July 12, 2018

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.

The rest is formulaic:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).


1,076 thoughts on “Sextortion Scam Uses Recipient’s Hacked Passwords

  1. hjan

    Same mail in italy with this BTC endpoint 1MXxzqFjps2op3SPFX9aJ6HwDavMEUbNTw

  2. Steve

    I received this scam today, a password I use only for sites I don’t care about with my trash email. I don’t visit porn sites and my only computer with a camera has the camera covered so it’s nothing I take seriously.
    What is concerning is that people will freak out because they won’t be able to trace their steps. This is the newest scam / threat that Bitcoin enables, how can it be stopped?
    Obviously education isn’t working because the internet is out of control and few know the extreme dangers even “trusted” sites like Facebook will bring.

  3. Dugan

    Received same email just yesterday evening (7/19/2018). It was sent from Cristi Kohn . Silly children!

  4. Tom Anderson

    I received this email today and they used my current email and password for my Equifax account. As we all know, Equifax was hacked last year.

  5. Debbie

    “Black Mirror” – season 3, episode “Shut Up and Dance”

    EXACT same scenario!

  6. Deb Lebus

    I got this this morning!
    Vancouver Island BC Canada
    Scared the crap out of me because I still use this password for some things. Reported it to the local RCMP

  7. dj

    These are also being sent out to people who have never been compromised and who have never been to any porn site.

    What can you do with the wallet addresses included?

    1. captain

      You can google “bitcoin whoswho” and there is a site that will disclose the value of the wallet. The wallet my wife’s email pointed was empty.

      You can also report spam but you have to register to do that and it’s not clear to me if that will accomplish anything.

  8. Shina Vergara

    I will post my email so the search engines can index it.
    Password was 8 letters and not a dictionary word.

    —-
    From: Shina Vergara – allardfole@outlook.com

    I know about your secret and I have evidence of your secret. Let’s cut to the chase. You do not know me and nobody hired me to check out you. It’s just your misfortune that I found your misadventures. Moreover, I do know ********, is your password.

    The truth is, I actually installed a malware on the adult videos (adult porn) and you visited this web site to have fun (you know what I mean). While you were watching video clips, your web browser began working as a Rdp (Remote desktop) that has a key logger which gave me accessibility to your display and web cam. After that, my software program obtained data and your entire contacts from your messenger, social networks, as well as email.

    I then gave in more time than I probably should’ve digging into your data and created a double screen video. 1st part displays the recording you were watching and next part displays the capture from your webcam (its you doing inappropriate things).

    Frankly, I am willing to forget all information about you and let you get on with your regular life. And my goal is to present you 2 options that may make it happen. The above options are to either ignore this letter, or simply just pay me $3200. Let us understand these two options in details.

    Option One is to ignore this mail. You should know what will happen if you select this option. I will send your video to your contacts including close relatives, colleagues, and many others. It will not protect you from the humiliation your self will have to feel when relatives and buddies discover your unpleasant details from me.
    Option 2 is to make the payment of $3200. We will name this my “confidentiality tip”. Now lets see what happens if you pick this path. Your secret will remain your secret. I will destroy the video immediately. You keep your routine life like none of this ever occurred.

    I’m not trying to dig a hole in your pocket. I just want to get compensated for the time I put in investigating you. Let’s assume you’ve decided to produce this all go away and pay me the confidentiality fee. You’ll make the payment by Bitcoin (if you do not know this, type “how to buy bitcoins” on google)

    Amount to be sent: $3200
    Receiving Bitcoin Address: 1FjsSidLCNGGKLwmbyhD2JTmg8FVgJa2Wh
    (It’s CASE sensitive, so you should copy and paste it)

    Now you may be thinking, “I will call the cops”. Without a doubt, I have covered my steps to make sure that this email message cannot be linked time for me and yes it won’t prevent the proof from destroying your daily life.

    Share with nobody what you would use the Bitcoins for or they may not give it to you. The task to obtain bitcoins usually takes a day or two so don’t put it off. I’ve a specific pixel within this mail, and now I know that you have read through this e mail. You have 1 day to arrange and send the fees. If I do not get BitCoins from you, I will send out your video recording to all your contacts (including friends and family, co-workers, and many others). You better come up with an excuse for friends and family before they recieve the video. However, if you make the payment, I’ll destroy your data, videos and all other proofs. It is a non-negotiable offer, thus kindly do not waste my time & yours. Time is running out.

  9. Mike Block

    Jokes on them. I don’t watch porn on my laptop. I use my encrypted phone for that. 🙂

  10. Joe Siegler

    I got this today as well. Here’s my variant.

    I looked at the raw source of the email too. There was no “specific pixel”. 🙂

    —–

    From: Maurice Shrouf

    I am aware ***** one of your pass word. Lets get right to the purpose. You do not know me and you are most likely wondering why you are getting this e-mail? Absolutely no one has compensated me to investigate about you.

    actually, I setup a malware on the 18+ videos (pornography) site and do you know what, you visited this site to have fun (you know what I mean). While you were viewing video clips, your web browser started out working as a Remote Desktop that has a keylogger which gave me access to your screen and web camera. Just after that, my software program obtained your complete contacts from your Messenger, social networks, and e-mailaccount. After that I made a double-screen video. 1st part shows the video you were watching (you’ve got a nice taste : )), and 2nd part displays the view of your cam, yea its you.

    You do have only 2 choices. Shall we go through these solutions in aspects:

    1st option is to just ignore this message. As a result, I am going to send out your videotape to every one of your personal contacts and thus just think about the shame you will see. Furthermore if you happen to be in a relationship, precisely how it will eventually affect?

    Latter option should be to compensate me $4000. Lets call it a donation. In this scenario, I most certainly will promptly discard your video recording. You can keep going on your way of life like this never occurred and you are never going to hear back again from me.

    You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

    BTC Address: 13ZSu5ZjoKSfRCN9FtEXHsxcwbSohD6ztf
    [case SENSITIVE, copy & paste it]

    If you are looking at going to the authorities, okay, this e-mail cannot be traced back to me. I have taken care of my steps. I am also not trying to charge you a huge amount, I wish to be paid. You have one day to pay. I have a specific pixel within this email message, and right now I know that you have read this email message. If I do not get the BitCoins, I will definitely send your video to all of your contacts including members of your family, colleagues, and so on. Nonetheless, if I do get paid, I will erase the recording immidiately. It is a non-negotiable offer, and thus do not waste my time & yours by responding to this email message. If you need evidence, reply with Yea! and I will send out your video to your 14 friends.

  11. symon riedstra

    same here. They know I live in Portugal as they only asked for $1.000

  12. Daniel Carlson II

    Wow, I got it too today. I don’t know about an old site but it’s very possible. Thankfully I don’t have any contacts in my email program. They want 5,000 from me though. It IS a PWD that I often use in the Subj line so maybe I’ll change it on the sites I use it on.. Glad this article is around. I wouldn’t have paid it but at least I’m more informed now. Since they say that it’s both an untraceable email addy and to reply with “Yea!” for proof of the contacts they have it’s probably just fishing for active addresses.

    Lets get directly to purpose. Not one person has compensated me to check you. You don’t know me and you are most likely wondering why you are getting this email?

    In fact, I installed a software on the xxx vids (porn material) website and guess what, you visited this website to have fun (you know what I mean). While you were watching video clips, your browser began working as a Remote control Desktop with a keylogger which provided me access to your display and web cam. Just after that, my software program obtained your complete contacts from your Messenger, Facebook, and email . After that I created a double-screen video. First part displays the video you were viewing (you’ve got a fine taste haha . . .), and next part displays the view of your web cam, and its u.

    There are only 2 possibilities. Shall we analyze each of these possibilities in aspects:

    First choice is to just ignore this email. In this case, I am going to send out your very own videotape to every single one of your personal contacts and thus just imagine concerning the disgrace you can get. Or in case you are in an intimate relationship, just how it can affect?

    Number 2 alternative will be to give me $5000. Lets name it as a donation. Subsequently, I most certainly will immediately remove your video. You will keep going your way of life like this never happened and you would never hear back again from me.

    You’ll make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google search engine).

    BTC Address to send to: 1KKVdFc1Q9gQMNGatcfS69QBNe7qhFGRGK
    [CASE-sensitive copy & paste it]

    If you are curious about going to the law, good, this email can not be traced back to me. I have dealt with my actions. I am not trying to charge you a huge amount, I want to be paid. I have a special pixel within this email, and now I know that you have read through this mail. You have one day to pay. If I don’t receive the BitCoins, I will definately send out your video recording to all of your contacts including relatives, colleagues, and many others. However, if I do get paid, I will erase the recording right away. If you want to have proof, reply with Yea! then I will send your video to your 13 friends. This is a nonnegotiable offer, therefore please don’t waste my time & yours by responding to this message.

  13. Muhammed Shehzad

    I have recvd same today asked $3500

  14. Kim Facey

    Got this today and they want $9000! Canada, now what?

  15. Chuck Lidderdale

    I went through my “saved logins” and found the following accounts using my email and the passwd given. Do any of these ring a bell?

    ggcs.gigabyte.com
    accounts.craigslist.com
    owner.roku.com
    secure.followmyhealth.com
    www-ssl.bestbuy.com
    http://www.sers.com
    zillow.com

    1. BrianKrebs Post author

      This a major theme coming up in the comments here. Re-using passwords is a *bad* idea. You should be using a password manager, which can help you pick strong, unique passwords for every site. All you have to do is pick a strong, unique master password and never ever re-use that master password anywhere else. The password manager takes care of the rest.

      1. chuck

        So you say I should have 47 different logins and 47 different passwords and remember them all. And 80% of them on sites that have none of my personal information – ie. to read a new site (WashPost) they require my email & password. Why? So they can spam me. So I have a generic email/passwd. My bank access is unique. My Dr’s office is unique. Login to my web hosting is unique. So I had 7 sites that have the same pw – also if asshole was able to hack those sites and get my email/pw then asshole was able to read everything about me – which is nothing. Although I guess asshole could use it to log in and make a post…

        1. BrianKrebs Post author

          A password manager is essentially a way of using the same password at every site. All you have to do is remember that master password, and the password manager takes care of the rest.

          1. Ron Shank

            A great free password manager is keepass. Also, you could use chrome to remember your passwords. But make sure you have 2 step verification setup before you do that. Is it a pain sometimes, sure. But well worth it.

          2. Scott

            Brian, are password managers really that safe? I mean, it’s like a giant safe just asking to be hacked. If a hacker gets into your password manager account (obviously no site is safe from hackers and it’s only a matter of time) then you basically have given them a treasure trove of stuff. Why are so many security and technical sites recommending these password manager sites without really explaining the caveats? Wouldn’t it be safer to just keep a physical black book of passwords the old fashioned way? I mean, the safest password storage is the one a hacker can never get into (in this case a physical, offline book or paper).

            1. BrianKrebs Post author

              To each his own. I don’t use a password manager. But I do recommend them for people who can’t be bothered to pick unique passwords and tend to roll the dice on password re-use.

        2. captain

          I have a password manager. I have 500+ userID’s & PW’s. I only need to remember 1 password, the one for the password manager. In that manager I also store such tidbits as my phony DOB, phoney place of birth, and security questions with nonsensical answers. Example: what is your favorite color? Kansas. And with unique pw’s if I ever get one of these emails I will know who was breached because it would be the one site that matched that pw.

    2. Robert

      I recently received an email that is almost word for word identical to this scam. And I have recently done business with best buy. Have new roku tv. But it has no webcam, and porn is not an activity of mine either. Wanted $2000. Or would send to my 7 contacts. Must say even tho it had to be a scam, it made me nervous anyway. Them having that former password is new. Dirtbags!!!!

  16. Chuck Lidderdale

    My prev. comment – sers.com should be sears.com

    1. Chuck Lidderdale

      ggcs.gigabyte.com
      accounts.craigslist.com
      owner.roku.com
      secure.followmyhealth.com
      www-ssl.bestbuy.com
      http://www.sears.com
      zillow.com

  17. Dex

    They send me this hour a go. They asked $8000. I live in Bosnia :\ . I hope they publish the video and make me fameus like Kim Kardashian 😀

  18. Dirty den

    Must be desperate asked me for $3500
    At 70 years old I will scare the fok out of my friends

  19. Christy Alten-Osmera

    Just got this thing this morning – asked for 6K! Thankfully I haven’t been on any porn sites… lol – told my friends to tell me if they get anything – cause I only had 1 day to get her the money!

  20. N Hanks

    Received this yesterday. I am really annoyed that I got so worried. I don’t watch porn, or do anything on my iPad really other than watch a few episodes of The Real Housewives of Somwehere. . But still! I am going through a stressful time this week, and I hate that my anxiety played into me getting so stressed about this ludicrous scam email. You guys really helped calm me down.. Thanks! 🙂

    1. Darrell Cain

      appreciate N Hanks, mine all the same as above being Canadian they only wanted 1000 . I too was worried ,not for my sake, but what DID they have to share, was it fake too, but would disturb my devout Christian friends. It would be hard for them to get it out of their heads So nothing was ever sent it seems, because nobody paid!! Thankful for this site because I couldn’t figure it out..no sites, lots of game sites, liked in, same password. same worry!

  21. DE

    Received today as well.

    I am aware ***** one of your passphrase. Lets get straight to the purpose. Not a single person has compensated me to check about you. You do not know me and you are most likely wondering why you are getting this e-mail?

    actually, I actually placed a software on the xxx streaming (sexually graphic) website and you know what, you visited this website to have fun (you know what I mean). When you were viewing video clips, your browser started functioning as a Remote control Desktop that has a key logger which provided me accessibility to your screen and webcam. Right after that, my software gathered every one of your contacts from your Messenger, Facebook, as well as e-mailaccount. Next I created a double-screen video. 1st part shows the video you were viewing (you have a fine taste lol . . .), and second part shows the view of your web camera, yea its you.

    You get 2 choices. Why dont we check out these solutions in aspects:

    First solution is to ignore this e mail. In this situation, I will send out your very own videotape to each one of your contacts and also just think about the disgrace you feel. Moreover in case you are in a romance, precisely how it can affect?

    Next choice would be to pay me $3000. We will regard it as a donation. In this case, I most certainly will straightaway erase your video recording. You will continue on with your daily life like this never occurred and you surely will never hear back again from me.

    You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

    BTC Address to send to: 1DPoXbX3ynG7qas5KkeUcXPFCcwSAhWSxJ
    [case-SENSITIVE so copy & paste it]

    Should you are looking at going to the authorities, look, this e mail can not be traced back to me. I have covered my actions. I am just not trying to demand much, I want to be paid for. I have a special pixel in this mail, and at this moment I know that you have read through this email. You now have one day to make the payment. If I do not get the BitCoins, I definitely will send your video to all of your contacts including friends and family, coworkers, and many others. Nevertheless, if I receive the payment, I will erase the recording immidiately. This is the non-negotiable offer thus do not waste mine time & yours by replying to this mail. If you want to have evidence, reply Yup! and I definitely will send out your video recording to your 9 friends.

  22. T. McGuire

    I got a copy this afternoon. Looks like I may be the winner: they want $10,000.

    The weird part is the email; it’s been a long time since I groveled over email headers, but it looks like a valid email from outlook.com.

  23. M. Snyder

    I received a similar email this afternoon asking for 7000

  24. D. O'Shaughnessy

    I guess I got off lightly, I was only asked for $3000. My password came from the LinkedIn breach 4 years ago and the password is long since dead. I’m just curious if this is the same A-hole emailing all of us. The bit coin address in my email was:

    1BqKsr1fmwYYW9ndRxkgsYKynoU86dg9dP

    Any other takers?

    1. Amelia

      I’ve been spending the better half of today updating passwords as the password in my sextortion email was still being used on 55 different sites! I am one of those people who never listened when people warned not to reuse a password! I had no idea about the LinkedIn breach but what do you know, the offending password is from LinkedIn too. I updated all my passwords with unique codes generated by Apple Keychain, so I just hope that doesn’t get hacked too!

  25. Cheryl Rosen

    I got my email this afternoon. They wanted $6000. Maybe he should give me the $6000, as I am disabled and living on social security. I would love to see this sex tape, given I haven’t been in any relationship in at least a decade due to my health. If he has an old one and sends it around, maybe it would help me get a boyfriend…

  26. Ann

    I received the email today. They only asked for $2000–I am the cheap date I guess. If I actually watched porn online, it would have had more impact.

  27. Faith

    I just got this too, with a very old password. In mine, the request was for $3200. The bitcoin address in the email was

    1JujdFzKeH2KxXhL37dfW1cXZjE8213i1D

    Like the comment above mine, maybe I would feel more threatened if I watched porn online… but I don’t.

    It’s a pretty darned creative scam, though…

  28. Bob

    Just got this today as well. Had me nervous as yeah I’m human and look at stuff online. I’ve had other types of emails in the past but the wording and proposition in this one really had me worried, even reading it now. Password they had is pretty old and don’t use it anymore, but think it was probably one I used on LinkedIn.

    Mine was from Rosamund Gow and they wanted $2000 sent to BTC Address: 1nLsH8pNKEkQE3GTnvKffpCT5JTEQPvpG if that helps anyone try to track this down.

    Looking through the raw source of the email there’s no “pixel” or any image attached at all that I can find, it’s just raw text.

Comments are closed.