Ken's Second Act
Getting 3 text messages from imposters claiming to be law firms
*I received an unusual text message claiming to represent an attorney that stated: “A data gathering exercise in relation to a recent online deception case is still underway and no response has been received. Please submit your response and the total financial loss you experienced.”
Somewhat suspicious, I texted back, without mentioning my name, “I haven’t lost anything.”
Then, I received two almost identical text messages two days later claiming to be from other law firms. That seemed amiss, so I called AARP’s fraud hotline. I spoke to an agent and provided the names and phone numbers of the texters. The agent asked for my ZIP code and largely confirmed scammers, perhaps impersonating law firms, sent the text messages. The agent said law firms won’t call or send texts if they had no previous contact with me. The agent recommended reporting additional suspicious text messages.
I receive a lot of unsolicited text messages and phone calls and I have no idea how the texters or callers obtained my cellphone number. I don’t know whether they are connected with two reported data breaches: one from Substack and the other from Christus Health, which operates a hospital and clinics in my former community of Longview, Texas.
Substack messaged me that unauthorized third party accessed internal data this past October. Substack reported the exposed information included email addresses, phone numbers and “other internal metadata” related to those users. It says it has found no evidence that the information is being used.
The breach might have something to do with a menacing email in March from a Canadian account. It read:
Let’s get straight to the point.
We’ve know (sic) each other for a while, at least I know you.
A few months ago, I gained access to your devices and started monitoring your online activities.
What happened:
I got access to hacked database (substack.com) where you had an account with and easily accessed your e-mail.
A week later, I installed a malware on all your devices including your phone, giving me access to your microphone, camera, keyboard, and all your data.
I downloaded your photos, browsing history, conversations, and contact list. My virus updates itself and remains undetectable.
What I discovered:
You frequently visit adult web sites and watch explicit videos.
I managed to record you and created videos of you pleasuring yourself.
With a few clicks, I can share these videos with your friends, colleagues, and family or even make them public.
My proposal:
Transfer $1600 in ₿itcoiǹ to my wallet and I will delete everything immediately.
You have 48 hours from the moment you opened this email.
Once the payment is received, I will remove the malware from your devices
A quick web search showed the message was spam. I don’t create pornographic videos of myself and wouldn’t post them online if I did. Nevertheless, I notified the National Cybercrime Coordination Centre of the Royal Canadian Mounted Police.
Christus, which provided healthcare services to me for more than four years beginning under its previous ownership, notified me about a similar data breach. A vendor provided Christus with a list of patients of its laboratory services whose data might have been breached. Information could have included Social Security numbers and laboratory records.
Christus offered complimentary identity protection from the credit reporting agency Experian for 24 months. I already receive notifications from Experian through my Triple A membership. Esperian largely notifies me about qualifying for credit cards and possible cheaper rates for auto insurance. It also offers fraud alerts, giving me all the more reason to use them.
I also received a text this week from an imposter claiming to be a client manager for Fidelity, which manages one of my IRAs. It notified me about the initial public offerings for SpaceX, a company founded by Elon Musk. I texted back, “I don’t want to support an amoral oligarch.”
I reported the phone number and message to Fidelity. My advice: Report anything suspicious. Beware: this blog has 666 words.

I heard about that one going around claiming they have video of actions that would humiliate the person they are trying to scam. How terrible that some people fall for it and get cheated out of their money.
I generally delete any call notifications from any number that i don't recognize, including "The Fellowship", whoever that is. As for anyone claiming to have the goods on me, i, too, will notify law enforcement, if they make any threats of "exposure". I can count on two fingers the women who have seen me in my birthday suit. They're both dead.