An alleged email scammer who threatened me with sending an email with a video to 13 contacts on my wife's iPad if I didn't pay a ransom in Bitcoin.  Scammer's email for now is ojwayneys@outlook.com. This person is somewhere in Europe based on the email LMTP trail. 
Pro Tip: Never email scam someone that knows more about the Internet than you do.
If you are blackmailed by a scammer online, here is what you do:
1. Never pay them, even if they promise to delete it you can't be certain. The bomb has gone off, details will come out, so don't try defusing the bomb over again. Also, since they are liars and criminals, you can't assume they will delete it so they may be back in the future.
2. If the bomb has gone off, expose it all right away. There is nothing to worry about because nothing else is going to appear. There is nothing to extort if there is nothing to hide. As Thich Nhat Hahn advised: "the only way you give people power over you is if you let them." So put it all online and suffer the momentary embarrassment. Or not. There is nothing to extort if there is nothing hidden. Two weeks later people will have moved on. In this case I am making an example of this person. I emailed my scammer offering to put what he or she had and all the details online.
If that wasn't a convincing argument, remember that compared to Donald Trump, most of your supposed sins are pretty minor.
3. Find the source of the email sent to you, not the text window but the original SMTP / LMTP source code, and copy it all into a complaint with the FBI's IC3 internet criminal complaint. Look for a view menu item This scammer hid a white dot image (an old technique I learned about in 1992) to confirm I read the email. The stupid thing about that is, when you have remote content like a URL / URI for a white dot image request, that TRACKS BACK to the server where the scammer is hiding. It's in the email! If you send a URL request there is a record in servers there as well. This is not smart crime.
4. File a complaint against the scammer. You hit the submit a complaint button and follow the prompts. Enter all the data and include the email with all the email source code. That is the treasure trove data the FBI will use to find the individual. It's a long page but fill it out with everything and don't lie about anything.
5. One thing most luddites don't understand about the Internet: for email, there is NO anonymity. The two things an email server will do is either accept or NOT accept an email. If it accepts it, then it passes it on. If it rejects an email, it still logs which computer it was talking to when that happened. Whether it accepts it or not depends on things like how favourable your website is or if it is a spammer site. In either case it doesn't mean there is no record of transaction. The record goes all the way back to the computer that sent the original message in all cases. You can create a fake email and destroy it, but it always goes back to the devices handling the email. And if it has the IPV6 address they know right down to the device itself. As a scammer, you have just given yourself away like dancing in front of a security camera with your ID on your forehead at the liquor store you just robbed. Pure stupidity.
What this person has done is made themself a target of FBI investigation. It may take years to investigate, don't kid yourself, but if this email is mixed up in many extortions or organized crime, the FBI now has these people on the radar. If this account matches any other cases or metadata connecting people, all the associates are now on the radar. The funny thing is, the FBI may wait in the weeds for years, with criminals operating like they think it's OK, and then when they least expect it launch on their crime ring and take them all down.
6. Make sure you point out to them their email data is now in the hands of the FBI database. I sent the scammer an HTML page and images showing that information was in the hands of the FBI. This person was stupid enough to send an email from their account AND include their bitcoin wallet in the same email. This is moronic. The whole point of bitcoin anonymity is you can't link transactions to people. Take the bitcoin wallet address, the email address, and the internet address, this person has light themself up like a Christmas tree.
If this person was equally foolish to use the SAME Bitcoin wallet for many extortion attempts at the same time, goodbye to all that money from your scammings. It won't matter if at some point you clean out the bitcoin balance in the future, they will go back through blockchain and detail just how much was in there when they had proof of an extortion attempt. Blockchain saves everything!
7. Report this person to the scammer, phish, or abuse of terms email addresses for the email internet service provider.
If your scammer is using a Microsoft email like Hotmail, Outlook, and MSN, emails, here are the emails:
abuse@microsoft.com for any abusive behavior that violates terms of use.
phish@microsoft.com for any email from a phishing scam, and in this case extortion scam.
Save someone else from having this fun by alerting the big companies to these scammers.
Pro Tip: Never email scam someone that knows more about the Internet than you do.
If you are blackmailed by a scammer online, here is what you do:
1. Never pay them, even if they promise to delete it you can't be certain. The bomb has gone off, details will come out, so don't try defusing the bomb over again. Also, since they are liars and criminals, you can't assume they will delete it so they may be back in the future.
2. If the bomb has gone off, expose it all right away. There is nothing to worry about because nothing else is going to appear. There is nothing to extort if there is nothing to hide. As Thich Nhat Hahn advised: "the only way you give people power over you is if you let them." So put it all online and suffer the momentary embarrassment. Or not. There is nothing to extort if there is nothing hidden. Two weeks later people will have moved on. In this case I am making an example of this person. I emailed my scammer offering to put what he or she had and all the details online.
If that wasn't a convincing argument, remember that compared to Donald Trump, most of your supposed sins are pretty minor.
3. Find the source of the email sent to you, not the text window but the original SMTP / LMTP source code, and copy it all into a complaint with the FBI's IC3 internet criminal complaint. Look for a view menu item This scammer hid a white dot image (an old technique I learned about in 1992) to confirm I read the email. The stupid thing about that is, when you have remote content like a URL / URI for a white dot image request, that TRACKS BACK to the server where the scammer is hiding. It's in the email! If you send a URL request there is a record in servers there as well. This is not smart crime.
4. File a complaint against the scammer. You hit the submit a complaint button and follow the prompts. Enter all the data and include the email with all the email source code. That is the treasure trove data the FBI will use to find the individual. It's a long page but fill it out with everything and don't lie about anything.
5. One thing most luddites don't understand about the Internet: for email, there is NO anonymity. The two things an email server will do is either accept or NOT accept an email. If it accepts it, then it passes it on. If it rejects an email, it still logs which computer it was talking to when that happened. Whether it accepts it or not depends on things like how favourable your website is or if it is a spammer site. In either case it doesn't mean there is no record of transaction. The record goes all the way back to the computer that sent the original message in all cases. You can create a fake email and destroy it, but it always goes back to the devices handling the email. And if it has the IPV6 address they know right down to the device itself. As a scammer, you have just given yourself away like dancing in front of a security camera with your ID on your forehead at the liquor store you just robbed. Pure stupidity.
What this person has done is made themself a target of FBI investigation. It may take years to investigate, don't kid yourself, but if this email is mixed up in many extortions or organized crime, the FBI now has these people on the radar. If this account matches any other cases or metadata connecting people, all the associates are now on the radar. The funny thing is, the FBI may wait in the weeds for years, with criminals operating like they think it's OK, and then when they least expect it launch on their crime ring and take them all down.
6. Make sure you point out to them their email data is now in the hands of the FBI database. I sent the scammer an HTML page and images showing that information was in the hands of the FBI. This person was stupid enough to send an email from their account AND include their bitcoin wallet in the same email. This is moronic. The whole point of bitcoin anonymity is you can't link transactions to people. Take the bitcoin wallet address, the email address, and the internet address, this person has light themself up like a Christmas tree.
If this person was equally foolish to use the SAME Bitcoin wallet for many extortion attempts at the same time, goodbye to all that money from your scammings. It won't matter if at some point you clean out the bitcoin balance in the future, they will go back through blockchain and detail just how much was in there when they had proof of an extortion attempt. Blockchain saves everything!
7. Report this person to the scammer, phish, or abuse of terms email addresses for the email internet service provider.
If your scammer is using a Microsoft email like Hotmail, Outlook, and MSN, emails, here are the emails:
abuse@microsoft.com for any abusive behavior that violates terms of use.
phish@microsoft.com for any email from a phishing scam, and in this case extortion scam.
Save someone else from having this fun by alerting the big companies to these scammers.
 
No comments:
Post a Comment