Well, that’s interesting.

I just got a bitcoin ransom threat via email. Immediately reported it to IC3 and FTC. Obviously didn’t reply or pay.

Apparently this type of threat is familiar and known to be false. Several commenters on the FTC blog pasted the text of the threat, which was exactly the same as the one I received except for the amount.

The hacker showed off the password I use for WordPress. Yesterday I noticed a “viewer” in India, and the ransom email is written in India syntax. Might be correlated, might not. Immediately changed the password, though WP might not be the source.

I know the threat is fake because the hacker claims to have a video that couldn’t exist. I haven’t visited any porn sites, and I don’t have a webcam or any other camera connected to my computer. (Many of the FTC commenters said the same thing.)

The hacker also claims to have a keylogger, which is possible but unlikely. AVG has been stopping such things for many years, and a scan just now finds nothing.

So he might be able to send something to “all my contacts”, but the something couldn’t be the video he claims to have.

Thanks to FTC for writing a clear and non-bureaucratic article. None of the usual automatic lawyerly alarm. (Every threat is equally urgent and serious!!!!!) Instead, FTC says that this particular threat is strictly empty, and you CAN and SHOULD ignore it. For ten years I’ve been bitching that we no longer instruct people about scams. FTC’s blog is doing an outstanding job, even if the media aren’t doing their part.

= = = = =

Three days later: Nothing has happened.  No outraged feedback from my “contacts”.  As FTC said, the threat is a complete fake.