Issue:
I have received an email asking for bitcoin. Email sender claims to have either installed a Remote Access Trojan (RAT), recorded me performing inappropriate, embarrassing or serious acts.
Resolution:
The content of the submitted e-mail is common in mass-blackmail spam campaigns. The threat actors utilize fear tactics to force a victim to pay the enlisted amount, usually to a bitcoin wallet to maintain anonymity. With these cases, they often collect e-mails from public records (such as leaked personal databases from compromised websites) and are not necessarily targeted towards a specific individual.
We would suggest customers who receive such e-mails to ignore any demands made by the threat actor as they often hold no value and are not malicious in any way, but rather try and convince the victim into thinking that they have been, for instance, exposed in some way (e.g. inappropriate pictures).
You may forward such e-mails, which you may believe to be spam for spam re-categorization by following the link below:
- If you have SPAM or HAM or Phishing, please send all headers, all MIME structure, all body text to:
- For Spam: spam-samples@email-samples.f-secure.com
- For Ham: ham-samples@email-samples.f-secure.com
- note: Ham samples are emails which are wrongly marked as spam, ie False Positives
- For Phishing: phishing-samples@email-samples.f-secure.com
You can also Open a Customer support case and share the email samples, so it can be checked by our Malware team for analysis.
As a protective measure, please change the password of any services on which you have used the password mentioned in the blackmail email. Also run a full scan of your computer and log out from other devices that use your email address.
Article no: 000009335
