Bitcoin blackmail letter

June 22, 2021 / Rating: 4.7 / Views: 581

Related Images "Bitcoin blackmail letter" (17 pics):

Deal dash com scam

The big question is whether it is worthwhile to use Deal Dash. That is, will you find a wide range of products being auctioned in the site? What about its quality; are products on the auction of high quality? Is it really easy to win auctions in the site, so as to get products at significantly low prices? Also, does offer quality service that we’ll expect of an ideal online store (such as hassle-free bids, fast delivery, effective customer service, etc)? In the first place, is Deal Dash legit, or is it another scam platform? It is not a scam because of our findings and also it has been online for a very long time without a problem. This Deal Dash review will examine Deal Dash in order to provide the information that will help you answer these questions. Deal Dash was founded by William Wolfram, who at the time was only 16 years old. Like many businesses, it was inspired after a failed experience. Wolfram had just lost bidding in a bidding fee auction site; and he thought about how unfair the operating model of penny auction sites is to unsuccessful bidders. The idea was born of a bidding fee auction site where the unsuccessful bidder has the opportunity to get his/ her money back. Thus, there are only 10 seconds for another person to place a new bid. In 2009, the idea became a reality when Deal Dash was launched. When the auction starts, you can bid on the product with one credit (that is,

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs [SSWITCH]

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

[/SSWITCH].00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking 00. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,500 or S,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is S,500 (with a few interesting cases at S,450 and S,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me S,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs [SSWITCH]

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

[/SSWITCH].00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking 00. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,500 or S,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is S,500 (with a few interesting cases at S,450 and S,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me S,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking 00. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,500 or S,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is S,500 (with a few interesting cases at S,450 and S,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me S,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs [SSWITCH]

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

[/SSWITCH].00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking 00. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,500 or S,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is S,500 (with a few interesting cases at S,450 and S,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me S,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking 00. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,500 or S,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is S,500 (with a few interesting cases at S,450 and S,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me S,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs [SSWITCH]

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

[/SSWITCH].00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking 00. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,500 or S,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is S,500 (with a few interesting cases at S,450 and S,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me S,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking 00. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,500 or S,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is S,500 (with a few interesting cases at S,450 and S,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me S,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs [SSWITCH]

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

[/SSWITCH].00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking 00. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,500 or S,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is S,500 (with a few interesting cases at S,450 and S,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me S,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security. Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also use and recommend. Update 11/9/2016: I made a first foray into the darkweb using Tor running on Tails in a VM (on a usb stick soon), but I didn’t find anything yet. Update 10/27/2017: I got three emails today from other victims. I have only received one other email in the 12-ish months that this post has been up. Update 10/28/2017: I have now received 8 emails from victims since yesterday. At least five were postmarked “Nashville, Tennessee 370.” Several didn’t have the stamp cancelled out. Probably just a mundane “people who are married” list of some kind, with random selection from the list. Recipients are all over the US: I know my name (all our names) are on a lot of lists for sale out there (the same lists that junk mailers use), but I still wonder, which list did the scammer use for this? It’s not even a “people who are married and who probably have $2,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking $2500. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either $2,500 or $3,500 (interesting, isn’t it? Another received on December 11th, postmarked Birmingham AL 350. I wonder if the attacker is getting nervous about only using Nashville, so he’s using nearby post offices. Update 1/8/2018: Birmingham from December 11th was a huge wave. Another wave started on Jan 2nd, 2018, this time out of Evansville, Indiana (IN). Evansville is noteworthy because it’s within two-ish hours from Nashville. Extortion amount for the Evansville wave is $3,500 (with a few interesting cases at $3,450 and $3,600 – I don’t know what to make of the small variance in pricing). (An earlier version of this update incorrectly stated that the new wave was out of . I got mixed up because someone in Evanston IL got a letter from Evansville IN.) Update 1/26/2018: Another few weeks pass, another wave has begun. If you get a letter from this wave, please tell me the first sentence of your letter. the attacker has started saying “My name is ____”, but he uses a different name each time. I can’t decide if the attacker is just messing with me because he’s realized I’m collecting letters and is giving me a wild goose chase or a “fun” thing to collect, or if the attacker is just trying to throw off the google-abilty of blog articles like mine. Either way, I’ll post some of the names I’ve seen the attacker use so far (below). There’s a few other different things that stand out to me about this letter, from what I’ve seen from readers sending theirs in. Biggest change besides some new line breaks is that it includes the wive’s name peppered throughout. See lower for a transcribed exceprt from this letter. Something else I noticed is that not everyone is getting the same kind of window mailer envelope. Some have the address on the top-right of the letter, and some on the top-left. A reader suggested that demand amount may be correlated with home value / property tax. Doing so would be a “smart” way to extract the maximum amount from victims without being more than victims can pay. Update 2/17/2018: Like clockwork, another wave, all postmark dates Feb 12 2018. asking price seems to be north of $8k for all I’ve seen. Shocker this time is that multiple post offices were used: so far, I’ve seen Wichita KS, Richmond VA, Raleigh NC, and Denver CO. Which begs the question, who else has the blackmailer recruited to help, and who is sending what where? Update July 19, 2018 – There has been something like one wave every three weeks consistently since the last wave I noted for February 12, 2018. Only notable difference is that the asking price has jumped to around $15k. Update 31 August 2018: A twisted development has come to light. As of two weeks ago, the attacker has started to include a return address on the letters. The return addresses are for previous blackmail victims! Generally middle- or high-income neighborhoods though. Interesting because you can clearly see the waves of letters in my traffic spikes. Here’s USPIS inspector Kyle’s observation: The return addresses started about two weeks ago. The flat line before October 2017 was my traffic to that page for the entire year before that. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. The return addresses are secondary victims who are being recycled from earlier letters. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [redacted]. At this point, they are mostly attorneys and for the most part consistently being used from the same state as the postmark. I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. I won’t go into the specifics here in case your wife intercepts this, but you know what I am talking about. Those two options are either to ignore this letter, or simply pay me $2,000. You don’t know me personally and nobody hired me to look into you. It is just your bad luck that I stumbled across your misadventures while working a job around [nearby place]. I then put in more time than I probably should have [note: “looking into your life” has been removed.]. Frankly, I am ready to forget all about you and [wife name! So I am going to give you two options that will accomplish that very thing. Those two options are either [note: “to” has been dropped here] ignore this letter, or simply pay me $3,800 [or whatever other varying amount.] [new line break here] Let’s examine those two options in more detail. Let me tell you what will happen if you choose this path. I will take this evidence and send it to everyone in your life, [this part is new:] especially [wife name]. And as insurance against you intercepting it before she gets it, I will also send copies to her friends, family, associates, and all your neighbors on and around [street name of address letter sent to]. Now let me tell you what happens if you choose this path. You go on with your life as though none of this ever happened. So even if you decide to come clean with your wife, it won’t protet her from the humiliation she will feel when everyone she knows finds out your sordid details from me. Though you may want to do a better job at keeping your misdeeds [used to say indiscretion] secret in the future. At this point you may be thinking, “[Used to say “This is blackmail! ] I’ll just go to the cops.” [Used to say: “Yes, this is blackmail. And yes, blackmail is illegal and I would likely do some jail time if caught.”] Which is why I have taken steps to ensure this letter cannot be traced back to me. So that won’t help, and it won’t stop the evidence from ruining your life. [Used to say: “So going to the cops won’t stop the evidence from being sent out and would destroy your life the same as Option 1.”] I’m not looking to break your bank. I just want to be compensated for the time I put into investigating you. [Used to say here: “[amount] will close the books on that”] [snipped…] … I notice that in Brian Kreb’s transcription of the letter his reader sent him, the deadline was 12 days. Supposedly as an indicator that he actually knows something, I guess. payment must be received within 9 days of this letter’s post marked date. ] [Used to say: “There will be no further communication between us.”] If I don’t receive the bitcoin by the deadline, I will go ahead[…] the least you could do is tell [wife] so she can come up with an excuse to prepare her friends and family before they find out. In the 23 January 2018 wave, the attacker started beginning his letters with “My name is _______”. degree in Information Systems from the University of Pittsburgh. No two letters sent in to me have used the same name here so far. David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. His research interests include human-computer interaction and information security.

date: 22-Jun-2021 19:29next

,000 to spare” list, because I got targeted when I was a doctoral student ¯\_ツ_/¯. Are there such things as local letter-sending mules? Update 11/2/2017: By now, over two dozen people have contacted me. The other thing is that before, I got a letter postmarked from my local city (which was unnerving). Thought it would be interesting to share the Google Analytics traffic to this blog post. One on December 1st, postmarked from Chattanooga TN 374, asking 00. I typically get ~3-5 visits a day, but since Oct 25th I’ve had an explosion. A disproportionate number of people who have contacted me have been lawyers – seems the targeting is getting more sophisticated. Another on December 2nd, again from Nashville, TN 370. I’ve had 1,300 visits to the page in the past week, 960 of those being unique visits. One person reported that multiple people in their neighborhood received copies of the letter. Unsure about the dates of several sent in, but overall less people contacted me this time. If that’s any indication of the number of victims, that’s huge. Letter contents are exactly the same, except that the extortion amount has increased to either

Bitcoin blackmail letter

Got something very interesting in the mail a few days ago – a blackmail letter! Claiming that someone discovered that I have been unfaithful to my wife (which I haven’t been, I assure you). Obviously a phishing scam, but while these kinds of things may be common in email spamboxes, when USPS is used, it’s a felony. I did some research and it looks very much like a copycat of the Ashley Madison blackmail letters that went out last December, except the version I received only requires a name and an address. My name was only mentioned twice, and no other names were named. Compare the letter I received (below) to the Ashley Madison one linked above. It’s such a close match that it’s obviously related to AM, but who would have taken the time to start with a physical letter and then match the formatting exactly in their own word template? Doesn’t make sense, unless there’s just one guy doing all this, which I doubt. I suspect that the digital file template that was used in the original AM blackmails is being shared on the darkwebs, although I haven’t ventured out to confirm. Sharing of source material is common, especially when the originator is feeling the heat and needs plausible deniability. The envelope used a physical stamp, and was sent from “Pittsburgh 150.” Impossible to say exactly where that is, but 150 is the first three in the 5-digit zip for the wide Pittsburgh region. I sent my original copy to the Pittsburgh US Postal Inspector, and I also filed a report with my local borough police in case these guys are shot-gunning letters to everyone in the neighborhood. It kind of unnerves me to imagine someone as nearby as downtown taking the time to stuff the envelope and drop it in the mailbox with my name on it, though. The day I received it, I found myself on edge when cars slowed down in front of our house. I suspect they got my address from the same place that junk mailers got it from. We’ll see what the inspector general finds, if anything. I doubt they’ll get much from the letter I sent them since I handled it so much, but maybe they’ll find something somewhere else. On the cost issue from the perspective of the attacker: I’d be curious to know the response rates to postal letters versus spam emails, if the exact same message were sent out. I’d naturally predict that postal response rates would be much higher. But how much higher do they need to be, economically speaking? I’m having trouble finding an exact number (I know it’s in Brian Kreb’s , amazing book by the way), but an old estimate I found is that spam costs $0.00001 per email. So the response rate to a physical letter has to be at least 44,000 times higher than for a single spam email in order for it to make financial sense. At 50 cents each and at 2k payout you’d only need a response rate of 1/4000 in order to break even. Other considerations are that, for the letter I received, the attacker had to know that I am currently married, to a woman. My next curiosity is to see what’s available in the way of address list specificity. Shoot him an email, and cc me if you wouldn’t mind. Maybe there is a specific list of “addresses of people married to a woman.” That’d be interesting. You may also file a formal complaint on the agency website. I’d also be interested to see what the street value is of each bit of information, e.g. The Postal Inspection Service is the lead agency and is working with FBI and other federal and local agency regarding this scheme. the price of an address, birthday, home ownership status, credit cards owned, web searching behavior, etc. Due to the time sensitivity of this fraud, Inspector Parker requests you scan a copy of the letter and envelope as soon as possible to him directly. It was just bigger, and no one really understands why they (data brokers) have our information in the first place, so the audacity was off the chart and therefore it got a lot of media attention. But I need to prepare a bit more before I delve into the darkwebs. It is an email that reports that the blackmailer has compromised your computer camera and recorded you doing embarrassing things. Check https://haveibeenpwned.com/ to see which mega-breaches your email account(s) may have been involved in. To “prove” the claim, the attacker shows you one of your legitimate passwords. Your passwords have been compromised and leaked by a plethora of sites over the last decade or so, over and over again. Say you use the same password on linkedin as you do for your online banking portal. It’s a legit service run by Troy Hunt, security researcher. Your personal information has likely also been available for sale on the black market for years, too. Sponsored by 1password password manager, which I also