“Hello! I’m a hacker who cracked your email.”
Last week, I received an email from my own email address. It was sent by a purported hacker who claimed to know about my “secret dark life” on the Internet and have images of me, um, enjoying myself to raunchy websites.
Despite being “in shock of my fantasies,” the sender was composed enough to threaten me by saying he would email the “crazy shots” from my secret life to all my friends and family members unless I paid him $900 in bitcoin within 24 hours.
Though it was an obvious phishing scam (many people have posted about it on the Federal Trade Commission blog), it reminded me of something I’ve been wanting to do for a long time.
No, dear reader. Not that.
I’m talking about analyzing and critiquing emails, landing pages, and other marketing communications sent in to me by burgeoning marketers.
It’s an idea similar to Flint McLaughlin and his Quick-Win Clinics. Marketers send Flint links to their web pages, and he analyzes them to see where these marketers can optimize and improve.
Yep, I’m going to do it. I’ll call them “Cranky Critiques.”
Let’s take a look at this first submission, shall we?
The email reads:
Subject: [my first initial and last name] – [one of my old passwords]
Hello!
I’m a hacker who cracked your email and device a few months ago. You entered a password on one of the sites you visited, and I intercepted it. Of course you can will change it, or already changed it. But it doesn’t matter, my malware updated it every time. Do not try to contact me or find me, it is impossible, since I sent you an email from your account. Through your email, I uploaded malicious code to your Operation System. I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources. Also I installed a Trojan on your device and long tome spying for you.
You are not my only victim, I usually lock computers and ask for a ransom. But I was struck by the sites of intimate content that you often visit. I am in shock of your fantasies! I’ve never seen anything like this! So, when you had fun on piquant sites (you know what I mean!) I made screenshot with using my program from your camera of yours device. After that, I combined them to the content of the currently viewed site. There will be laughter when I send these photos to your contacts! BUT I’m sure you don’t want it. Therefore, I expect payment from you for my silence. I think $900 is an acceptable price for it! Pay with Bitcoin.
My BTC wallet: 1JTtwbvmM7ymByxPYCByVYCwasjH49J3Vj
If you do not know how to do this – enter into Google “how to transfer money to a bitcoin wallet”. It is not difficult. After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system. My Trojan have auto alert, after this email is read, I will be know it! I give you 2 days (48 hours) to make a payment. If this does not happen – all your contacts will get crazy shots from your dark secret life! And so that you do not obstruct, your device will be blocked (also after 48 hours) Do not be silly! Police or friends won’t help you for sure … p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites. I hope for your prudence. Farewell.
Apparently, several versions of this email are making the rounds. For extra juice, some of the messages include additional personal information, such as partial phone numbers—a nice touch.
Critiquing the creative
Overall, I think the copy is fairly effective. Putting the victim’s name and a recent password in the subject line is a real attention-getter. And the first line of body copy goes straight for the throat. After a breezy “Hello!” the sender says:
I’m a hacker who cracked your email and device.
This line is practically guaranteed to capture the reader’s interest. My guess is that very few prospects will be able to stop reading there.
So far, so good. But I see some opportunities for improvement.
First, the text contains numerous typos and errors in capitalization and grammar. For example, “operation (sic) system” is not a proper noun and should not be capitalized. The same goes for “Trojan,” unless the writer is referring to the condom brand. (I assume he is not, as logically, protective measures should have prevented me from contracting a virus in the first place.) The copy also contains a number of run-on sentences.
While one could argue that these mistakes add an air of sinister authenticity to the email, I personally find them sloppy, even in the context of a ransom note. The overall effect is to diminish my opinion of the writer, his education, his attention to detail, and his mom (in whose basement this scumbag almost certainly lives).
Please, sir, hire a proofreader.
I also recommend breaking up the copy into shorter, more reader-friendly paragraphs to make the text look more appealing.
Not much of a looker
This email “scampaign” (I made that up just now; trademark applied for) uses a plain-text format with no HTML code for graphics, images, or colors. It looks dull, but it makes sense. While I would love to see more effort put into making these types of emails look more attractive and engaging, hackers know that HTML-only emails are a red flag for spam filters.
After that great opening line, however, I feel like the writer loses momentum.
You entered a password on one of the sites you visited, and I intercepted it. Of course you can will change it, or already changed it. But it doesn’t matter, my malware updated it every time. Do not try to contact me or find me, it is impossible, since I sent you an email from your account. Through your email, I uploaded malicious code to your Operation System. I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources. Also I installed a Trojan on your device and long tome spying for you.
While I appreciate the detail with which the hacker describes how he has stolen my password, infected my computer, and saved the contact information of all my friends, colleagues, and relatives, I think a better use of the first paragraph would be to immediately state the call to action. Put the offer—$900 or I ruin your life—right up front so I don’t have to work so hard to get the gist of the message.
As I said, the information is valuable. I would just prefer to see it in a later paragraph or as its own section, perhaps under a subhead like “HOW I HACKED YOUR LIFE AND WHY YOU NEED TO PAY ME RIGHT NOW.”
With me so far? Good. On to paragraph two:
You are not my only victim, I usually lock computers and ask for a ransom. But I was struck by the sites of intimate content that you often visit. I am in shock of your fantasies! I’ve never seen anything like this!
Run-on sentence aside, this part of the email is effective in asserting the hacker’s power and suggesting the profound embarrassment I risk by not complying with his demands.
Then the hacker explains how he has captured photos through my webcam and combined them with screenshots synced to the material I supposedly viewed.
So, when you had fun on piquant sites (you know what I mean!) I made screenshot with using my program from your camera of yours device. After that, I combined them to the content of the currently viewed site.
Ah, here is the rub (pun definitely intended).
This paragraph ought to be a blockbuster. A blackmailer has photos of me honking my horn to Internet porn.
But, as written, these lines fall flat.
Why is this bombshell buried in the middle of the second paragraph? I would move this up near the top of the message, pump up the wording, and combine it with a call-to-action (CTA) for immediacy and impact.
I don’t know the limitations of this blackmailer’s email program, but if possible, I would suggest making it a headline or putting it into a Johnson box (ahem).
At long last, we reach the email’s CTA:
There will be laughter when I send these photos to your contacts! BUT I’m sure you don’t want it. Therefore, I expect payment from you for my silence. I think $900 is an acceptable price for it! Pay with Bitcoin.
As calls-to-action go, this one is pretty strong. I find that too often, marketers get timid when it comes time to ask for the sale. Not this one. This writer expects payment and he sounds pretty confident in making his demand. The reader can only assume that the hacker does indeed have the goods and that compliance forthwith is the only sensible course of action.
I also like that the writer does not beat around the bush (so to speak) with regard to price. A lot of marketers avoid mentioning cost in the initial contact so as to not scare the prospect away. But in this case, scaring the prospect is pretty much the point, and the writer has done an admirable job of selling his value proposition and justifying the cost in the prospect’s mind.
You may wonder, as I did, why ask for $900? As I looked deeper into this scam, I found that people have received versions of this email with ransom demands ranging from $290 to nearly $7,000. It’s possible this is part of some multivariate test the hacker is conducting to determine the right amount for optimal response. Very smart!
“I don’t care much for best practice. I care about conversions. That’s why I test.”—Michael Aagaard
The paragraph ends with a simple and direct imperative, “Pay with Bitcoin.”
I love this. It’s the kind of punchy language for which ransom notes are known. For me, these three words conjure dramatic images of colorful cutout letters in myriad typefaces pasted onto stark white paper at malevolent angles. Tonally, it’s perfect.
Too bad, then, that the next line stumbles:
If you do not know how to do this – enter into Google “how to transfer money to a bitcoin wallet”. It is not difficult.
Now this is just plain lazy. It’s great for the hacker to acknowledge that I may not be familiar with bitcoin, but it’s simply not enough to tell me to Google it. What if I am an older person who’s not great with computers, sexy surfing skills aside?
A much better approach would be to create a short numbered list of the steps involved. Make the process dead simple. That way, the blackmailer can be sure that I know exactly what to do to transfer the money.
This is a huge missed opportunity, and probably the biggest problem I see with this email as it no doubt had a negative effect on response.
The next few lines state the blackmailer’s limited-time offer:
I give you 2 days (48 hours) to make a payment. If this does not happen – all your contacts will get crazy shots from your dark secret life! And so that you do not obstruct, your device will be blocked (also after 48 hours) Do not be silly!
I like this paragraph because it creates a real sense of urgency. And it’s specific. If the writer had just said, “I give you 2 days,” there would be room for ambiguity. But by including “48 hours” in parentheses, the recipient can easily calculate almost to the hour when his or her life will be destroyed.
The second half of this paragraph reminds the victim that the hacker has total power over him (or her!) by stating that he (or she) has just 48 hours until the computer is taken over. “Do not be silly!” without a contraction adds a forceful final flourish and helps to dispel any thoughts of non-compliance or other funny business.
The email closes with:
p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites. I hope for your prudence. Farewell.
The hacker uses a postscript, which is good practice. I don’t have the latest stats for email, but in direct mail, the P.S. is generally regarded as the most, or second most-read part of a sales letter.
However, the writer needs to watch his formatting. The letters “P.S.” should be capitalized and the postscript loses impact when it is hidden at the end of the message as it is. I say, drop it down a few lines with some paragraph breaks to make sure it is seen.
As it deserves to be, because the actual content is good. “I can give you advice for the future. Do not enter your passwords on unsafe sites.”
This is great psychology. The writer is obviously aware that buying decisions are driven by a combination of rational and emotional factors, and he is doing his best to appeal to both.
“Yeah, it sucks to be blackmailed and potentially have my friends, family, and co-workers see photos of me diddling my Skittles. But $900 seems a small price to pay for the lesson and the chance that they never do.”
If the prospect is on the fence, this just might close the sale.
I hope for your prudence. Farewell.
It’s always nice to end on a friendly note. “I hope for your prudence” sounds almost sympathetic. But I think “farewell” is a little too formal and dramatic. The hacker is not a Bond villain. I would have simply thanked the victim for his compliance and closed with a feel-good sentiment to help motivate a response. Something like:
“Thank you for your immediate attention to this critical matter. I promise you, this nightmare will end as soon as I receive payment. Please, send the money now so we can both put this behind us. You can keep your family, friends, job, and reputation. Your worry-free life is waiting!”
There you have it. I hope you enjoyed the first-ever Cranky Critique!
UPDATE #1: Apparently this email ransom scam has been amazingly effective, generating more than $4 million in bitcoin payments worldwide over a span of several months.
What this says about society, I will leave for you to decide.
But the takeaway for direct marketers? It’s simply this: While good creative is important, LIST and OFFER remain the two most critical factors in any direct response marketing campaign. Duh!
UPDATE #2: BleepingComputer says the scam has gotten even more devious and dangerous. The latest iteration of these emails now contains downloadable files (said to be videos of the victim “enjoying” adult websites) which infect the computer with two different types of malware. The first steals personal information such as passwords. The second encrypts (locks down) the computer for ransom. Don’t fall for it!
Have you received a bitcoin ransom email like the one discussed here? If so, the FBI asks you to report it to IC3.gov, the Bureau’s Internet Crime Complaint Center, or contact your local FBI office (or toll-free at 1-800-CALL-FBI).
Worried about your accounts?
A good way to see if your email has possibly been compromised in a data breach is to go to:
Just type in an email address and the site will tell you if you’ve been “pwned” (hacker slang for being conquered or taken over, pronounced “poned”). You will see a list of the data breaches your information may have leaked in, and tips to increase your security. The site is safe and has a growing reputation as the go-to resource for protecting accounts. You can also sign up to be notified if your email address appears in future dumps of stolen data.
Back to blog home page.