{"id":23059,"date":"2024-06-26T16:29:32","date_gmt":"2024-06-26T16:29:32","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=23059"},"modified":"2024-08-29T22:37:04","modified_gmt":"2024-08-29T22:37:04","slug":"hello-perv-email-scam","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/hello-perv-email-scam\/","title":{"rendered":"Hello Perv"},"content":{"rendered":"

\u201cHello perv\u201d is the name for an email scam that got its name from the eponymous title. It aims at scaring the user and asking them to pay the ransom<\/strong> in cryptocurrency, in exchange for not publishing explicit content. These emails are sent in thousands, targeting people all around the world, sometimes even misfiring by sending these letters to tech support addresses.<\/p>\n

Such scam emails typically straddle users\u2019 unawareness about how malware and the overall cybercrime world normally work. They take the claims about collected personal information for granted and obey any of the further guidelines. However, there are quite a few signs of these messages being complete and utter scams<\/strong>, and I am going to reveal all of them in this post.<\/p>\n

Hello Perv Email Scam Overview<\/h2>\n

Hello Perv is an email scam that circulates for several months already, gaining significant popularity at the end of June 2024. Fraudsters send them to different emails in hundreds, if not thousands, hoping for gullible people to believe the text and follow the instructions<\/strong>. The email contains threats of publishing explicit graphical content that the hacker has allegedly collected using spyware.<\/p>\n

<\/span>Click to see the full email text<\/div>
\n
Subject: You are my victim.
\nHello, Perv.
\nYou’ve been looking at porn sites recently.
\nOne at them had my virus on it.
\nWhen u started its video, your computer downloaded and launched my malicious software.
\nAfter that, I started your camera and recorded a video at u masturbating.
\nI’ve gathered all its contacts from your computer.
\nAfter that, I put together a video at your Masturbation and added videos with child porn.
\nIn my version at its video, u masturbate to sex with kids.<\/p>\n

I’m giving u its opportunity to save your life!
\nBelow I will provide u with its address at My bitcoin wallet.<\/p>\n

Send me 500 EURO in BTC.<\/p>\n

BTC wlt – 1Pdf1QMXH7e9957vhMskAFKQNi79eoa9Rm, 1JVMTup4zuS1JMGXAYYRgvyr2PUmNnY6g2
\n(If you don’t know what bitcoin \/ write to buy bitcoin in Google)
\nYou have 24 hours after reading its letter.
\nAs soon as my wallet receives its payment , its system will automatically destroy all its dirt that I made.
\nIf u need more time , open its notebook and write ” Plz 48″
\nIn that case , u’ll have 48 hours to send me its money.
\nIf after a time, I do not see its money in my wallet.
\nI’ll send my dirt to all your colleagues and friends right away.
\nI can see everything u’re doing on your computer , so don’t try to trick me.
\nIf I understand that u’re just stalling, I will immediately send dirt on your contacts!
\nHurry u have little time, save your life!<\/div><\/div>\n<\/div><\/div>\n

The demand of the email, as you can see above, is about sending a sum of money (typically ~\u20ac500) in Bitcoin to a cryptocurrency wallet. One outstanding detail here is that the hacker provides the ability to get extra time to pay the ransom. Overall, the email body is built around social engineering tricks, while having a lot of manipulative facts and logical mistakes. Let me explain each one of them, so you will have a better understanding of how con actors manipulate people and how to detect such scam emails in the future.<\/p>\n

Revealing Introduction & Malware Description<\/h3>\n

Hello Perv fraudulent email did not really try to prolong the narrative. From the very beginning, the fraudster talks about infecting the device through a site with adult content. Further, they claim to start recording from the web camera and capturing the process of the victim touching themselves. To make matters worse, the hacker claims manipulated the resulting video<\/strong> to make it look like the user was watching a prohibited category of adult videos.<\/p>\n

A thing that scares a lot of people is that they see this email being sent from their own address. This may look like hackery, but is, in fact, a rather easy trick of sender email spoofing<\/a>. It only requires using a specific email client, that allows tinkering with email metadata. But nonetheless \u2013 this makes enough people believe the scam is genuine.<\/p>\n

\"Hello
User complains about the scam email being sent from his own email<\/figcaption><\/figure>\n

One major fault here is the story about hacking the computer through an infected browser page. Well, this is totally possible \u2013 browsers may be vulnerable to code injections and other flaws. But applying such a technique in attacks on individual users is simply unreasonable. Exploiting vulnerabilities is more suitable in attacks on corporations, where potential profits are much higher.<\/p>\n

\"Approach<\/p>\n

There is also an old-new tactic<\/a> of hacking the site and putting the \u201cupdate your browser\u201d banner on top of all the content. Clicking the update button will lead to malware downloading, and the user will likely execute it thinking it is a genuine update. Thing is \u2013 all the malware families deployed in such a manner are well-known and do not operate in the way the hacker describes<\/strong>. Doing what spyware operators normally do \u2013 collecting credentials and selling them on the Darknet \u2013 is more profitable and takes less effort.<\/p>\n

Ransom Demands<\/h3>\n

After the rapid introduction, the \u201chacker\u201d puts out the demand: pay a ransom to a cryptocurrency wallet and no explicit videos will make it to the public. Typically for this specific email campaign, ransom amounts are around \u20ac500, though it may change in future. As I\u2019ve already mentioned, there is a possibility to extend the ransom payment deadline for another 48 hours. One particularly interesting clue here is the Bitcoin wallet: its statistics uncover how \u201csuccessful\u201d this scam is.<\/p>\n

\"Hello<\/p>\n

It is possible to see the Bitcoin wallet balance & history using free blockchain explorer tools. A few clicks \u2013 and voila, we now can see when and how much was paid to the wallet in the past. Throughout the extensive list of wallets, the majority have just a few transactions<\/strong>, with a total sum of $4-6k. Interestingly, the sum of some of the incoming transactions is twice of what is the current bid of the scammer. This implies that the fraudster either uses the wallet for several scam campaigns, or forces victims into paying more, possibly after extending the deadline.<\/p>\n

Threats of Publishing Explicit and Compromising Videos<\/h3>\n

Strangely, the actual threats go after the ransom demand \u2013 not a usual tactic for this kind of scammers. Though, it was rather obvious where all this is going<\/strong>: \u201chacker\u201d threatens to publish the compromising video to all the victim\u2019s social media pages, so all friends and colleagues will see this abomination. And the forbidden character of the video suggests that this may be the reason for law enforcement to turn their attention.<\/p>\n

Obviously, same as pretty much any other email scam, this one ensures the user about watching their computer and user\u2019s actions. Shall the user try to trick the scammer, they will translate their threats into actions. Though, I wonder how the scammer will track a police call from your phone? Or from a friend\u2019s phone? Once again, the email is full of rather obvious logical mistakes, and that’s just another one. Most of them are clearly visible even to people without much knowledge in cybersecurity, it’s merely about cold-minded analysis.<\/p>\n

Any chances the computer is infected?<\/h2>\n

Despite the Hello Perv email being a blatant scam like a Professional Hacker Scam<\/a> or Pegasus Scam<\/a>, there is still a possibility that malware once was present in your system. Some variations of such email scams may additionally scare people by showing them their (old) passwords. This pretty much forces users into believing the fairy tales about advanced spyware and all-encompassing tracking. To be sure your system is clean of any spyware, consider scanning it with GridinSoft Anti-Malware: it is capable of finding and eliminating even the most recent spyware samples.<\/p>\n

\"Hello<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\u201cHello perv\u201d is the name for an email scam that got its name from the eponymous title. It aims at scaring the user and asking them to pay the ransom in cryptocurrency, in exchange for not publishing explicit content. These emails are sent in thousands, targeting people all around the world, sometimes even misfiring by […]<\/p>\n","protected":false},"author":7,"featured_media":23095,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[4],"tags":[619,1223,348],"class_list":{"0":"post-23059","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips-tricks","8":"tag-cybersecurity","9":"tag-email-scam","10":"tag-online-fraud"},"featured_image_src":"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2024\/06\/hello-perv-email-scam-featured.webp","author_info":{"display_name":"Stephanie Adlam","author_link":"https:\/\/gridinsoft.com\/blogs\/author\/adlam\/"},"_links":{"self":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/23059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/comments?post=23059"}],"version-history":[{"count":9,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/23059\/revisions"}],"predecessor-version":[{"id":26821,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/23059\/revisions\/26821"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media\/23095"}],"wp:attachment":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media?parent=23059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/categories?post=23059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/tags?post=23059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}