July 12, 2018

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.

The rest is formulaic:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).


1,076 thoughts on “Sextortion Scam Uses Recipient’s Hacked Passwords

  1. Bob

    Same Sextortion waltz. Reported it to a friend in the FBI. I’m 70 years old and only wish they “had something on me”. Given the chance, I’;ll give them a payment 0f 35 cents worth of lead delivered at 1200 feet per second.

  2. andy

    I got one just telling me part of my phone number.
    So retarded, anyone who does a google search will show that.

    It seems that, +1-951-xxx-xx01, is your phone number. You may not know me and you are probably wondering why you are getting this e mail, right?

    actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.

    What did I do?

    I backuped phone. All photo, video and contacts.
    I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.

    exactly what should you do?

    Well, in my opinion, $100 is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

    BTC Address: 19Gfc36i682Y7kZqhvkKUJKxLav9Sq6zai
    (It is cAsE sensitive, so copy and paste it)

    Important:
    You have one day in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on. Having said that, if I receive the payment, I’ll destroy the video immidiately. If you need evidence, reply with “Yes!” and I will certainly send out your video recording to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by responding to this message.

    1. Pep

      I also received this same exact message with the 4 last digits of my phone number

      1. luke

        I just received this scam extortion email thing too same text as above
        Mine was from kolmikova@leninvest.net

        It seems that, +XX XXXXXX5127, is your phone. You may not know me and you are probably wondering why you are getting this e mail, right?

        actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.

        What did I do?

        I backuped phone. All photo, video and contacts.
        I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.

        exactly what should you do?

        Well, in my opinion, $1000 is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

        BTC Address:

        1GYNGZLEUGkkQjHo19dHDnGE87WsAiGLLB

        (It is cAsE sensitive, so copy and paste it)

        Important:
        You have 48 hour in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on. Having said that, if I receive the payment, I’ll destroy the video immidiately. If you need evidence, reply with “Yes!” and I will certainly send out your video recording to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by responding to this message.

        1. RN

          Hi!

          do you have any idea from where they could have part of your phone number?

          Regards!

          1. Robert

            Well, I’d make an educated guess at Live.com (hotmail ) servers as Microsoft ask for and insist upon you using your mobile number to verify or as a recovery contact number.

        2. Robert

          I got exactly same one as you got. Phone number different of course. Same BTC account

          1. Robert

            Oh, there is one difference: different sender

            Alert Service

            1. Emma

              Hi Robert, I got the same one with last 4 digits of my phone number, same text and Bitcoin address as Luke above. The sender of mine was Alert Service like yours. Is everyone here just deleting/ignoring them?
              Thanks!

    2. T

      Got the phone number variant as well. Is this definitely fake? Sorry if I sound naïve, just kinda freaked out.

    3. RN

      Hi Andy!

      After the day pass, did you receive anything? 🙂

      I receive the same mail from this address – prakash@int-elec.com

      “It seems that, +XX XXXXX3927, is your phone. You may not know me and you are probably wondering why you are getting this e mail, right?

      actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.

      What did I do?

      I backuped phone. All photo, video and contacts.
      I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.

      exactly what should you do?

      Well, in my opinion, $1000 is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

      BTC Address:

      1GYNGZLEUGkkQjHo19dHDnGE87WsAiGLLB

      (It is cAsE sensitive, so copy and paste it)

      Important:
      You have 48 hour in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on. Having said that, if I receive the payment, I’ll destroy the video immidiately. If you need evidence, reply with “Yes!” and I will certainly send out your video recording to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by responding to this message.”

      I now wonder where i use my phone as an information required to know were to report this!

      Do you have any idea from where they could copy the infos?

      Anybody?

      Regards

  3. A

    Similar threat, with Saul Mick as header

    BTC 1L613k*tzbFLbiXY2MUBC5X1LVzRp6bwNkD

    reported this to FBI

  4. David

    From tclucieiv@outlook.com for $7,000 to account 1GGhHEWfnH2jrCvdmd3Lr7hSedQ7iFMc3i. No one has paid in to that account so far 🙂 Password might be genuine but so old I have no record of ever using it.

  5. R

    I got the original one 4 times over about a week. Then I got the phone one a couple of days ago. Accessing a porn site would be a real feat with a landline. The new one is supposedly from LinkedIn -.edu address – with a link to log in and see the 7 companies that “search” for me. This one, like the others, is illiterate and obviously bogus. I’m retired, and I closed my LinkedIn account several years ago.

    My ISP has been punting all of these emails into spam so I see them only if I log in via the main server and look at their spam folder.

  6. Alasdair Stewart

    I have received at least 6 of these over the last few days, from “Ana” “Michelle” and such like female names, under which lie the same email address –
    info@dovecot-backend-03.cmp.livemail.co.uk
    I have copied to the UK police, which has been acknowledged, but expect no action.
    The password is one I have used for many years, but only for non-critical sites. I am now removing it from use.

  7. AJ

    Received this today, had the last 3 digits of my mobile phone number, same script as above.

  8. Martin Roll

    I too received the phone variant… I find it amusing that they sau tou can reply “YES” to this since the email address it’s spoofed from is a valid real persons email address that you can verify using google…

  9. Oliver

    Got the same today with my correct mobile number in it, love to know what company it was I used that had this Data Breach.

    Oh and sadly someone has now sent them $1000 looking at blockchain.

  10. Michelle

    I purchased a Samsung phone and with in days this happened to me
    Need to know how many other people had Samsung phones as I believe it to be in the Samsung device
    But also they could see me through the camera but I couldn’t see them ,they would send sliding messages across screen demanding money I return phone to Samsung

  11. Charles Del Campo

    received by messenger and facebook a girls started chating named Cynthia Smith from Arizona, then she got nude and started masturbating,,she ask me to show her my weaner,, then she recorder and demanded large sums of money with an extortion to tell ll my friends and family members. I advice her that I will report this to the FBI since i figure the girl is an accomplice of the crime. There has to be a way to report this, I dont think the FBI will do anything and this is a very serious criminal felony matter. Can anyone help? I dont mind my weaner being placed out there (im hing and gifted) its just the extortion which is a federal crime. Can anyone help?

Comments are closed.