300 --> 00:00:26,520
But let's take a look at this email.
8
00:00:27,720 --> 00:00:28,740
So in this email?
9
00:00:31,140 --> 00:00:33,270
The to address was spoofed.
10
00:00:33,420 --> 00:00:38,250
So it's actually spoofing one of the email addresses that that user actually had.
11
00:00:39,090 --> 00:00:40,930
So we continue on this email.
12
00:00:40,950 --> 00:00:42,810
It says, Hello, my name is dark.
13
00:00:43,110 --> 00:00:47,370
My nickname and darknet is Zachary, 31.
14
00:00:48,270 --> 00:00:49,380
That tends to change.
15
00:00:49,860 --> 00:00:55,080
Even if it's the same person running this scam, they tend to change whatever they're suppose a dark
16
00:00:55,080 --> 00:00:57,510
name is or darknet name.
17
00:00:57,510 --> 00:01:05,100
As I hacked your mailbox more than six months ago through it, affected your operating system with a
18
00:01:05,100 --> 00:01:09,990
virus trojan created by me and have been monitoring you for a long time.
19
00:01:10,500 --> 00:01:16,980
So your password is our password from and then they give the user email address is.
20
00:01:17,220 --> 00:01:22,740
Then they give the supposed password for that particular email.
21
00:01:24,210 --> 00:01:32,070
Now the way that works is typically the person will go grab information from a data dump so I can buy
22
00:01:32,070 --> 00:01:36,390
a data dump for around 10, $20 or so.
23
00:01:37,080 --> 00:01:38,830
Grab a bunch of username and passwords.
24
00:01:38,860 --> 00:01:45,180
And that's what these people are typically doing or searching Aaron and finding a data dump that was
25
00:01:45,180 --> 00:01:46,200
published for free.
26
00:01:47,510 --> 00:01:52,790
Now in here, they'll pick up to look for people with email addresses and passwords that got leaked.
27
00:01:53,300 --> 00:01:56,570
These may still be valid or they may be changed.
28
00:01:56,570 --> 00:02:03,350
They really don't know and generally don't care because once they send these emails out, when a person
29
00:02:03,350 --> 00:02:08,690
generally sees, Oh, this is my email and this is really the password that's associated to it.
30
00:02:09,230 --> 00:02:12,950
They begin to panic whether they actually did anything wrong or not.
31
00:02:13,460 --> 00:02:15,260
And that's how these scams work.
32
00:02:16,160 --> 00:02:18,350
Now let's continue with the email human.
33
00:02:18,350 --> 00:02:20,650
If you change your password after that, it doesn't matter.
34
00:02:20,660 --> 00:02:27,530
My virus intercepted all of your caching data from your computer and automatically saved access for
35
00:02:27,530 --> 00:02:27,800
me.
36
00:02:28,310 --> 00:02:32,960
I have access to all your accounts, social networks, email browsing history accordingly.
37
00:02:32,990 --> 00:02:37,580
I have the data of all your contact files from your computer's photos videos.
38
00:02:38,860 --> 00:02:43,940
I was most struck by the intimate con content sites that you occasionally visit.
39
00:02:43,990 --> 00:02:46,900
You have a very weird or very wild imagination.
40
00:02:46,900 --> 00:02:51,940
I tell you during your pastime entertainment here, I took screenshots to your camera of your device
41
00:02:51,940 --> 00:02:54,510
synchronizing with what you're watching.
42
00:02:54,520 --> 00:02:56,380
Oh my god, you're so funny.
43
00:02:56,390 --> 00:02:56,980
Excited.
44
00:02:58,260 --> 00:03:02,700
I think you don't want one of all your contacts, get these files right.
45
00:03:03,390 --> 00:03:10,350
If you are of the same opinion, then I think that 837 is quite fair price to destroy the dirt I created.
46
00:03:11,400 --> 00:03:13,530
So there is the extortion part.
47
00:03:14,340 --> 00:03:21,030
And generally, for people, whether they actually did anything wrong or not, they generally worry
48
00:03:21,030 --> 00:03:25,860
that, hey, my, so my critical data is out there days in a dump.
49
00:03:26,220 --> 00:03:29,310
Or maybe he's just going to dump a bunch of bogus information.
50
00:03:29,310 --> 00:03:32,730
I have been going all these crazy sites when I haven't been to my contacts.
51
00:03:33,900 --> 00:03:36,540
So this plays on fear for people.
52
00:03:39,910 --> 00:03:45,190
Since the above amount, my bitcoin wallet and he gives the bitcoin address, which I'm going to copy
53
00:03:45,190 --> 00:03:47,980
right now, and I'm going to show you why in a moment.
54
00:03:50,050 --> 00:03:53,020
As soon as the above amount is received, I guarantee the data will be deleted.
55
00:03:53,830 --> 00:03:54,680
I do not need it.
56
00:03:54,710 --> 00:03:59,920
Otherwise, his files in history of his insights will will get all your contacts from your devices.
57
00:03:59,920 --> 00:04:05,050
I'll send everyone your contact access to your email as access logs.
58
00:04:05,830 --> 00:04:09,540
I have carefully saved it since reading this letter.
59
00:04:09,640 --> 00:04:11,980
Have 48 hours after reading this message.
60
00:04:12,550 --> 00:04:16,570
I'll receive an automatic notification that you have seen the letter.
61
00:04:18,210 --> 00:04:19,140
And it goes on to.
62
00:04:21,170 --> 00:04:22,670
Essentially saying that.
63
00:04:24,560 --> 00:04:27,110
That they feel like they're doing you a service.
64
00:04:28,200 --> 00:04:30,750
So let's break this down a little bit.
65
00:04:30,840 --> 00:04:33,570
Supposedly, someone has her email and password.
66
00:04:34,170 --> 00:04:41,010
So in general, again, that usually freaks people out because let's be honest, people usually have.
67
00:04:43,190 --> 00:04:48,410
Really bad passwords, and they have a bad habit of recycling passwords, that's why you shouldn't recycle
68
00:04:48,410 --> 00:04:50,060
passwords of all possible.
69
00:04:52,340 --> 00:04:57,170
The legitimacy of this is a lot of people say, Yeah, that is my email, that's my password or that
70
00:04:57,170 --> 00:04:58,700
used to be my password.
71
00:04:59,690 --> 00:05:05,150
As he knows the contextualize it by saying, even if you change your password, I still have access.
72
00:05:05,630 --> 00:05:09,410
So that that also freaks people out.
73
00:05:10,670 --> 00:05:12,980
But again, this generally comes from data dumps.
74
00:05:14,090 --> 00:05:17,270
So you do want to keep that in mind in that regard.
75
00:05:17,300 --> 00:05:18,410
It's kind of worthless.
76
00:05:20,140 --> 00:05:24,280
But they are trying to scam you, they are trying to get money from you.
77
00:05:25,150 --> 00:05:30,730
And if you're doing Olson, then this gets a little tricky.
78
00:05:30,730 --> 00:05:35,080
So bitcoin are designed to be anonymous, so it is kind of hard to track them.
79
00:05:35,230 --> 00:05:40,540
What you can do is there are certain tricks where if you send.
80
00:05:41,870 --> 00:05:45,600
A certain amount of bitcoin to someone you can kind of trace where it's going.
81
00:05:45,620 --> 00:05:51,950
I don't recommend actually spending money or giving any amount of money to anyone that's trying to scam
82
00:05:51,950 --> 00:05:53,060
you, extort you.
83
00:05:55,170 --> 00:06:02,610
But in order to help alleviate some fear from people, if you're doing a Olson investigation for someone
84
00:06:03,390 --> 00:06:05,820
again, they don't have to do anything wrong.
85
00:06:06,090 --> 00:06:09,750
People that don't do anything wrong still might freak out because they, you know, they're still worried
86
00:06:09,750 --> 00:06:11,790
that this person is on my account.
87
00:06:11,790 --> 00:06:17,160
They have my, you know, critical information that they have email that's confidential and they're
88
00:06:17,160 --> 00:06:18,370
going to send it out to everyone.
89
00:06:18,390 --> 00:06:26,550
Or they might spread a bunch of lies about me and embarrass me, especially people in higher up positions
90
00:06:27,720 --> 00:06:32,500
as CEOs, managers and whatnot.
91
00:06:32,520 --> 00:06:37,920
It's kind of hard for them to have their reputation tarnished, whether it's real or not.
92
00:06:39,460 --> 00:06:42,460
So a lot of people feel compelled to actually pay these ransoms.
93
00:06:43,480 --> 00:06:46,840
So what you could do is there's a couple of things you could do.
94
00:06:46,870 --> 00:06:47,650
One is you could try.
95
00:06:47,830 --> 00:06:51,400
You could do a bitcoin look up and if you go to Bitcoin.
96
00:06:51,430 --> 00:06:52,210
Who's who?
97
00:06:52,630 --> 00:06:58,150
Dot com, you could enter in the bitcoin wallet and kind of see a little bit of the transaction history
98
00:06:58,150 --> 00:06:58,450
of it.
99
00:06:59,330 --> 00:07:06,700
Now the other thing you could do is you can go to Hashed and have I been conned and put that email address
100
00:07:06,700 --> 00:07:09,460
in that that they said they got a hold of?
101
00:07:10,390 --> 00:07:13,030
And you also can go to pwned passwords.
102
00:07:14,350 --> 00:07:16,060
I generally like to use all these sites.
103
00:07:16,090 --> 00:07:17,890
You put the email address, you put the password.
104
00:07:17,890 --> 00:07:24,790
In that way, you could say, Hey, your email has been part of, you know, eight data breaches dates
105
00:07:24,790 --> 00:07:31,360
back at this time, which kind of matches in this information here your password is also came up in
106
00:07:31,360 --> 00:07:32,140
a data breach.
107
00:07:32,320 --> 00:07:36,310
It's been part of these breaches, so this is where this is coming from.
108
00:07:37,150 --> 00:07:37,570
You know?
109
00:07:38,810 --> 00:07:42,710
So this is how they got your information, it's not they actually hacked your account.
110
00:07:42,860 --> 00:07:44,450
This is your actual information.
111
00:07:45,070 --> 00:07:50,180
Well, that point you tell the user you changed your password if you don't change it already.
112
00:07:51,200 --> 00:07:56,270
If you're using Gmail or there's similar services, make sure you sign out of all the accounts.
113
00:07:56,270 --> 00:07:57,610
Review Security Check.
114
00:07:57,630 --> 00:08:00,130
Make sure that no one's been logging your account.
115
00:08:00,140 --> 00:08:05,390
Chances are no, they haven't logged in your account, but it's always good to run that check.
116
00:08:06,500 --> 00:08:09,470
Now, let's go back to the bitcoin address, look up.
117
00:08:10,920 --> 00:08:12,150
So I'm going to pieces in here.
118
00:08:13,070 --> 00:08:18,290
And we have there a bitcoin war, I'm just going to click a little magnifying glass and start to search.
119
00:08:22,360 --> 00:08:23,720
Can we give this sick?
120
00:08:23,740 --> 00:08:25,600
And here we go.
121
00:08:27,960 --> 00:08:33,930
OK, so this is pretty cool, so we can actually see quite a bit of history on this so we can see this
122
00:08:33,930 --> 00:08:35,940
bitcoin address appeared on four web sites.
123
00:08:35,940 --> 00:08:38,070
I can click to see what websites you've been on.
124
00:08:39,300 --> 00:08:40,560
There's a wallet name.
125
00:08:42,140 --> 00:08:45,620
The current balance is almost one bitcoin and.
126
00:08:47,760 --> 00:08:53,040
Well, you could see there's eight transactions, which when I looked this up yesterday, you only had
127
00:08:53,040 --> 00:08:53,470
two.
128
00:08:53,490 --> 00:08:55,590
So apparently he got a few more people.
129
00:08:56,820 --> 00:09:00,120
Now you can look at the first transaction.
130
00:09:01,050 --> 00:09:05,880
If we click on scam alert, we could see all these people that reported this a scam.
131
00:09:05,880 --> 00:09:10,020
And again, this can add legitimacy to your report.
132
00:09:10,020 --> 00:09:13,560
When you're reporting back to someone, say, Hey, this is a scam, don't pay it.
133
00:09:14,610 --> 00:09:21,150
Here's a bunch of scam alerts for that particular email, and you can see all these are sextortion,
134
00:09:21,150 --> 00:09:24,200
hack, blackmail and whatnot.
135
00:09:24,210 --> 00:09:26,280
And if I click on any of these things here.
136
00:09:28,100 --> 00:09:30,110
You could see it's a similar format.
137
00:09:30,560 --> 00:09:33,340
My nickname is darknet, and the name has changed.
138
00:09:34,040 --> 00:09:35,460
Kelby 27.
139
00:09:35,480 --> 00:09:40,820
I hacked to your mailbox six months ago and a your operating system with the Trojan password is blank
140
00:09:40,820 --> 00:09:41,420
like blank.
141
00:09:42,500 --> 00:09:44,720
So essentially, it's the same email address again.
142
00:09:45,680 --> 00:09:51,620
And the other thing I like about running the Bitcoin wallet through here is some of these other ones
143
00:09:51,620 --> 00:09:51,850
here.
144
00:09:51,860 --> 00:09:58,070
They people did get additional information, including the IP address.
145
00:09:58,400 --> 00:10:00,210
And again, you can take that IP address.
146
00:10:00,230 --> 00:10:01,970
You can run through your IP tracer.
147
00:10:02,630 --> 00:10:09,530
And if you do that, you'll find out this person's from South America, which kind of lends credibility
148
00:10:09,530 --> 00:10:12,470
to why voice English is a little broken.
149
00:10:13,890 --> 00:10:17,660
Is not a Native American United States individual.
150
00:10:18,230 --> 00:10:18,710
So.
151
00:10:20,730 --> 00:10:22,200
That's all great information.
152
00:10:22,650 --> 00:10:28,890
And again, it's this will really go a long way for when you put it in the report that saying that,
153
00:10:28,890 --> 00:10:33,270
hey, don't pay this, you could see all these people report all these different scams.
154
00:10:33,810 --> 00:10:40,170
And if I click on here, I could see the different websites and it's come up on scam survivors dot com.
155
00:10:41,190 --> 00:10:43,740
This Twitter post is talking about it.
156
00:10:44,160 --> 00:10:50,310
Another Twitter post talking about we could take a look at the transaction history, so we could say
157
00:10:50,310 --> 00:10:57,240
that we could see this bitcoin wallet paid that address in how much they they got and all the time and
158
00:10:57,240 --> 00:10:57,660
date.
159
00:10:58,920 --> 00:11:03,300
So that's that's additional interesting information just to have.
160
00:11:03,870 --> 00:11:09,600
Again, it's going to be pretty hard to trace back to the actual individual, but it is interesting
161
00:11:09,600 --> 00:11:12,150
to take a look at what the pattern of this is.
162
00:11:12,990 --> 00:11:20,670
And also, you can run this through a Maltego if you want to verify this information, which I did yesterday
163
00:11:22,080 --> 00:11:23,550
when it had two transactions.
164
00:11:23,550 --> 00:11:28,740
Those transactions also appeared to Maltego same amount, same wallets and whatnot.
165
00:11:28,770 --> 00:11:37,200
So again, if you really need to prove that to your client that, hey, this is a scam, this is all
166
00:11:37,200 --> 00:11:44,120
the old things going on with it, the way you can kind of verify the information is diminished.
167
00:11:44,250 --> 00:11:46,410
Have I been Pwn2Own passwords?
168
00:11:47,490 --> 00:11:54,330
Bitcoin address lookup, which is bitcoin, who's who dot com and then run a Maltego scan?
169
00:11:55,170 --> 00:11:59,670
So this is all about bitcoin scams and extortion scams.
170
00:12:00,240 --> 00:12:01,500
Thank you for watching the video.
16657
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.