Although there are plenty of computer attack vectors involving complex malware, online criminals favor effortless ways of gaining profit. Various social engineering hoaxes are therefore on the rise, focusing on deceit rather than distribution of harmful code. In the case of the “Save Yourself” email fraud, though, the felons may be leveraging viruses alongside commonplace human manipulation.
Table of Contents
What is the “Save Yourself” email scam?
There are numerous shades of extortion on the present-day Internet. Most people think of it as a ransomware attack that suddenly denies access to personal data, with a demand of a buyout coming afterwards. However, the online world is also chock-full of less sophisticated ploys, such as sextortion. The term itself is self-explanatory: malicious actors claim to possess some incriminating sex-related materials about the victims and ask for some form of payment for not disclosing the information to anyone else. The “Save Yourself” emails fit the mold of this widespread stratagem. The operators of this scam are sending messages to numerous people, purporting to have infected their devices with spyware via a drive-by exploit in an outdated browser version. According to the email, this infection has collected tons of sensitive details on the host system, including account credentials.
The pivot point of the fraud is a statement about the recipient having been spied on through their webcam. This is allegedly one of the capabilities of the attacker’s malware strain. Then, the message says the malefactor was able to record the user playing dirty in front of the camera. The email goes on to say that the next intended move of the ne’er-do-well is to publish the compiled videos on the Internet, including social networks, and to send them to all of the target’s contacts. The only way to prevent this scenario is to send $1,200 worth of Bitcoin to the con artist’s BTC wallet. There is a three-day deadline to feign urgency. Here is the full text of the fraudulent email:
Hi, I know one of your passwords is: [one of the victim’s passwords] – but not only that!
Your computer was infected with my private malware, because your browser wasn’t updated / patched, in such case it’s enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more – Google: “Drive-by exploit”.
My malware gave me full access to all your accounts (see password above), full control over your computer and it also was possible to spy on you over your webcam!
I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF, I must say – the result is some good material! :)
After that I removed my malware to not leave any traces and this email was sent from some hacked server.
I can publish the videos of you and all your private data on the whole web, social networks, over email of all your contacts.
But you can stop me and only I can help you out in this situation.
The only way to stop me, is to pay exactly 1200$ in bitcoin (BTC).
It’s a very good offer, compared to all that HORRIBLE SHIT that will happen if you don’t pay!
You can easily buy bitcoin here: www.paxful.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my wallet, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.
My bitcoin wallet is: [crook’s BTC wallet address]
Copy and paste my wallet, it’s (cAsE-sEnSEtiVE)
I give you 3 days time to pay.
As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it’s to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I remove all your data and you can life your live in peace like before.
Next time update your browser before browsing the web!
A particularly tricky element of the “Save Yourself” email sextortion scam is that the victim’s real password for one of their accounts is provided in the message. Of course, this adds some extra persuasiveness to the ruse, making it look like the sender has actually hacked the device. However, there is a more prosaic explanation to it. Perpetrators can buy databases of leaked user credentials in the cybercriminal underground, also known as the Dark Web. These details could have been stolen as a result of breaches that affected major Internet services in the past. Therefore, don’t be misguided by the indication of a password in the email.
One more flavor of the “Save Yourself” stratagem is that there might be some malware involvement in it, although not the type mentioned by the extortionists. Some people have reported an influx of these emails after clicking an enticing banner ad on a website. Perhaps this is a coincidence, but the fact is worth being aware of. The ties between potentially harmful ads and such emails are unclear and haven’t been verified so far, but there is a small chance that some offending code may actually sneak into systems this way and somehow facilitate the scam. One way or another, the top piece of advice in regards to these messages is not to fall for the extortion and never pay anything to the black hats. Another tip is to check the system for viruses and other forms of bad code, just to be on the safe side for good.
“Save Yourself” email automatic removal
The extermination of “Save Yourself” malware can be efficiently accomplished with reliable security software. Sticking to the automatic cleanup technique ensures that all components of the infection get thoroughly wiped out from your system.
1. Download recommended security utility and get your PC checked for malicious objects by selecting the Start Computer Scan option
2. The scan will come up with a list of detected items. Click Fix Threats to get the phishing removed from your system. Completing this phase of the cleanup process is most likely to lead to complete eradication of the infection. However, it might be a good idea to consider ascertaining the scam is gone for good.