Sextortion Scam with phone number and address

[Velvis]

I have a client who has recently been getting emails demanding bitcoin threating to release the info because of their "porn habits".

On the email there is a phone number and an address sorta tied to the company. (It's not the main address but an owners address (not the person getting the email though.)

I was wondering how they get this info and is the best thing to do simply ignore it?

 

[GTP]

They get/got the information from the plethora of data breaches on hundreds of companies from around the world like Equifax, Instagram, Facebook LastPass, Linked in etc, etc.

Billions of records stolen and sold on the dark web and other places, so it's no surprise these scams exist.

Steve Gibson talked about this very scam on his most recent podcast - from about the 30 min mark.

 

[britechguy]

is the best thing to do simply ignore it?

Yes. Period. End of discussion.

 

[Markverhyden]

I'm amazed that people still are asking about these. They've been floating around for 5+ years now. I've had people ask me about them when I, and they, know they don't have a cam on their machine.

 

[britechguy]

I'm amazed that people ask about most scams that are retreads of retreads of retreads. How many times do these need to make the rounds, and often make the news, before they become part of the, "I heard of that," cache of knowledge?

Anyone who's used the internet for more than a few months and ever done a web search on their own name should know that one's name, address, email address, and often phone number(s) are part of the public record available to anyone who wants them.

When you add in the fact that most people do have "porn habits" it makes the scam an easy one to put forward. But if you are an individual who has no "porn habits," and those do exist, it's no different than the scams sending you a bill for something you never purchased from an entity you've never done business with.

The thing to do is always the same: ignore it and move along with life.

 

[frase]

I have had clients have them, I myself even got one; the goats are fine though. I did notice in the email that they stated they were using "Pegasus" which I found interesting, the rest of the email hilarious. These threat actors implement bot's mainly as frontline workers trawling the darkweb for compromised email and user names and other related data. These are then spammed out to the addresses taken from the sweep.

No need to do anything but delete.

 

[GTP]

Steve Gibson made a sentient point in that his concern (as is mine) is that older persons, not in total control of their faculties who have no understanding of how these things work will be caused stress by it.
They don't realise it's all BS so they send these creeps money thinking they've done something wrong.
Sure some of them may have alert carers, friends, family that could assist, but many don't.

The scammers are incapable of doing anything to the recipients of these letters. We know they wont visit the home, they wont call, they wont do anything because they cant apart from try to threaten, scare and intimidate.

 

[britechguy]

Steve Gibson made a sentient point in that his concern (as is mine) is that older persons, not in total control of their faculties who have no understanding of how these things work will be caused stress by it.

I believe you mean salient point.

But although the point is salient, it is also something over which none of us have any control, and it's certainly not limited to this.

I have a fairly large contingent of senior citizens in my client roster (and at age 62, I'm in that demographic myself). I present it generally in this way:
You know the old saying, "If something appears to be too good to be true, it probably isn't?" Just remember that it has a complimentary version, too, "If something appears to be too bad to be true, it probably isn't." When you feel really horrified or upset by something, what you do not want to do is take immediate action, as that's what scammers count on. Pause. Breathe. Think. Ask questions.

I then encourage those clients to get in touch with me, and many of them do, and when the call is to check whether something is likely a scam or not, which typically takes 2 seconds to answer, I'm happy to do so at no charge.

 

[GTP]

I believe you mean salient point.

Thank you for the correction. That is exactly what I meant to say.