IT security professionals discovered a new variant of Bitcoin email scam. It have the subject line Save You, “Video of You” and sent from SaveYou..@….com (examples: SaveYou71@7191.com, SaveYou13@0024.com, SaveYou22@1258.com, and so on). Recent version demands $800. Below is an example of the email scam being sent out.
Save You email spam
Below is an example of one of the extortion messages being sent out. The wording varies to some extent, but the email message looks something like this:
Hi, I know one of your passwords is: *** Your computer was infected with my private malware, your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit". My malware gave me full access to all your accounts (see password above), full control over your computer and it also was possible to spy on you over your webcam. I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF! After that I removed my malware to not leave any traces and this email(s) was sent from some hacked server. I can publish the video of you and all your private data on the whole web, social networks, over email of all contacts. But you can stop me and only I can help you out in this situation. The only way to stop me, is to pay exactly 800$ in bitcoin (BTC). It's a very good offer, compared to all that horrible shit that will happen if I publish everything!’ You can easily buy bitcoin here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger. You can send the bitcoin directly to my wallet, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine. My bitcoin wallet is: 1BXavFhbxCpno2dFpS4BU4NvEJjjqCN8Kd Copy and paste my wallet, it's (cAsE-sEnSEtiVE) You got 3 days time to pay. As I got access to this email account, I will know if this email has already been read. If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it. After receiving the payment, I will remove everything and you can life your live in peace like before. Next time update your browser before browsing the web!
While terrifying at first, it is classic bitcoin email scam. It is based on the fact that:
- the email scam has been sent to countless people like any other widespread email spam
- the fraudulent message have the “spam” style grammar
- IT security experts has determined that these emails attempts to force users into paying the requested ransom
Scammers uses the database of emails to increase trust and sent this email scam out to millions of people around the World. The messages are sent to email addresses exposed in previous known data breaches in which the user database was indexed online.
Threat Summary
| Name (subject line) | Save You, Video of You |
| Sent from | saveyou09@0984.com, SaveYou89@0270.com, SaveYou59@5944.com, … |
| Type | Email Scam, Phishing, Fraud, Scam |
| Ransom amount | $800 |
| BTC Wallet | 1BXavFhbxCpno2dFpS4BU4NvEJjjqCN8Kd |
| Distribution method | spam email campaigns |
| Removal | If you gets the Save You email scam, our computer security experts recommend follow some easy steps |
What to do when you receive the Save You EMAIL SCAM
We advice to someone who gets this fraudulence message:
- First and foremost, do not pay the cyber criminals!
- If the password emailed to you is your current password, then you should change it everywhere it’s in use.
- Use two-factor authentication wherever possible.
- We recommend creating a new password when you set up a new account.
- It is a good idea to run a malware scan on all your devices to be sure that there is no malicious software installed.
- Install an anti-phishing software.
- If you receive an email that is similar but not the same as the example above, make sure you remove any personal info in this message, then post it as comment on this article. It will help our team monitor the latest scams.
How to scan your your computer malware
If you’re not expert at computer technology, then all your attempts to detect and remove malware might result in failure. To find and remove all of malicious software related files and registry entries that keep malware on your PC system, run anti malware software like Zemana or other software from our list below.
Zemana is a tool that performs a scan of your computer and displays if there are existing adware software, browser hijackers, viruses, worms, spyware, trojans and other malware residing on your computer. If malware is detected, Zemana Anti Malware can automatically remove it for free. Zemana doesn’t conflict with other anti-malware and antivirus programs installed on your PC.
Click the link below to download Zemana Free. Save it to your Desktop so that you can access the file easily.
164032 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
After the download is done, close all apps and windows on your system. Open a directory in which you saved it. Double-click on the icon that’s called Zemana.AntiMalware.Setup as shown in the following example.
When the installation begins, you will see the “Setup wizard” that will allow you set up Zemana AntiMalware (ZAM) on your personal computer.
Once install is complete, you will see window such as the one below.
Now click the “Scan” button to begin checking your machine for malicious software. This process can take some time, so please be patient. During the scan Zemana AntiMalware (ZAM) will locate threats present on your system.
After the scan get finished, Zemana will create a list of unwanted apps and malware. Make sure to check mark the items which are unsafe and then click “Next” button.
The Zemana Anti-Malware will remove malicious software and other security threays.
How to protect yourself from phishing web-sites
In order to increase your security and protect your computer against phishing and harmful web pages, you need to use adblocker program that stops an access to misleading and malicious web-sites. Moreover, the application can block the display of intrusive advertising, which also leads to faster loading of web-pages and reduce the consumption of web traffic.
Click the link below to download the latest version of AdGuard for Windows. Save it to your Desktop.
26627 downloads
Version: 6.4
Author: © Adguard
Category: Security tools
Update: November 15, 2018
After downloading is complete, launch the downloaded file. You will see the “Setup Wizard” screen as displayed in the figure below.
Follow the prompts. Once the install is complete, you will see a window as shown in the figure below.
You can click “Skip” to close the installation program and use the default settings, or press “Get Started” button to see an quick tutorial that will allow you get to know AdGuard better.
In most cases, the default settings are enough and you do not need to change anything. Each time, when you run your PC, AdGuard will start automatically and stop unwanted ads, block phishing web-pages, as well as other harmful or misleading web-sites. For an overview of all the features of the application, or to change its settings you can simply double-click on the AdGuard icon, which is located on your desktop.
Finish words
If you have been the target of the “Save You” email spam or similar bitcoin scam, then please drop me a line. And stay safe!.
Hi I received 2 of these emails yesterday using different saveyou addresses and different bitcoin wallet ID’s. I followed a couple removal guides on my laptop and phone and I recieved a third saveyou email this morning. Can you help?
Don’t stress Sadie. Your computer has not been hacked. If you recognise the password in the email it is because there are a couple of large databases of leaked email address/username/password combinations on the dark web. The email address and password for anyone who had a Linkedin account in 2017 is on there but the lists come from many other sources too. The script generating these emails are taking password/email addresses from these leaked user account lists with the intention to convince users their computer has been compromised. There is an excellent good tool that lets you see if your email is on the leaked lists and what passwords of yours have been compromised. avast.com/hackcheck/
Thank you for this article! I received several of these email over the last few days. First it was $,1000 of bitcoin and 3 days to pay. Today is was $1,400 and two days to pay. Isn’t there some way to find and get the person through the wallet account number?
My brother said to send this creep an email that says “I am Liam Neison and I WILL FIND YOU.” You better run and hide fast, scum bag.
What do you think? I don’t like to threaten anyone but this guy is clearly a criminal and will our justice system do anything?
Sincerely,
Susie