So you’ve been privately shamed
The Nigerian Prince ruled the spam scam scene since the early 90s — but now, there’s a new pretender for the throne. I call him the Pseudo Peeper. This nerd claims to be a modern leet voyeur who has taped your porn sessions with malware and webcams. Armed with your sordid past, he comes baying for bitcoin lest he unmask your terrible desires to everyone you know and love. [Scroll 👇 for an example I received]
These days, Nigerian Prince email scams are so far into the meme cycle that your uncle Geoff makes slightly off-colour jokes about them at family dinners, so it’s difficult to imagine anyone falling for one. The Pseudo Peeper, however, includes in his message personal details that surely only a hacker could know — like your account password 😱 💀
Actually, no. There have been a rake of data breaches from major websites in the past number of years, including big names like Linkedin, Adobe, Dropbox. When data has been stolen from these websites, it often included millions of people’s email and password combinations. These emails and passwords were dumped into massive databases, which are now available to purchase online relatively cheaply. The Pseudo Peeper buys a rake of email/password combos, writes one email, runs it through the database and can then send millions of mails, each with the “personal” touch.
The Peeper relies on the uncanny feeling of seeing your own password in the subject of an email. Even if the password is old or out of date, seeing something you considered private and secret reflected back at you openly primes your subconscious to accept his word that he can do the same with your sexual fantasies.
While both scams rely on a lack of subject familiarity and lashings of naivety, the Nigerian Prince appeals to your ego and greed. “£20 million for nothing? Sounds grand. Makes sense I’ve some royal connection, I’m a fucking Queen.” In this sense, for the interested receiver, a Prince mail adds a spark of excitement and frisson to the afternoon. The next few days can be happily wiled away imagining how to spend all the money, what to wear on visits to foreign embassies and other similar fantasies.
The Pseudo Peeper on the other hand is much more insidious, as he appeals to the reader’s natural sense of guilt, fear and shame. Written like a crap horoscope, it includes vague details that apply to the majority of internet dwellers (e.g. the assumption that you have seen internet porn), while including enough “personal” detail to make it seem tailor-made to you, e.g. your hacked password.
By alluding to “your secrets”, “you doing nasty things”, “your dirty details” and so on, the scammer encourages your own brain to fill the blanks with whatever most base, dreadful scenario it can muster up. You then, in effect, blackmail yourself in an entirely closed loop inside your own head, while attributing the content of the blackmail to the email.
And the nature of the content — the accusation that you have been watching something naughty and doing something naughty—makes it less likely that you will ask a friend or family member what they think about it. Your dad might check in with you on the Prince, but he could be too embarrassed to ask your thoughts on the Peeper.
Have I Been Pwned lets you check if your information has been compromised. It will tell you specifics on which sites, if any, have leaked your email and associated data into the nether regions of the internet. For me, that old email address with some password combination has been leaked by Dropbox, Tumblr, Linkedin, 8Tracks, Adobe, Bitly, Coachella, among others… thanks guys.
Check it out, and if you find you have been compromised, change your email password immediately, and also change the password for any other sites that use the same email/password combo. The guy behind Have I Been Pwned recommends 1Password for creating and storing unique passwords so every website login is different. You want to ensure the passwords you create are not reused across sites, do not contain single common words or words/numbers easily associated to you (like birthdays), and have a few symbols/numbers in them.
If you are nervous about remote access to webcam, buy a webcam cover or stick a Post-It over it when you’re not using it. I use one but mostly because I’m always eating at the start of video conferences and I don’t want to be caught with my mouth open.
Below is the full text of the email I received which prompted this post. Please share it if you found it useful. The more you know, the less they get. I just checked the fucker who emailed me, and his Bitcoin wallet is still at 0 — let’s keep it that way.
Subject: RE: [redacted — and no longer my password 😬] — acrowley
From: Chris Leombruno <fdtandrewuun@hotmail.com>
I will cut to the chase. I am aware [redacted] is your password. Most importantly, I’m aware about your secret and I have evidence of this. You do not know me personally and no one hired me to examine you.
It’s just your hard luck that I found your misadventures. In fact, I actually placed a malware on the adult videos (pornography) and you visited this web site to experience fun (you know what I mean). When you were busy watching video clips, your browser started functioning as a Rdp (Remote desktop) with a keylogger which provided me with accessibility to your screen and also web camera. Just after that, my software program gathered all your contacts from your messenger, social networks, and mailbox.
I then put in more hours than I probably should’ve digging into your life and made a two screen video. First part shows the video you had been viewing and second part displays the view from your web cam (its you doing nasty things).
Frankly, I am ready to forget exactly about you and allow you to continue with your regular life. And my goal is to present you two options that will make it happen. Those two options are with the idea to ignore this letter, or perhaps pay me $8000. Let us understand those two options in more details.
Option 1 is to ignore this e mail. You should know what will happen if you choose this option. I will, no doubt send your video recording to all of your contacts including relatives, colleagues, and so on. It won’t help you avoid the humiliation you and your family will need to feel when friends and family learn your dirty details from me.
Second Option is to pay me $8000. We will name it my “confidentiality tip”. Now let me tell you what will happen if you pick this option. Your secret remains your secret. I will erase the recording immediately. You go on with your daily life that nothing like this ever occurred.
Now you may be thinking, “I’ll just go to the cops”. Without a doubt, I have taken steps to ensure that this e mail cannot be tracked returning to me and yes it will not stop the evidence from destroying your life. I am not seeking to steal all your savings. I just want to be compensated for time I put into investigating you. Let’s assume you have chosen to create this all go away and pay me my confidentiality fee. You will make the payment through Bitcoins (if you don’t know how, search “how to buy bitcoins” on search engine)
Amount to be paid: $8000
Send To This Bitcoin Address: 13*Kc6z45FCtpPtfrXWBwxdZnWnQmyY1GFU (You need to Edit * from it then copy and paste it carefully)Share with no person what you would use the bitcoin for or they possibly will not provide it to you. The method to acquire bitcoin will take a couple of days so do not delay.
I’ve a special pixel in this mail, and right now I know that you have read this message. You now have 48 hours to make the payment. If I do not get the BitCoins, I will definitely send out your video to your entire contacts including relatives, colleagues, and many others. You better come up with an excuse for friends and family before they find out. Having said that, if I receive the payment, I will erase the video and all other proofs immediately. It is a non negotiable offer, thus do not ruin my personal time and yours. Your time has started. Let me remind you, my tracker is going to be tracking the actions you adopt when you are done reading this message. You should know If you do anything inappropriate then I’ll share your video recording to your close relatives, co-workers before your your deadline.
