"I have to share bad news with you" scam. How to avoid being fooled?

You may have wondered seeing the email saying something like “I have to share bad news with you”. This message usually continues with a scary saying that a crook has some compromising materials on you. To avoid publishing that content, fraudsters offer you to pay a ransom in Bitcoins. I will show you why it is a 100% lie, and how to ensure that your private information is safe.

“I have to share bad news with you”. What is this?

The fraudulent “I have to share bad news with you” message which states that a third party has some compromising information on you. As email states, crooks injected trojan viruses (spyware is implied) into your PC, gained access to all your devices, and spied on your activities. They say that they have a video of you self-satisfying with porn videos. To avoid publishing that video, you need to pay a significant ransom to the specified Bitcoin wallet. The exact text is there:

Click to see email text

Greetings!
I have to share bad news with you.
Approximately few months ago I have gained access to your devices, which you use for internet browsing.
After that, I have started tracking your internet activities.
Here is the sequence of events:
Some time ago I have purchased access to email accounts from hackers (nowadays, it is quite simple to purchase such thing online).
Obviously, I have easily managed to log in to your email account (xxxxxxxxxxxxxxxx).
One week later, I have already installed Trojan virus to Operating Systems of all the devices that you use to access your email.
In fact, it was not really hard at all (since you were following the links from your inbox emails).
All ingenious is simple. =)
This software provides me with access to all the controllers of your devices (e.g., your microphone, video camera and keyboard).
I have downloaded all your information, data, photos, web browsing history to my servers.
I have access to all your messengers, social networks, emails, chat history and contacts list.
My virus continuously refreshes the signatures (it is driver-based), and hence remains invisible for antivirus software.
Likewise, I guess by now you understand why I have stayed undetected until this letter…
While gathering information about you, I have discovered that you are a big fan of adult websites.
You really love visiting porn websites and watching exciting videos, while enduring an enormous amount of pleasure.
Well, I have managed to record a number of your dirty scenes and montaged a few videos, which show the way you masturbate and reach orgasms.
If you have doubts, I can make a few clicks of my mouse and all your videos will be shared to your friends, colleagues and relatives.
I have also no issue at all to make them available for public access.
I guess, you really don’t want that to happen, considering the specificity of the videos you like to watch, (you perfectly know what I mean) it will cause a true catastrophe for you.
Let’s settle it this way:
You transfer $1650 USD to me (in bitcoin equivalent according to the exchange rate at the moment of funds transfer), and once the transfer is received, I will delete all this dirty stuff right away.
After that we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me, I keep my word.
This is a fair deal and the price is quite low, considering that I have been checking out your profile and traffic for some time by now.
In case, if you don’t know how to purchase and transfer the bitcoins – you can use any modern search engine.
Here is my bitcoin wallet: 1L6XxPRuLJdr6JCqw8dwNUm1wFLisrGREL
You have less than 48 hours from the moment you opened this email (precisely 2 days).
Things you need to avoid from doing:
*Do not reply me (I have created this email inside your inbox and generated the return address).
*Do not try to contact police and other security services. In addition, forget about telling this to you friends. If I discover that (as you can see, it is really not so hard, considering that I control all your systems) – your video will be shared to public right away.
*Don’t try to find me – it is absolutely pointless. All the cryptocurrency transactions are anonymous.
*Don’t try to reinstall the OS on your devices or throw them away. It is pointless as well, since all the videos have already been saved at remote servers.
Things you don’t need to worry about:
*That I won’t be able to receive your funds transfer.
– Don’t worry, I will see it right away, once you complete the transfer, since I continuously track all your activities (my trojan virus has got a remote-control feature, something like TeamViewer).
*That I will share your videos anyway after you complete the funds transfer.
– Trust me, I have no point to continue creating troubles in your life. If I really wanted that, I would do it long time ago!
Everything will be done in a fair manner!
One more thing… Don’t get caught in similar kind of situations anymore in future!
My advice – keep changing all your passwords on a frequent basis

As you can see, crook says that his virus is undetectable, since it is driver-based and updates constantly. At least this fact is a marker which surely says that these claims are fake. Anti-malware software can easily detect malicious items among the drivers, just like in case of virus injection into any other system element. Moreover, even if the virus is designed so well, and antivirus software cannot detect it because it misses all detection databases, it will surely be spotted by the heuristic engines. Last ones are used in the security tools with a proactive protection function.

“*Do not reply me (I have created this email inside your inbox and generated the return address).” Sounds like a tale for children who don’t know how mailing clients work. You can’t see the message created on your device in the Inbox tab. Hence, you will likely spot it among the messages in Drafts, or in Sent. So, the fraudster is definitely lying, in order to scare you and force you to think that he is omnipotent. In fact, he/she just tries to scare you and force you to pay the ransom.

In my opinion, it is just unlogical to extort money in such a primitive way when you can create a spyware which integrates into the victim system on such a low level. Software engineers can easily get a well-paid job, so there is no need to extort small amounts of money through cybercrimes.

Identifying the scam

The correct name for “I have to share bad news with you” fraud is blackmailing, or so-called sextortion. Exact definition of it says that this is the case when an unknown person extorts money, threatening to publish your naked photos or videos where you are making some sort of lewd actions. As you can see in the previous paragraphs, fraudsters have a lot of dubious elements in their claims. In past cases of blackmailing, crooks used the email database purchased in Darknet. The victim can be a deeply religious person who does not visit any “adult” sites, but those crooks do not care about such possibilities.

Heading	“I have to share bad news with you”
Classification	Blackmailing, money extortion
Ransom amount	$750-$1650, €1200-€1250, ₩200,000
BTC wallet addresses	12sLp7GKLznuNRq62TFkjqqQQZ6JYmRoRA, 1Hjpu99iHc3oi55ZJKf6RHhKbwit8vEzTS, 1DyrpsBJnuZyUt6gpJK1Pmpq5zMetdPALt, 14AhgtTrXKHGcUsWJRsshN3HPu64rLdxB6, 1H9sA9Che7bdg4SVrAjj8jwUyvK9A3cnQC, 1FD71hUPhsi7hLarvx5ueBxaeEHYfp8o7H, 15NQNgBXsTjdmXEaobxKJdk6d18FerjSuW, 1G6tobNb4DdEJxaaKxyivp2xdqCtdwhaSS, 17sJ89mf4ZLaMfrw9obMDAGptoTFzPBqmX, 1Ps2HsbfZ9yuCyFzWdWFwMgnHGgs9Bnv5h, 18gi6L2coL8oU3v7BT9s7sex1MSepMS4dF, 1GGZpqXsqKWSRnjJ1SHFaE5VPkMHHsKToX, 1KpNtDDNCP1QeApSwjSTG7a3KcXx2aKVi9, 133MphKowvCC1PDyfZVF9L76mQvxTtRY93, 16aqr3rXxCtxa8AK3ErftnBQLfzyyhjpXJ, 1xPr18gM8YKsaiUkGz9MgpjtwcBQcME2i, 1L6XxPRuLJdr6JCqw8dwNUm1wFLisrGREL
Form	Scary email message
Prevention method