11
Jan 18

Bitcoin Blackmail by Snail Mail Preys on Those with Guilty Conscience

KrebsOnSecurity heard from a reader whose friend recently received a remarkably customized extortion letter via snail mail that threatened to tell the recipient’s wife about his supposed extramarital affairs unless he paid $3,600 in bitcoin. The friend said he had nothing to hide and suspects this is part of a random but well-crafted campaign to prey on men who may have a guilty conscience.

The letter addressed the recipient by his first name and hometown throughout, and claimed to have evidence of the supposed dalliances.

“You don’t know me personally and nobody hired me to look into you,” the letter begins. “Nor did I go out looking to burn you. It is just your bad luck that I stumbled across your misadventures while working on a job around Bellevue.”

The missive continues:

“I then put in more time than I probably should have looking into your life. Frankly, I am ready to forget all about you and let you get on with your life. And I am going to give you two options that will accomplish that very thing. These two options are to either ignore this letter, or simply pay me $3,600. Let’s examine those two options in more detail.”

The letter goes on to say that option 1 (ignoring the threat) means the author will send copies of his alleged evidence to the man’s wife and to her friends and family if he does not receive payment within 12 days of the letter’s post marked date.

“So [name omitted], even if you decide to come clean with your wife, it won’t protect her from the humiliation she will feel when her friends and family find out your sordid details from me,” the extortionist wrote.

Option 2, of course, involves sending $3,600 in Bitcoin to an address specified in the letter. That bitcoin address does not appear to have received any payments. Attached to the two-sided extortion note is a primer on different ways to quickly and easily obtain bitcoin.

“If I don’t receive the bitcoin by that date, I will go ahead and release the evidence to everyone,” the letter concludes. “If you go that route, then the least you could do is tell your wife so she can come up with an excuse to prepare her friends and family before they find out. The clock is ticking, [name omitted].”

Of course, sending extortion letters via postal mail is mail fraud, a crime which carries severe penalties (fines of up to $1 million and up to 30 years in jail). However, as the extortionist rightly notes in his letter, the likelihood that authorities would ever be able to catch him is probably low.

The last time I heard of or saw this type of targeted extortion by mail was in the wake of the 2015 breach at online cheating site AshleyMadison.com. But those attempts made more sense to me since obviously many AshleyMadison users quite clearly did have an affair to hide.

In any case, I’d wager that this scheme — assuming that the extortionist is lying and has indeed sent these letters to targets without actual knowledge of extramarital affairs on the part of the recipients — has a decent chance of being received by someone who really does have a current or former fling that he is hiding from his spouse. Whether that person follows through and pays the extortion, though, is another matter.

I searched online for snippets of text from the extortion letter and found just one other mention of what appears to be the same letter: It was targeting people in Wellesley, Mass, according to a local news report from December 2017.

According to that report, the local police had a couple of residents drop off letters or call to report receiving them, “but to our knowledge no residents have fallen prey to the scam. The envelopes have no return address and are postmarked out of state, but from different states. The people who have notified us suspected it was a scam and just wanted to let us know.โ€

In the Massachusetts incidents, the extortionist was asking for $8,500 in bitcoin. Assuming it is the same person responsible for sending this letter, perhaps the extortionist wasn’t getting many people to bite and thus lowered his “fee.”

I opted not to publish a scan of the letter here because it was double-sided and redacting names, etc. gets dicey thanks to photo and image manipulation tools. Here’s a transcription of it instead (PDF).

Tags: , ,

98 comments

  1. Where was the postmark from?

    The use of the word “sordid” doesn’t seem very common in American English. I wonder if it’s someone abroad with one or more accomplice in the U.S. to drop the letters in the mail.

  2. I don’t know if “remarkably customized” really fits. The letter uses the recipient’s first name and town, but the scammer would need both of those things to send the letter in the first place.

    The only real innovation here is using postal mail, which won’t be algorithmically filtered as spam. Of course that increased the scammer’s costs by multiple orders of magnitude, but my feeling is it was probably worth it.

  3. I like send this kinds of mail to me@rescam.org and wait
    https://www.rescam.org/

    • Brian, can you share your opinion on the usefulness, safety of using rescam.org? I’d love to zap the scammers sending me stuff but worry about getting MORE!
      thanks for a fabulous website.

      • I scambait the romance scammers since I get them regularly. It used to net some good things, would be able to string them along readily. However, most of them now just go for copy and paste. You can send them anything and they will just send a block of text that was clearly not customized at all back to you. Zero effort, nearly-zero time. Unless you can actively engage them (perhaps 419 scammers are still vulnerable to this?) it’s a waste of time.

        I even checked out their examples and looked at the “romance scam” example. That was clearly two bots talking to each other.

        (That website’s design is also atrocious — whoever signed off on that needs to be publicly flogged with a HTML5 manual.)

  4. I wonder if the extortionist was smart enough to use gloves when handling the letter, or use a sponge to wet the envelope? There’s a good chance he’ll get caught.

  5. Slightly off-topic but interesting nonetheless…

    About a year ago, a client of mine got hit with ransomware and made the business decision to pay up to get his data back. I did not approve but faced with the destruction of his business, I could understand his position.

    As usual, the actor demanded payment in Bitcoin which the client knew nothing about. I helped him buy some to pay the ransom and he decided to buy about 3 times more than he needed in case he got hit again.

    Two weeks ago, he cashed in the balance of his BTC and pocketed a very nice profit.

    He now thanks his lucky stars the day he got hit with ransomware and used some of the profit to improve the security posture of his business. Result!

  6. Could be more of those letters in the mail soon, and ones that might be much more targeted: https://www.vanityfair.com/news/2018/01/brotopia-silicon-valley-secretive-orgiastic-inner-sanctum

  7. I agree with Clint that at least two scammers are at work here. Also, several grammatical and usage peculiarities are clues as to their nationalities. First the overall “tone” suggests they are educated but not scholarly (incomplete sentences, excessive avoidance of contractions, misuse of verb tenses, etc.) but I believe at least one is American or has lived in America for awhile. Hopefully the cheaters don’t compound their stupidity by paying the “fee” and the USPS can assist in apprehending the scammers.

  8. Has the bitcoin wallet received any funds? Not that this is the definitive way to find out if someone falls for it, but interesting nonetheless.

  9. IRS iTunes Card

    Why isn’t the US Postal Inspector looking into this matter ?

    • I’m sure that’ll be on the next episode of CBS’s “The Inspectors”.
      Its educational and informational.

  10. I find it interesting that the scammers would spend the time and resources for such a ploy.

    Someone actually took the time and spent the money to print, envelope, address, and stamp for a scam that would likely have a relatively high failure rate. The success of such a ploy requires the target to be 1)married, 2)unfaithful at some level of perceptible concern, and 3)gullible/paranoid enough to not see the scam for what it is.
    Maybe the snail mail approach is attempting to bypass the critical thinking that many do with spam email.

    Of course… if only one payment response would pay the bills, then any other payments would be profit.

    • Don’t forget, the scammer can do basic research on people BEFORE sending the letters, such as reviewing the person’s social media accounts, etc.

    • “Someone actually took the time and spent the money to print, envelope, address, and stamp for a scam that would likely have a relatively high failure rate.”

      Just like any other direct mail campaign.

      • Not really. I doubt they went through the trouble of registering with USPS as a direct mailer to qualify for discounts on bulk mailings, since that would leave a huge paper trail.

        All they did in Dave’s case was put a stamp on an envelope and mail it, which they likely paid full price for. Though I suppose they could have broken into their grandma’s house and stolen all her stamps.

        It would be interesting to compare dates and postal codes (of the sender) on the envelopes with enough data points. Could be a few people doing this but it could just be one lonely guy couch surfing their way around the country.

  11. Hi, Brian. If I’m not mistaken, you are referencing a post you saw on my blog, The Swellesley Report (www.theswellesleyreport.com). If I’m correct, could you credit us in your post please? Best, Deborah

    • He links directly to your site.

    • Hi Deborah. I do already link to your site and story. Not sure what else you want me to do. If you want I can send you the redacted scan of the letter my source got. I only found your story after searching online for text from this letter.

      • I suppose you could mention them by name beyond “that report”.

        Something like “the report on …”.

    • I wonder if people who are colorblind can’t see the “link”.

      It isn’t underlined to be very obvious but there is a link there. Look for the different color.

  12. George Lundgren

    I researched this after a colleague received the same letter. We found this blog post from 2016, with recent updates, which shed some light on the situation for us.

    https://daveeargle.com/2016/10/24/I-received-a-blackmail-letter/

    • George, Thanks for the link to your great page on this subject! I skimmed over the entire thing and was very impressed with your work you have done, and posting to help others understand the scam. When I saw the scan of the envelope used, I had to smile! The Bitcoin Blackmailer used a window envelope! That alone should have tipped off people about the scam, even those involved with affairs. ๐Ÿ™‚ And I use to work for Permit1.com so I know that a bulk mail customer could be located anywhere and the mail house will take care of the printing and everything else needed to send the mail locally. This scam could be backed by organized crime, but it’s got to be someone with the financial resources to make it happen. Good direct mail response rates used to be 2%, but depending on the average rate of extra-martial affairs the scammers could be doing MUCH better!

      • Hi Chris,

        Can you explain why the window envelope is a tip that it is a scam?

        I’m taking a shot–a window envelope allows you to print the recipients’ names rather than write it by hand. This makes it more efficient to send letters in bulk. If the blackmailer really had any dirt, you would expect the letters to be more… “personalized”–probably with creepy erratic handwriting from a sharpie.

        Thanks!

      • Interesting. Is it realistic, though, to think the process is so automated that the mailing firm would never actually read what they are sending? Not saying we should hold them responsible, but it wouldn’t seem too hard for them to just verify that the content is legal.

    • Really impressive post. And, that looks EXACTLY like the letter my source got. I chose not to publish it because it is double-sided, and when you redact names etc on images someone can use photoshop and other tools to actually enhance the text on the reverse of the printed page, potentially exposing bits that you redacted on the other side.

      A good friend Bryan Seely showed me in about 10 seconds what he could do with photoshop to read the text on the reverse of the letter my source shared, and after that I decided it wasn’t worth printing the letter in my post because I would then be endangering my promise to the source to redact his name from the letter.

      • Just saw you all talking about this up above in the comments. Didn’t consider the double-sided photoshop privacy threat… I suppose it’s okay for the scans of my letter since those real estate records were public anyhow (and I’ve since moved), but I’ll take the link down for the other letter posted.

  13. I loved the message about the person that paid in Bitcoin and then made a profit on the extra amount he put in his account. It may be true, but sounds fake to me. Early investors in a Ponzi scheme often make money at the expense of those that invest later.

    The use of postal mail and the content of the message makes me think it’s a native English speaker, but not from the USA. Perhaps someone on a work visa. I would look for this scam to start demanding lower payment amounts so it begins to work. Someone with something to hide may easily turn over $500-$1,500 but higher amounts make that more difficult.

    Of course, no one should every pay a demand like this.

  14. What strikes me is that the lengthy “How to” get Bitcoin guide is specific to the demand letter. There are many references to “you” and “me” within the how-to guide.

    The letter receiver is suppose to think the sender wrote the whole how-to guide just for their one letter? I wouldn’t think so. That section alone, with no personal references, screams “form letter” to me.

  15. This has been going on for a while, with several large waves of letters going out. I’ve been writing about it here: https://daveeargle.com/2016/10/24/I-received-a-blackmail-letter/

    Two letter scans posted on my blog

  16. The real victims will be the innocent guys whose wives open the mail that comes to their home.

  17. Hi Brian, Hi Chris (Eargle),

    Great articles and information by both of you!

    I’m wondering about the quality of the print of the blackmail letters. By ‘quality’ what I mean is, can you tell if it was printed on a laser printer vs inkjet printer vs something else? My question goes to the idea of tracking. For many years now all laser printers, and probably other printers, have embedded forensic tracking codes.

    Per the Electronic Frontier Foundation in 2017, “All recent commercial color laser printers print some kind of forensic tracking codes”. (https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots)

    If you obtain a few of the original letters you might be able to take your investigation a step further.

  18. Who pays the miner fee for Bitcoin transactions? Is there any way for the victim/scamee/payer to force the scammer /recipient to pay the fee? Then repeatedly send them 0.00000000000000001 BTC or the smallest possible unit and let them get overwhelmed by transaction costs.

    • Do you also try to annoy arsonists and murderers?
      Annoying a criminal isn’t an effective way to protect your life, home, or reputation.

    • Not endorsing, but to answer your question:
      BTC is “sender pays”. There’s no way that I know of to force the receiver to pay.

      It might be possible with Ethereum smart contracts, but the contract would show the amount on offer.

  19. That is an expensive campaign. At $0.49USD (2017 rate) per letter, plus materials, labor, etc., they better hope they are successful.

  20. Aleksey Mikhaylov

    If I were to guess – there’s some Nigerian or West African connection. Smells of it.

    • i think yep..smelss like african:D

      • This ‘boymen’ sexually-underdeveloped troll need to go work on accentuating his more masculine features, rather than be a punk for its own sake.

    • Nazi -> gallows

      Actually since you’re being a racist *hole it probably comes from your third world potato farm, you greasy chisler.

  21. ToCatchAScammer

    Brian,

    I’ve read a few places that they’ve gotten blockchain analysis figured out well enough that most bitcoin transactions can be traced. In cases like this with ransoms – would it be possible to identify both these criminal’s wallets and anywhere they might try to send the ransom money, and with this possibly either 1) blacklist the wallet so it can’t be used or sold or 2) trace whoever eventually tries to cash it out?

  22. A lot of postmarks have the date and time. Given the increase in surveillance of postal facilities after the anthrax attacks it wouldn’t surprise me if postal inspectors could narrow the suspects down to those who dropped off mail between collection times.

  23. btc is finish! and will fall soon…even for scammers its not very smart way to use, im sure now everybody wait for when all otehrs like eth and bch will get popular and people get familiar with those others…im not sure what will happend with bitcoin…i guess it will fall big time

    • As much as I would like BTC to die (for a wide variety of reasons), there’s just too many illegal things people want to buy for it to ever go away at this point. I will gleefully rub my hands when the speculative bubble finally bursts.

      • ask urself,would rather get stabbed or scammed? both ways not nice,but we live in unfair world.
        in thirdworld countries people get beheaded,and western compfrot countries people have scams and frauds.

        • Are you high right now?

          People get killed for money every day in the US, and nobody is being beheaded in robberies – you’re being retarded again, Trumpy.

  24. Not too long ago there were remailing services that would, for a small fee, bulk remail letters, etc.

    You would send them the items you want remailed and they would drop them at different post offices,

    I believe that the post office has changed rules to prohibit such remailing services but I would not be surprised if they’ve simply gone underground. It is a profitable business.

    • Two weeks ago I got what I thought was a scam email. It was for a freelance job that sounded like they wanted me to receive mail packages and mail them on to other addresses. I deleted it.

  25. Wonderful post. thanks for sharing

  26. I received the same blackmail letter on January 13th. The scammer demanded to send the payment to

    12Vc8NEu93qbbscXhoxzvFd7KJo5WaZSWh

    I will forward the letter to a local police.

  27. If the scammer is finding victims by reading social media postings, this is another reason not to put personal stuff on the internet.

    • My suspicion is that the attacker is just using the same lists that junk mailers use. Only identifying information in the letter is name and address. Also only needs martial status and occupation (judging by the high ratio of lawyers targeted). I’d expect more personalization from social media pulls.

  28. I have received a blackmail letter on January 14th too. Currently, I am India I just checked my email today.i just delete the message after I been through and restarted my Laptop. Now I am not able to login to my email. so irritating don’t know it is related to the email

  29. the content of the letter received are virtually word for word random emails that have been being received to our business purportedly to our clients for months

    the thing is all our clients’ email address that are being sent to are aliases and no client has any authorized ability to access any inbox

    Header IPs have all resolved to domains indicating Russia and eastern Euro countries

  30. Iโ€™m just sorting through a stack of mail that piled up and lo and behold my husband got one of these too. The date for paying blackmail has passed so I guess we will see what drops next. Was glad to find this page as the letter that your friend got is practically verbatim for what was sent to my husband. Postmarked from Evansville, IN โ€” January 2, 2018.

    The only difference I saw was the request for $3,450 in bitcoin vs 3,600.

    Receiving bitcoin address is included on the letter. Iโ€™m forwarding this to the police.