Blackmail variant – 2020-05-06 – Clever encoding

Another scam message came to my inbox today, and it used a rather clever encoding. It looks like plaintext, but it isn’t. It uses high-order 32-bit Unicode codepoints (encoded as UTF-8) to construct the text. The codepoints specifically are part of the Mathematical Alphanumeric Symbols group.

So it looks like plaintext. You can read it like plaintext. But it isn’t plaintext. And the codepoints being higher than the UTF-16 boundary means that WordPress’s editor screws up trying to handle it. Nodepad++ had no issues with it though. I’ve posted a screenshot below, and attached the redacted source text from the e-mail.

Click (or tap) the image to see it full size.

* * * * *

And the plaintext (the Bitcoin address was the only part NOT encoded in those high-order Unicode characters):

I am aware, REDACTED, is your password.

I require your full attention for the coming Twenty-four hours, or I may make sure you that you live out of shame for the rest of your lifetime.

Hello there, you do not know me. Yet I know everything concerning you. Your personal facebook contact list, mobile phone contacts and all the virtual activity in your computer from past 175 days.

Which includes, your self pleasure video footage, which brings me to the primary reason why I ‘m crafting this particular e-mail to you.

Well the previous time you went to see the porn webpages, my malware was activated inside your pc which ended up shooting a eye-catching video footage of your masturbation act simply by activating your webcam.
(you got a exceptionally unusual taste by the way lol)

I have got the complete recording. If you feel I am playing around, simply reply proof and I will be forwarding the particular recording randomly to 9 people you’re friends with.

It might be your friends, co workers, boss, mother and father (I don’t know! My system will randomly pick the contacts).

Will you be able to look into anyone’s eyes again after it? I doubt it…

But, it doesn’t need to be that way.

I want to make you a one time, no negotiable offer.

Buy $ 2000 in bitcoin and send them on the below address:

[CASE SENSITIVE so copy & paste it, and remove * from it]

(If you do not understand how, look online how to buy bitcoin. Do not waste my precious time)

If you send this ‘donation’ (why don’t we call it that?). After that, I will go away and under no circumstance contact you again. I will erase everything I’ve got concerning you. You may very well carry on living your normal day to day lifestyle with no fear.

You’ve 24 hours in order to do so. Your time starts off as quickly you check out this e mail. I have an one of a kind code that will alert me once you see this mail therefore don’t try to act smart.

So yeah, that’s definitely something new. I knew that Unicode can go out to 32-bit codepoints, but never saw anything like that used in this fashion. But it’s just another scam e-mail of the same variety I’ve posted here before.