I’ve written before about Ashley Madison-related blackmail threats and how they then began to be sent out by extortionists via the US postal system.
A reader has now been in touch with what they claim is a letter they received attempting to extort $2000 worth of Bitcoin. The recipient is told that if he doesn’t pay up within 10 days their family and colleagues will be informed of their membership of the controversial dating site.
Yes, I know about your secret, that you paid for services from a company that specializes in facilitating adultery. But what makes me a threat to you is that I have also spent several days getting to know about you, your family and others in your life. All you have to do in order to prevent me from using this information against you, [REDACTED], is to pay me $2000. And before you ignore this letter consider this: You received this via first class mail. It wasn’t a spam email some Nigerian sent to thousands of people. That means I spent money on it. It means I took extensive counter-forensics measures to ensure the Postal Inspector would not be able to track it back to me via post marks or via prints and DNA. It means I paid cash for a printer that couldn‘t be traced back to me. I have spent considerable time and money on you, [REDACTED]. So if you decide to ignore me, you can be certain that I sure as hell won‘t ignore you.
References are made (redacted in my images) to the details of another Ashley Madison user who is said to have failed to pay the ransom.
I of course anonymously contacted his wife, [REDACTED], and told her about [REDACTED]’s membership on Ashley Madison and told her how to confirm it for herself. But I didn’t stop there. l also contacted [REDACTED]’s work colleagues. I also contacted his daughter. And his daughters boyfriend. And I contacted several of his superiors, peers, and subordinates at [REDACTED].
You see, [REDACTED], if you don’t comply with my demand I am not just going to humiliate you, I am going to humiliate those close to you as well.
The alleged blackmail letter goes on to give detailed instructions on how to make a Bitcoin payment. I checked out the Bitcoin address quoted in the letter and as far as I can see it has not received any payments. Of course, it is always possible that the extortionist is setting up different Bitcoin addresses for each victim.
Anyone who receives a blackmail letter like this will have to make their own mind up as to how to respond, but my opinion is that blackmailers should never be paid. After all, how can you guarantee that they will not attempt to extort further money out of you in future?
If you respond in any way to the extortionist there is the danger that you will be perceived as a “hot lead” for them to pursue, rather than them trying their luck with someone else.
Instead, I would recommend contacting the authorities, including the US Postal Inspectors.
All the same, I can certainly understand that anyone who receives a letter like this through the post would find it extremely disturbing.
Further reading:- Ashley Madison's leaked database available for download - read this first
- Ashley Madison blackmailers now sending threats via US postal system
- Here's what an Ashley Madison blackmail letter looks like
- Now it's Ashley Madison wives who are receiving blackmail letters
- 'Bring me the head of the AC/DC-loving Ashley Madison hacker'
- Suicide and Ashley Madison
- Ashley Madison: Betting site offers odds on who will be exposed
- 'Yes. I was a member of the Ashley Madison website. But I wasn’t there to cheat on anyone'
- Ashley Madison hack could expose 37 million 'cheating dirtbags'
- No Ashley Madison, you weren't burgled by terrorists
- Ashley Madison users warned of password risk
- Cracked Ashley Madison passwords consistent with years of poor security
- Post-hack, Ashley Madison offers members full and free account deletion
- Don't judge Ashley Madison users too quickly, their accounts may be fake
- Just who is joining the Ashley Madison website?
- Fembots land Ashley Madison in hot water with the FTC
- Ashley Madison's marketing department clearly didn't get the memo
- Ashley Madison: Further thoughts on its aftermath
- Ashley Madison hack claims another victim: Its CEO
- Ashley Madison slammed with $1.6 million fine for devastating data breach
Anyone who falls for this needs to have his head examined. This is nothing more than a blind phish. There's no indication that the sender knows anything about the receiver other than what can be found in a Google search. The sender is playing the odds that A) the receiver is a man; B) the man has an Ashley Madison account, and: C) the man can be compromised by FUD.
IMHO, Ashley Madison is the dark alley visited by certain lewd fellows of a baser sort. But get a grip, folks. The only public official I ever heard being outed by AM is Josh Dugger, who outed himself. Why? Because he's a distant cousin of the Kardashians.
Live in reality, not Reality TV.
This is dangerous to post, you should remove this for the safety of others.
That's why it's redacted, isn't it? It's a really old technique that is used for a variety of reasons. An example other than here might be letters during WWII. It's really that simple, see?
Hogwash.
Graham
Quit writing about this. It serves no good purpose.
Actually, Joe, it does: it points out the risks of paying blackmailers. It just so happens that some blackmailers (and similar) have done exactly what he has warned against. The case of DDoS attacks comes to mind for one major example.
Incidentally, awareness is seriously lacking and if you don't know you're unaware you'll only by chance become aware. And awareness is critical to security (this includes physical security too).
also points out the danger of fooling around !
Never pay blackmailers. For one, if they do have the data, they can just send it to the next guy to repeat it on you until you eventually don't pay up. In most cases, even if they have your data from a data breech, that also means thousands of others do as well, and would not be the first time you receive an extortion email or letter.
Second, not all data breeches have the same information. The Ashley Madison and the Patreon data breeches are similar in that just enough data was available on the site that a determined identity thief could possibly socially engineer the rest of the information (you'd be amazed at how little information is used to verify identity over the phone, most places verify the name and zip code of your address, nothing else.) Someone who is fishing for blackmail victims might only have your name and email address that you used for the site and it is NOT A CRIME to subscribe to a website, and is also not indicative of wrong doing, since the presence of a name and email on a site doesn't the site was used beyond curiosity to see who or what else is on it.
Many companies that run credit (eg your wireless provider, your gas/electricity company) can be socially engineered to reveal information that they should not be sharing over the phone, only confirming information volunteered by the person on the phone. This is why outsourcing creates privacy risks, because your data is not as protected when it's outsourced. All it takes is one bad customer service call and that agent you talked to might leak your information. Also the reverse happens, customers will sometimes get mad at customer service employees and sign them up for dating sites just to try and get the CSR in trouble.
I had one of my employees receive one of these letters at work — it even had our company name on the envelope! It was identical to the one in the post. For reasons I can't get into here, it would have been impossible for the employee to have ever been a member of that site. It wouldn't be the first time that randomly targeted extortion letters have been sent out. Obviously we're not paying a blackmailer!
Dear Joe Blow,
I know you never used Ashley Madison, but that won't stop me from telling your wife, your boss, your children, etc. that you did.
So send me $2000 so I won't.
Sincerely,
Your friendly blackmailer
you cant do those things
Pay him once, you're on the list. Whenever he wants more money, he pulls your chain again. Don't pay. Your odds of forgiveness from your spouse are better. All he can "prove" to her, is that your user details are in some database somewhere.
Here is the latest letter received:
http://vignette2.wikia.nocookie.net/muppet/images/8/84/Letteroftheday2.jpg/revision/latest?cb=20090624054235
So has anyone heard of anything happening to someone who refused to pay?
Here's what an Ashley Madison blackmail letter looks like:
https://s-media-cache-ak0.pinimg.com/736x/26/fe/74/26fe74bed52ff47aac0e70afb4b7acb9.jpg
I have the full data dump. Graham Cluley joined Ashley Madison in 2009. He continues blogging about Ashley Madison as a diversionary tactic, hoping to distract others before they learn that he was a member.
I think he openly admitted at the beginning of the hack that he was on the list.
Nope.
Hi Graham, Obviously I know your "hot" on security, I'm sure the bad guys probably watch your blogs, but I might suggest allowing open web links in the responses probably isn't a good idea (At least without a warning they are heading off your site) . I'm sure the Blackhats would get a lot of satisfaction from testing your audiences gullibility at your expense. Just a thought from somebody on the white side!
Hi Monica
Thanks for the comment. Yes, it's an issue I have considered – and that's why any links posted in comments are automatically converted to *non*-clickable links. Other HTML is also stripped out.
Users have to willingly cut-and-paste any links posted in comments into their browser to visit the webpages.
Clearly most people are good guys, and sometimes the links can be useful – so I don't want to entirely ban links in comments. I also suspect that bad guys might be keener on embedding their malicious links into blogs that don't make the effort of removing their clickability, or may be keeping less of a beady eye on what is being posted.
Of course, I would always advise caution when users are visiting websites, and obviously if you ever see a link that you don't like the look of let me know and I'll take a gander at it. Thanks!
I believe it was more like he created an account on some website that had a breach, in order to verify how they manage displaying warnings (about the breach) and/or something else as part of the site (whether AM or not I don't know nor do I really care).
I think you're referring to my article about the AdultFriendFinder breach.
Details here: https://grahamcluley.com/adultfriendfinder-hacked/
Yeah yeah yeah…
And because I spent all these years working for an anti-virus company you probably think me and John McAfee were hiding out on the grassy knoll when the Kennedy cavalcade went past…
I love a conspiracy as much as the next man!
Even if there is a Graham Cluley in the list did it ever occur to you that names aren't necessarily unique? As a matter of fact, many people were named after Saddam Hussein: www.bbc.co.uk/news/magazine-26272218
Going further, even DNA isn't necessarily completely unique; hence the (albeit rare) genetic chimaera.
Your methodology is also typical of a blackmailer, isn't it? You claim to have this information but don't show a scrap of any information – it's complete rubbish and in your case it is so unimaginative I would find it hard to believe anyone would believe – including yourself! Even your name shows absurdity (it also shows what I mean by names aren't unique).
It's not even a conspiracy theory (Graham is too nice to you on there); there is no real thought put into it – toddlers learn to speak by imitation and here you are repeating something that anyone could make up. Whether you are a child or not you're certainly no clever than one (actually that's probably insulting to children) and you're definitely as immature as some of the least mature children around.
Your imagination is close to nil (and/or you need help because this is the best you can come up with to do during your free time – at least contribute something somewhat constructive?) – and that, Calvin, is perhaps one of the saddest conclusions that can be made about someone.
My letter asked for $4,000 in bitcoin. Otherwise it is almost exactly the same.
I assume that you didn't pay. Did anything happen? I received the same type of letter.
This is the exact same letter that a certain someone used to troll a specific reddit forum more than two months ago. Verbiage is exactly the same. Amount is exactly the same. Same Reddit user who made it up and posted it to imgur is probably one of the one communicating with Graham. And I'm not saying that as a negative thing towards Mr. Cluley either.
Multiple accounts, all created within an hour of each other came on to claim they received a letter. Posted the image above (without everything redacted) only after groups calling 'BS' for a full day. Then the accounts never posted again or were deleted. And this was way back towards the beginning on November 2nd.
I would just think that if these letters had been going out since November 2nd, there would be a pretty significant number of people reporting them via one avenue or another. Possible that this is real? Absolutely. But something seems off…
Jim Bob, I can assure you this is real as I received one of these exact letters and knew nothing about them until I received it. After searching online to see if anyone else had gotten one I found Graham's site and the info about the mailed letters. So, yes, my account is new, but I'm for real and so is the letter.
Nope. You're just as full of shit as the people pretending to receive these letters.
This is a hoax, folks. Same as the last time Graham fell for it.
Pay the $2,000 and you will IMMEDIATELY be forced to pay more. There will in NO WAY stop at your first payment, they will ask you for more money forever and ever until you stop paying them.
NEVER PAY A DIME! EVER! YOU ARE FOOL OTHERWISE.
I really did receive a letter. I found this forum just today while trying to research this. My letter was very similar to the one shown except for the amount being $4,000. It is greatly disturbing to get this. It came from Northern Virginia (NO VA 220), mailed on January 15 and hand stamped with no return address.
Martin,
Exactly like mine (NO VA 220) except they asked for $2000. I reported it to the POstal Inspector. We'll see if anything happens.
i too got this letter. Is there any sense as to the scope of these letters? it does require more effort than an email scam. was it a large mailing or were we really targeted for this little slice of hell?
Graham, Seems like a tough return on investment with a stamp $.49 you send a 1000 that's going to be nearly $500 bucks you send 100,000 letters that's $49k.
Unless you are a criminal and you engage in postage meter fraud
I just have to say if it was indeed true – or even if it isn't true – they need serious help. To be so unethical, immature, immoral as to try to ruin the lives of others because of a relation to someone who supposedly did something wrong? Aren't there enough ruined lives in this world? What did those relatives do to you? What did these people do to you, even? To want to ruin the lives of people is exactly what being unfaithful to your partner (or if agreed by both then partners) will do.
Shameful and despicable. Typical of mankind but still shameful and despicable.
Towards the end it started sounding like the be like Bill meme
Bill received a blackmail letter
Bill decided not to ignore it
Bill payed up and his wife never found out
Be wise
Be like Bill
Just ignore it, this person won't reveal anything in the end.
It would be interesting to know the bitcoin address to watch what happens to it…
Graham–
Why don't you ask your correspondent if he tried to contact the person named in the letter? That seems to be one way to ascertain if there is any legitimacy to the threat, right? If that person indeed exists and was exposed, then the threat is real.
I got the same letter, also Northern Virginia. My sister is a prosecutor in CA and she persuaded me to got to the FBI. I just went to DC to meet with two agents, one seems a forensics guy. They are investigating, but they need more of the letters. They say the person is clever, but they "see something". Wouldn't say what, but that each additional letter can gives them information that will lead to the person. So take your letter to the nearest FBI office and ask to see an agent. They will not prosecute you or out you. They're not very sympathetic to you and me, but they are po'd about this person hurting spouses and children. Very motivated. One thing that came out is that they are looking at the bitcoin seller/buyer world. The forensics guy seemed to know it well – spoke a bitcoin language I didn't know. They said NEVER put an agent's name online b/c can endanger him/her – but you don't need their names, go to nearest office with letter and ask to see an agent, and the info will get to them. Put letter in ziploc bag and handle with gloves to keep it as clean as possible. They don't expect the person's prints, but there will be other clues. And if the blackmailer actually outs you, get ahold of the letters to your spouse, kids, employer, spouse's employer, etc and take to the FBI right away. Those letters will be especially helpful. And at that point, the damage is done, so might as well nail the guy. That's it. Please share this post on any other forums you see on this subject.
Checking on previous post – I got the same letter – Northern Virginia, Jan 15. Went to FBI today.
It does not make sense. Email blackmail is practically without cost. Most people are not stupid enough to give into a blackmail demand of this nature. If 10 people out of 100,000 letters sent pay $2000, that amounts to $20,000. It would cost $100,000 in postage assuming these letters were sent from Africa.
Oh my god, are the fools gonna be F***ING pissed when nobody sends them a single bitcoin!
"What the f*** is the world coming to, today? EVERYONE ignored us! Not a f*****' dime to show for all of that hard work!" the fool screams.
haha.
This is rather idiotic.
If you factor in the amount of hours spent researching these people (i.e. days apparently), and then the mailing costs, and then the time spent contacting the family (if they bother), plus the fact that the success rate would be very low (10% absolute max, but probably closer to 2%) then this person is losing money, and will be losing a lot of money.
This is why I think this is an obvious scam. The person is putting in 'days' of effort, i.e. 20+ hours work per person, plus spending money on anti-forensic printers, postage etc etc, only to have a small % even send money. It just literally makes almost no sense from a financial perspective at all. That might be why some letters have upped the price to $4000 hahahaha.
I got one of these letters and I've NEVER been on Ashley Madison. Never heard of it until the big hoo-hah last year. I'm taking the letter to the FBI.
@Trabin, lots of false registrations on Ashley Madison. When the Impact Team threatened exposure, haters started registering enemies to f**k up their lives. Anybody can register anybody – just need to pay for it, which isn't hard – hacked cc # cost a few hundred or u can pay somebody $1k to do it for u. Last year Dutch guy bragged to me at hacker conf about making $50k doing this. Question for u is, who hates you that bad?
Makes no sense. Send a letter, the spouse opens it and that person is outed already. Why would they send anything. Go right to the FBI as there is a better chance of finding these people with letters as evidence than there ever was through email. And the penalties are federal.
Here's an update on my previous post. My FBI contact says they have received "a couple" of the letters through FBI field offices, but they want more. He wouldn't tell me much more. I asked if they are making progress, and he said, yes, but they want more letters.
Separately, my sister talked to an investigator she works with in CA, who told her there is definitely DNA on each on of these letters. Says it's impossible to mail a letter without picking up room dust in the seal, and some of the dust includes dried skin cells – millions of skin cells flake off every day, and even if a person is wearing a cleanroom suit, it can't contain them all. And the letters will pick up other materials that provide clues – tiny bits of hair or fabric, etc. Said the FBI is incredibly good at finding microscopic material like that. Also, he said the FBI watches the bit coin community closely because bit coin is used for criminal activity – said they track every bit coin account of any size and watch for big changes. He said the more letters this person sends, the more they are begging to get caught.
So please take your letter to an FBI field office. They're not going to arrest you or embarrass you. They will use it to help find the person. If the person outs you – get those letters and take them to the FBI, too. My FBI contact emphasized that those letters would be particularly helpful. Let's get this person.
@Body, if you could share any identifying information about that person you met, it would be very helpful. If you can't share it publicly, maybe you could inform law enforcement? Whatever help you can provide would be greatly appreciated.
So does everyone who received one on here live in Northern Virginia or the DC area? I remember hearing that the DC area had some of the highest # of registrations on the site. If that is the case, they simply could be doing a targeted attack on what is a relatively "wealthy" area and with lots of military/government officials.
Also, for the people claiming many hours of work researching individuals, I don't buy it. Simply run the database of names and addresses through mass printing software and you can print out the letters very quickly without ever doing research on the person at all. It's a basic probability game.
– Highest region of member signups
– High income region
– Probably target those over a certain age (i.e. skip the guys in their 20's)
– Run mass printing
So lets say you spend $0.49 per letter. All they need based on the prices listed here is to get 1 person to pay out of 4k letters sent. A 1 in 4000 hit rate to break even. Lets say that they got the letters put together between 4 people in 3 days. If you get a 1% hit rate then you are looking at $20k for each person. I think that's a pretty darn worthy ROI…
So again, this is a real attempt and the math seems to make sense to me. Plus, it's not as if they are asking for $20,000 from each person or something insane. Most the people they're asking for $2k from probably spent that much on the site and have the money on a CC that they can use to do it.
Just my initial reaction to it.
The time factor comes in when you dont respond. If out of every 100 letters sent, 90 people don't respond then it becomes a big time effort to go after the next layers. And again, at that point all you are doing is proving to the next group of 100 that you WILL go after them. But by then, the next person who receives it will be forced with this decision. But frankly, it's not much decision at all. Keep your money.
I live in Richmond, VA and got a letter today! (2-15-17) It was addressed to my husband and delivered to our home address. It was postmarked from Richmond too! So not just No. VA anymore!
I received the letter ($4,000) from Northern Virginia – I received it at my home in Los Angeles.
I received the same kind of letter, asking for $2,000.00. It also had. VA post mark stamp on it. I did not pay. I assume you did not pay, have you heard any more on this?
That's surprising that the letters are crossing state lines. That definitely makes it a federal case. The penalties will be incredibly steep when they are caught.
To those who received letters in the comments….did you reply in the ten-day window? If not, were you "outed"?
I have not yet been outed. I have heard nothing further at this point. I will report back here if I hear anything.
Hear anything more from this scumbag?
Did you pay?
An update on my posts above. The investigator my sister works with says the FBI has received a letter outing some guy to his employer. The letter is somewhat different in appearance, but they think it is from the same blackmailer we're talking about. I finally reached my DC FBI contact again today (after several tries – getting harder to reach) – he wouldn't confirm, just said, "Get us more letters." Again, if you haven't already, please take your letter to the FBI.
I intercepted a SECOND blackmail letter that was addressed to my WIFE! It just was addressed to Mrs. xxxxxx. The letter was scary and listed the burner e-mail. I'm definitely heading to the local FBI field office with BOTH letters. Just plain nasty stuff and promised he wouldn't go away and would continue to try to embarrass me. It has crossed my mind to just pay it…any thoughts?
Send a redacted version to Graham. Let's make sure it is legit and then we can talk next steps.
I received a similar letter addressed to my wife, XM. It scared the crap out of me as well so I know how you're feeling. However, it was addressed to Mrs. Xxxxxxxx and did not use her first name, which leads me to believe that the blackmailers are still operating off limited info and are not taking the time to do real research. Luckily I checked the mail today and recognized the basic envelope and font that this person is using so I was able to catch it before my wife did. I'm sure this is a last ditch effort to see who will send money so they can narrow their lists and find paying people to focus on. However, the letter also mentioned that in case the letter is intercepted by yours truly, my wife will be "contacted shortly by other means", and then if she can't get me to pay then those close to us will also be notified so we can be embarrassed. The blackmailer also raised the price from $2k to $2.5k. Which means that they are probably starting to get a little desperate.
I did sign up for AM but I never used the website because I decided that it was wrong. I used a bogus email so I'm assuming the credit card info is what they are using to identify me. I take responsibility for my actions. However, it is very sick that there are people out there that will send a letter like this to the spouse of a person they don't know just because someone will not send them money. It shows just how cut-throat some people in our world are these days. It has definitely been a lesson learned in a few different ways.
As for those doing the blackmailing, I've concluded that if they are as smart as they seem to be, they will only spend their time and money trying to contact the people close to you that would remotely consider spending money to keep this kind of thing private. Unless you're running for a public office, 99.9% of the time the only person other than you that would even give thought to paying these people is your wife. Therefore, I don't think they will contact anyone else that you know because it is of no benefit to them, and smart criminals rarely spend their time and money doing anything that does not benefit them, especially if it has to do with money. What is disturbing is that this person didn't think twice about sending a letter to my wife and messing up my life for $2k. And the letter had no remorse at all – that is what makes it so disturbing to read. I can handle my own house and blame no one other than myself for my actions, but I hate it for the many people whose wives will check the mail and have to go thru major issues only because some geek criminal wants some money to but a new computer. Ashley Madison should not be allowed to exist in the first place but since they dropped the ball in a major way and allowed all of that data to be leaked, I hope the blackmailer(s) get caught before families get harmed, both emotionally and physically. My approach is to just ignore them. I don't know if they will go beyond the letters to the spouse and try something else but it seems highly unlikely. All we can do is wait and see. But don't lose sleep over it – just focus on your family.
Curious, before the letter addressed to your wife, did you get one addressed to you earlier?
Trying to understand if the same guy is now sending letters to spouses whose wife/husband ignored the first one.
And secondly what was the post mark date and location on the letter?
Yes, I did receive the initial blackmail letter as some of the others above so it sounds like that is what the guy or guys are doing. Trying to get to the wives. Probably not the least bit worried about scaring men and exposing the husbands because that doesn't seem to be working as they thought but just trying a new avenue to get people to pay up. The things that makes me just a little nervous is wondering what they will do when this attempt doesn't work. Emails? Autobot calls? (if that is the correct term) Maybe those are traceable so hopefully it will stop at postal mail but I'm no security expert like some of you here. Either way I'm not paying them so whatever they wanna try they can bring it on.
I immediately destroyed the letter after reading it so I didn't look for a location. However, something told me to take a picture of the envelope and I did, and there was some printing on the envelope near the stamp that reads as follows:
NO VA 220
22 FEB 2016 PM 7 L
So I guess the post mark date is 2/22/16? I received it yesterday in Georgia on 2/25/16.
well, looks like i am screwed. have not gotten second letter yet, but i am sure next week will be the end. i'll try to enjoy one last weekend with my family before the sht hits the fan. its my bed, but why drag innocent people into the mess. if you are reading these, mr. blackmailer, please stop.
I received one today, same post mark and asking for $2k in Bitcoin. What a schmuck. I work in a related field, of course I checked all associated emails for the hubs when the hack came out, just out of curiosity. Of course the email wasn't used. And hubs says he didn't get an initial letter which I believe because I'm the only one that picks up mail. So yeah, this is going to my friendly FBI contact. If you were on Ashley Madison and got this letter, well that sucks. Paying this idiot/s likely won't get you any relief. Give a mouse a cookie….
Nope.
You did not receive a letter because this is a hoax. Nobody is receiving any letters.
There is a reason the only place in the world that mentions this is right here. You and the other people commenting are merely trying to scare people.
Graham–you're better than this.
You know what? You are so very correct, except there is an actual physical letter sitting on my kitchen counter. Maybe Graham is bored and sending them. Regardless, I still received one through the us postal service. Am I scared? Nope. I merely happened to do a little Google search after I read it which lead me to the article. Point being, never pay a blackmailer and blackmail is in fact illegal. Even if it's a hoax, still illegal.
I am not sure that I believe this either. For a few reasons:
1.) I find this the most interesting. Every time this post loses traction and drops off or to the bottom of the "Popular recent posts" there is a sudden wave of activity from people who "received their second letter", which ends up driving this post back up on the hierarchy.
2.) It is VERY easy for the FBI and the US Postal Inspectors office to track this down and isolate the incident. The letters are coming from NoVA. There are only a handful of Post Offices in NoVA. The PI's office would alert each office. When letters matching the suspicious criteria are identified, they will isolate where the mail is coming from down to that one post office or several post offices. Then they would physically conduct surveillance based on their findings. Shouldn't be hard to spot given the number of users who were leaked and the number of letters going out. Even if the perp only sent 1000 letters. It still raises a red flag.
3.) Letters with no return address are flagged as "Suspicious" and the appropriate response to such a finding is "inquire". If the FBI and US Postal Inspectors are involved, then the post offices in that region are already on alert. In this case, they would actually open the letter. Especially after being put on alert from the Postal Inspector's office that there is an extortion investigation taking place.
4.) Finally, there are the posters themselves. Not all, but the majority (myself included) are one-time posters. Graham's posts have pretty regular followers and posters. This could be an observation that is groundless because of the interest, but an observation all the same
Sorry, but your hunch is definitely off base. I received a second later (this time addressed to my wife) the other day; however, mine is postmarked Baltimore, MD. Your second statement couldn't be further from the truth. It's Very Difficult for the FBI or Postal Inspector to track this down. Let's say you drop a random letter in a post office box with no return address and no finger prints….how "easy" would it be for them to track you down? I'll tell you….they COULDN'T unless they spent an inordinate amount of time & money on forensic investigations that would be worthy of a mass serial killer. Unfortunately, the blackmailer's victims are not worthy of those types of resources.
divorce is temporary, blackmail is forever. FU mr. blackmailer. i would rather pay my wife than give you a cent.
I haven't gotten any letters yet. I'm keeping my fingers crossed.
What identifying information did the letters contain? Credit card info/transactions? Copies of AM messages?
Thanks.
There may be one way to stop this scumbag (or scumbags) – put a price on his head. With over 30 million AM victims, it shouldn't be hard to get at least a few hundred thousand people to contribute a few bucks. If 500,000 people contribute $10 each, a $5 million reward could be offered for information leading to the arrest and conviction of this con artist. My guess is that someone who would engage in extortion probably is involved with a lot of shady characters and has a lot of enemies who would be very happy to turn him in for a big (and legitimate) payday. Not sure how this could be done logistically, but perhaps those of you who are currently working with the FBI could ask them if there is a way to set up a website with FBI oversight through which such an award could be funded. They could then publicly announce the reward, and the heat will be on this piece of garbage.
That is a GREAT idea! I haven't gotten a letter but would gladly contribute. It wouldn't be difficult for the FBI to implement. You might have read about the Internet law firm in California who has sued people that have tried to publish the AM data. I contacted them and asked how I could help, and they directed toward a site they created where you could contribute to their AM defense fund. They had multiple ways to contribute and maintain your anonymity. The FBI could do the same thing.
I think Nick has a good idea. Would someone with FBI contact be willing to present that idea to them?
I haven't received a second letter yet, can't wait for that to happen.
Has anyone thought of contacting the FBI in Virginia since every one of these letters are originating from there ?
I don't understand the reasoning in sending a letter addressed to the wives. That will lead to divorce or whatever but she's not gonna go, cool I was cheated on, where do I pay your blackmail now for letting me know. Doesn't add up. My only thought is we are the first round of these letters.. When people read that wives are contacted, that might lead to the second round people who get this letter think about paying more.
I too never understood why this site is the only place people are talking about the letter. Not Reddit or anywhere on Google..
I got 2 of these letters which included a second addressed to my spouse. Called the FBI who said they are aware of this and to send in an email to their internet crime reporting site. No other help to speak of. I did send them the letter in any case, redacted
So now I wait and see what this guy does next, if he goes through with his threat to out me. Of course I refused to pay I may be stupid but not dumb…..
This site is helpful to read and see what others experiences are, despite the psots that dismiss this is a hoax. We know that it isn't.
Yeah, I'm in the same boat as you. Us folks that are receiving these letters sure wish that this was was a hoax and would end like a bad dream lol. I only found out about this website after searching Google to see who was talking about these letters and that's how I arrived at this site. This is my 3rd response so I guess that makes me me a repeat poster?
Anyway, hopefully they'll catch whoever is behind this because they are doing a very bad thing. One of the posters above mentioned how easily the FBI could track this person but I received the first letter probably almost a month ago so for this person to send another letter to the same address in the same manner with that type of arrogance that they display in the content leads me to believe that this person isn't feeling very threatened at the moment. Maybe that will change sometime soon as people keep sending the FBI letters. I still think it is more about collecting money than ousting people so I'm not extremely concerned but I guess I'm concerned enough to keep coming here to read responses. I guess we'll see what's next. Since the FBI hasn't caught this person yet, maybe someone who has been affected by this has or will hire their own investigators to track this person down before he makes his next move, whatever that may be. I guess we'll see what happens next.
I would be willing to spend a grand or so on an investigator to try and find this guy My only problem is I don't have the 2 letters any longer so I couldn't give them any where to start
Any ideas????
His Bitcoin address????
My wife received a letter last week. Fortunately she was out of town so I got to it first. The first letter I received, back in January, was from Northern Virginia but this new letter was from Maryland (which is next door to Virginia). It starts off “Dear Mrs. XXXX, I am afraid this letter contains bad news.” It also contained the same instruction page the first letter had. I am no expert but I definitely think it comes from the same people as the first letter. The typeface and margin spacing and everything match exactly. And the electronic address they give is the same in each letter.
The letter came in a regular letter size envelope with an address window on it and a first class forever stamp as postage. The envelope is one of those ones with patterns on the inside to make it harder to see through. Other than coming from Maryland the outside of the letter looks exactly like the first one I got. So if you got that first letter I would keep my eyes open for a letter that looks similar that is addressed to your wife (just Mrs Last Name).
It makes me uneasy that we are getting these letters again. This has been going on for a few months now, right? Lots of people talking about going to the FBI but if catching these losers was so easy wouldn't the FBI have gotten them by now? Either that or the authorities DO know who is doing it and they are building a case. If that is what is happening it sucks they are letting us still be targeted in the meantime. Couldn't the feds intercept these letters or something before they do their damage? Unlike the email blackmails I have read about, this seems like a pricey way to blackmail people if it is being done on any kind of large scale. So it seems obvious to me that SOME people must be paying. How else could they afford to keep this up? Has anyone here paid?
I hope I am wrong but I don't think the FBI or the USPS know who the blackmailers are yet. I doubt they are stupid enough to take the letters to the post office or they WOULD be caught by now. There are numerous post office drop boxes throughout most cities. Could the authorities reasonably conduct surveillance on all of them? Packages with no return address certainly get flagged as suspicious because they could be dangerous or contain drugs. I'm not sure regular letters would get such attention. The USPS processes MILLIONS of letters a day.
If the authorities haven't caught these guys, or guy, yet, it is probably because the blackmailers are being very careful. But it only takes one mistake. I think the reward idea is a good one. Someone out there has to know something and maybe some cash would get them to share.
Yes, I've had those same thoughts, Joeblow. People here are putting faith in the FBI but we don't even know if they're really working on this. It may not even be a priority for them. I think that some people are paying so that is keeping the blackmailers going. However, it would seem pointless to me to attempt to contact someone again if they don't get a response after sending a letter to their wife. I think this will phase out in a little while, similar to these network marketing campaigns. They can only ride this for so long, and even the people that did feel compelled to pay will eventually get tired of paying. I think the best course of action would be to just wait it out. Once the kitchen gets too hot for comfort and the blackmailers have made their cash, they'll take their bounty and ride out into the sunset until a different opportunity arises for them. If the FBI is on it, let's hope they can catch up with these people. I also believe that at least one or more of the people that have received these letters have the means to hire their own investigators and likely have done so. So someone should be making some progress on this and I think this person or persons will be forced to stop this soon.
What is the letter threatening to do?
The second letter basically said the same thing as the first but it put more of an emphasis on revealing the AM thing to family and friends since it is assuming that the wife now knows about it. It also mentioned that even if the second letter is intercepted by the man/woman who was on AM in the first place, the blackmailer would still be contacting the spouse shortly by other means. I think that is the punchline it is using to attempt to scare people into paying but I would think any other means of contact outside of snail mail would be somewhat traceable so it doesn't hold much weight.
What is interesting is how arrogant and cocky this person seems to be. The letter even tells the wife how to approach the husband when he comes home and what excuse he may make. It makes you say Wow because this person is pretty much talking to you like "I'm gonna humiliate you and your family if you ignore me. And if you don't believe me, try me!" And he/she did use most of those words. Not saying that they won't do it but that would put the blackmailer at additional risk and cost more money and time so it seems very unlikely.
One thing that I do keep in mind is that it looks like this person is using the credit card info to track down the name of the person that it thinks was using AM because I just realized that the email address that they put in the 2nd letter to my wife to try to prove that I was on the website was an old email address that I didn't even use to sign up, and that email address is also linked to that card. So they are operating off of limited information and I don't think they can really prove anything to anyone. Therefore, the people that are paying these b****es will be the ones that have to keep dealing with them in the long run. It's just a matter of time.
My recommendation is to call the US Postal Inspector's office and hand off the letters to them. This is what they do day in and day out, rather than the FBI.
Does anyone actually have a copy of the letter? Would be good to see, maybe send to Graham and he can redact and post.
I have been forwarded scanned copies of the second ("wife") letter by a few people. I may redact them and post about this development tomorrow.
If anyone else wishes to drop scans of either the letters or the envelopes to me I'm happy to receive them. https://grahamcluley.com/contact/
FWIW, I also recommend that you share information with the US Postal Inspectors bout any malicious communications you receive. Talking of which, have any Ashley Madison users *outside* the United States received a blackmail letter via the post?
Im a wife and received my letter today informing me that my husband is a member of AM. He apparently already got his letter but disposed of it without me knowing. This stuff is crazy! I'm not paying. Expose the cheating bastard to whover the blackmailer decides. My letter was post marked Feb 22, 2016 from NO VA. My letter was sent to our old address in Illinois and then forwarded to our new address in Wisconsin. BTW, hubby admitted to being a member. That's enough for this wife!
I agree with STK above. The risk of this scheme is extremely high, and the penalties are very severe. This has a limited shelf life. The best course of action is definitely to submit all correspondence to the FBI. As long as they are provided with clues, they have the means to narrow this down pretty quickly. With all the terrorism and other threats out there, I'm sure they already have the means and technology to snare a person once they've narrowed it down. I find it impossible to believe that someone could carry out a sustained extortion campaign via the US mail and not get caught. As long as the victims are consistently feeding the evidence to the FBI it's just a matter of time.
So….has anyone had anything more happen to them other than one or two letters sent to their homes? Anyone been revealed to family and friends?
It's been long enough since the first 2 letters were sent to at least some of us to know if this guy follows through with his threats for those of us NOT paying his extortion
I haven't heard anything since receiving the 2nd letter last week. I ripped up my letter and threw it away. I guess if I get any more communication then I'll notify the postal inspector. Hopefully that won't happen as this is getting annoying but I'll give an update if I receive any more communications. Also, if anyone hears of this blackmailer getting caught, which will hopefully be someday soon, please let us know when that happens so we can be in the loop. They may already be sitting in jail for all we know.
Perhaps, Graham, you can try to run a little investigation with the US Postal Inspector and, if possible, the FBI, to see why this is not circumvented or if they are actually investigating?
I just read Graham's latest article on the letters to the wives and I noticed a comment from from guy who said his wife received a letter and he has never been to the AM website in his life. Which now confirms my hunch that this guy is just fishing now. So I'm done spending my time on this fool. However, he has stooped to new levels in not hesitating to mess up the lives of families who have no clue about this website and have done nothing wrong. I don't think he realizes (yet, but he will) just how serious and despicable this thing that he is doing is.
I'm sure that whoever is doing this blackmailing probably reads these comments as there isn't really much else out there discussing these letters.
My message to you: I believe in karma – some of the innocent and not-so-innocent lives you are messing with belong to people who are rich or powerful, or both. Combine that with the FBI and personal investigators, and you'll realize that they'll catch you soon if you continue to be greedy. You may wanna stop while you can because, as Graham mentioned, you probably left something on those letters that is leading the authorities to you as we speak. Plus I want to your see how you explain this one in prison. They'll probably whip your a** and do some worse things to you just for being a coward and hurting innocent people. Even "real" criminals try to stay away from doing that.
As for everyone else here, learn from your actions and move on with your lives. Do positive things for you and your family. Don't let this person consume any more of your energy.
There are 3 counties in no va. Only one has the unique 220 zip code. This county had a website. The website owner outed the am list. Reddit grey hats had a field day with him. He lost his job. And then letters began…
He sent two letters to two tiers of users. 4000 to users who wiped with full delete – his one shot. 2 letters of 2000 each to users who didn't – whose information was more accessible in the leak. 2000 on the first pass, another 2000 on the second where he revealed more data to the wives. In fact, like most criminals who return to the scene of the crime – driven by thrill and ego, he's posting in the beginning of this thread…
He sent two letters to two tiers of users. 4000 to users who wiped with full delete – his one shot. 2 letters of 2000 each to users who didn't – whose information was more accessible in the leak. 2000 on the first pass, another 2000 on the second where he revealed more data to the wives. In fact, like most criminals who return to the scene of the crime – driven by thrill and ego, he's posting in the beginning of this thread…
I don't follow what you're trying to say here Mr Motive Opprtunity please explain
Reach out to the mods at r/ashleymadisonhack. Ask them what they know about the owner of a fairfax based website with a previous criminal record.
All, I just found this forum. I'm like Trabin – I was not on Ashley Madison. But I've received two letters, one to me and a second to my wife. Not sure how this person got my name, address, email address – anyone have any insights? Somebody set me up, per discussion above? I can't think of who would do that. My wife believes me, but other people will think it's true if they get anonymous letters saying I was on the site. Any ideas on how to disprove? Please let me know.
Ok, I don't want to alarm people. I still think it is logistically unlikely the blackmailers will do this to everyone or even most people. When I received the first letter I ignored it. And as I mentioned in previous comments, I intercepted the second letter addressed to my wife. I didn't pay that one either.
Over the weekend the blackmailers sent emails to people at our church and to some of my son's track and field teammates. The email addresses are all different but the text of the email was all the same. The emails refer to me, my wife, and son by our first names and state that I had a membership at Ashley Madison. It lists links to websites describing how to access the database and points them to particular dates to search in the database for my personal information. The emails reference the first two letters and even list the same string of bit coin numbers that was on my first two letters, I guess to prove they are the same people? They do not request any more money and do not threaten any future contact. The emails conclude with, “My business with 'My Name' is now complete.”
I did sign up for it out of curiosity when I saw it mentioned in the news once but I certainly never met anyone or attempted to meet anyone through the site. I love my wife and would NEVER do that. My wife and son shouldn't be getting punished for my spur of the moment stupidity.
As best as I can tell the blackmailer probably found out my wife and son's names through a people search or a reverse address search. My wife is listed on our church's public email prayer list, as are many of the people who received the emails. My son is listed on his team's webpage and many of his teammates emails are listed there as well.
If your family doesn't have any kind of online presence you are probably ok. If your family DOES have contact info listed anywhere online you might want to try and remove it or at least warn your family of what COULD happen.
Intellectually I know I made the right decision in not paying the blackmailers. But after this last attack my brain is having a hard time convincing my heart of that fact. I'll post this in the other thread as well. Good luck to all.
Bullshit.
I received the first letter but not the second. The person doing this is obviously motivated by something other than financial gain, as I doubt this is making any money. Why would you pay a blackmailer for information that is already in the public domain? Plus, at this point, how many spouses don't already know? The letters are form letters with little to no detailed information.
My guess is he mailed a bunch of people with the original letter. Sent a 2nd letter to a smaller bunch hoping to save some postage money and create fear.
But, only one person here claims the follow up happened….I am guessing that is the blackmailer. Think about it.
Good point. I think he knows he messed up with that follow up posting and if law enforcement is investigating this then they are probably on to him now. So this should be just about over.
Well, the letters are real. I received one. I was on the site, but I was single at the time. Not paying.
The FBI in DC referred me to the NY office which is handling these letters. The person I spoke with was familiar with the blackmail letters.
I received the first & my wife received the second so yes they are real.
Just got my 2nd.. Guy not done messing with people's lives.
Has it gone further for anyone ?
Not since I got that 2nd letter and that was well over a month ago. I'm not really worried any more because I think this thing has kinda lost its momentum. Maybe the blackmailer finally realized that once you send letters to wives and they find out, there is virtually no incentive for them to pay because the secret is out and the family is then ruined, so why should they care who knows after that? At that point couples are thinking about divorce or repairing the relationship and their kids. Paying this asshole is the last thing I would be thinking about if I had that other crap to deal with.
From the previous posts it looks like the authorities should have their hands on enough physical letters to be either close to finding this person or have already found them. I hate it for the person that will answer for this because they'll be doing years in the pen for trying to make a quick buck. Then again, they didn't care about "attempting" to mess my life up (which they were unsuccessful at in my case) so I guess I could care less about where they end up.
I got a letter last week. Im single so im not sure what the motivation is. It was turned over to local FBI. They would not give any details of the investigation but the guy was extremely positive and said they have many instruments to identify these people that is not mentioned on tv or internet. Ill bag my next letter and take to FBI if it comes but i dont have a wife so not sure it will.
Hello,
I joined Ashley Madison on December 29, 2013 and within 1-2 months I deleted the account because I felt guilty. I have not been on it since and have focused on my relationship with my wife. When I heard about the Ashley Madison hack I got nervous, but thought I was safe because this had occurred almost 2 years later. Today I went on my AIM account and saw that I received an e-mail exposing me in February and then again in March (nothing since) stating that my friends and family on Facebook will be notified. I have not received any letters, but am now alert to it. The hack occurred in July 2015 and my first e-mail was in February 2016. I'm still concerned, but not as overwhelmed as I was earlier. I changed the password on my Facebook account, I deleted my other FB account, I changed the password to my AIM account, and changed my credit card number. The one I used for AM is now de-activated as of today. If I didn't randomly search today, I wouldn't have known at all. I will keep you all posted.
I just received a letter identical to the original posted above. So it is still active.
I posted this on the March 2016 Cluley article as well. Could those of you who are getting letters indicate what years you used AM, whether or not you used your real name and if you used your actual credit cards or pre-paid ones? Thanks.
For me it was a few months back in 2014. I did not use my real full name but I believe it was an actual credit card. I'm in California, by the way.
The letter still has the northern Virginia postmark. The envelope is addressed in an unusually large printed font and there is obviously no return address. It's got a "forever" stamp on it. In my case he is asking for the sum of $2790, which is a rather strange sum of money. Almost makes me wonder if it's being automatically converted from another currency.
There is really no harm this guy can do to me even if he were to carry through with his threats but it's annoying that distinctive letters like this haven't resulted in an arrest. It's also quite interesting that there is only one report between both of Mr Cluley's threads of this guy actually carrying out his threat–that is from JoeBlow, whom several posters suspected of being the blackmailer. He's spending a fair amount on supplies and stamps, so someone must be paying up…?
I received my letter June 22nd. Has your wife received the follow up letter?
I received one yesterday asking for $9000!!!! Is that aberrant? I won't pay a penny since I no longer have anything to lose or hide and am reporting this to the Post Inspectors. I am in California.
Also -mine had a detailed How To guide for sending money on bitcoin. I=
Write the blackmailer back and tell him you jerked off to his letter, and could he please send another.
Thank you Graham for this website. It is the only place I know of to discuss these letters. I just wanted to inform you that I received one postmarked June 27 from Baltimore 212.
I received one last week. I really do not understand this. Someone must actually pay. I looked at the survey results that Graham has on his website, and the survey suggest 3% pay. If that is close to accurate, then the blackmailers make about $75/ letter mailed (3% of $2500). If they spend $3 doing these letter (postage, envelope, ink, paper), then that is a pretty damn good return. The only way these stop this is for people to STOP paying!
On that note, I went ahead and turned the one I received to the Postal service. I hope everyone here does as well.
When were you active on the AM site?
I was doing the math on this. 50% of marriages end of up in divorce. One would think that the percentage of marriages where one partner was on Ashley Madison that end up in divorce would be a lot higher -say 80%.
One would also think that the percentage of men (potential blackmail targets) that might pay would decrease once they are already separated. That subset can only be growing given the amount of time that has passed since the Ashely Madison leak. My math would tell me that the odds of success for the blackmailer have to be really small since so many of the targets have potentially nothing to lose anymore. I would imagine the time to do this blackmail successfully would have been right after the leak and that now its most likely a waste of time.
The blackmailer is obviously smart, but why bother?
Also, a lot of people, probably most, never even had an affair. It is well known that many if not most, of the "females" on AM were fembots, plus there are stolen credit cards. So while embarrassing, it is not an indictment.
What is the average time between receiving the first and second letter?
I received a similar letter in the mail in Philadelphia (it doesn't mention AM but it does ask for money) but don't believe I was ever on AM, and haven't in fact cheated on my spouse.
Also received a letter in Philadelphia. Does not mention AM, but the wording and envelope are similar. Never been on AM or any other adultery site.
Interesting…You Philly boys aren't by chance into pro wrestling?
It is a big scam. If you google you will see that these letters have been sent out to many people in the Philadelphia area in the last few days.
Just got an email black mail …. deleted it. I hope that was the best move. I didn't read the whole thing but I think it was because of my one time sign on to Adult Friend Finder from 10 years ago. How do they track down my current email address and my real first name?
You should have let us know what it said and also report it to the FBI. They track down folks doing this sort of thing.
I received an email yesterday. I laughed at it not only was it a bullshit scam but it started out "the website Ashly Madison…..that right there I knew it was fake.
They finally got around to me. I won't pay a penny. I know better.
I got one of these today. Whoever these fools are, they are late to the party. I also got one of these around a year ago. And I am divorced, just as I suspect a good number of AM clients to be. You aren't on there unless your marriage has issues. They are wasting money on me…barking up a dead tree.