12
Jul 18

Sextortion Scam Uses Recipient’s Hacked Passwords

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.

The rest is formulaic:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).

Tags: , ,

1,076 comments

  1. Got mine this morning. I was worried about the fact that they had a current password of mine – thanks to this blog i know know where i think they got it.

    I do know XXXXX one of your pass word. Lets get right to purpose. Not one person has paid me to investigate about you. You don’t know me and you’re probably wondering why you are getting this email?

    Let me tell you, I placed a software on the X videos (adult porn) site and you know what, you visited this website to experience fun (you know what I mean). While you were viewing video clips, your internet browser began functioning as a RDP with a key logger which provided me access to your screen and webcam. Right after that, my software collected all your contacts from your Messenger, social networks, and email . After that I created a video. 1st part shows the video you were viewing (you have a nice taste haha . . .), and 2nd part shows the view of your cam, yeah it is you.

    You will have not one but two options. Why dont we explore the options in details:

    1st alternative is to disregard this message. In this situation, I will send your video to each one of your personal contacts and also imagine about the disgrace you feel. In addition if you happen to be in a romantic relationship, exactly how it is going to affect?

    Number 2 option would be to compensate me $1000. Let us name it as a donation. As a result, I will straightaway discard your video. You could continue on your way of life like this never happened and you are never going to hear back again from me.

    You will make the payment through Bitcoin (if you do not know this, search for “how to buy bitcoin” in Google search engine).

    BTC Address to send to: 1DjnTMXZemANUtwXXVyroBGXiAELe1UptG
    [CASE sensitive, copy & paste it]

    If you are looking at going to the police, good, this email message can not be traced back to me. I have covered my steps. I am just not looking to ask you for money a lot, I simply want to be paid for. You now have one day to make the payment. I have a specific pixel in this mail, and now I know that you have read this message. If I don’t get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, colleagues, etc. However, if I receive the payment, I will destroy the recording right away. If you want evidence, reply with Yup! & I definitely will send your video to your 11 contacts. This is a non-negotiable offer so do not waste my time and yours by replying to this e-mail.

    Quick question – where would i go (link) to report this to the FBI?

  2. I got one this afternoon from a Terra Rosier

    wanting $1000

    His bitcoin address is 1NPynWuQGVgPbVcJzFwYRSLCfBUNqizTxb

    Is there anywhere we can forward these emails on to for someone to try and stop them?

  3. I know when they hacked my password, it’s a breach famous videostreaming website (not porn) had nearly 2 years ago (haven’t seen them admitting it) so whoever hacked my password was in Mexico and they changed my language in Spanish (that was sweet) and two 2 screen video payment (sadly no history). It’s the same password now which seems readily available somewhere on storage. Do you know how I can find that database by any chance? Or investigate when I already know how it happened?€€

  4. Yeah, it looks like someone is sending these out to a list of people today. The bitcoin address is 1H8HhVzeGhqsXwKQNv4w872Mpw5YJ3ub2r

  5. Same here, they got my password correct and i still use it in some places.. i am curious as to how they got it. Bitcoin adress:

    1GT9zAegP2XiDdW6nXJwurwxPCZv6BTJcc

  6. Hi,
    I also got one today.

    The email and password are from the 2012 Linkedin.com data breach (I’m sure, as I use unique passwords, and I have a log of passwords history).

    These data (emails+passwords in open text) were public for sometime, so anybody can use them today.

    NTL, nice try. 😉

  7. I received one a week ago and then another one today requesting a reduced amount. I was wondering how they had one of my passwords and tried out my email address at: http://haveibeenpwned.com
    The results have made me much less confident in web security.

  8. just got one today. the bitcoin address on mine is 1JfVBVf3A3e9V6FhcD86axbHLq7ub6VWvv. the email was from a old linkedin account from at least 5 years ago.

  9. got one today wants $1000 bitcoin address DB92NIaTHKsCNFIDK1461

  10. Received a mail virtually identical to the sample script from your article. Sender was Kathryne Nowak . Demanded $8000. Bitcom address for payment: 1FWX1WfLrr4cUVvUzoP85HmoVaeHkUuKvv

  11. Hi, I have also received the same email on 15th July in my Hotmail account. They are using a very old password that I used more than 5 years ago. Asked for $3200 to be transferred through bitcoin address. I blocked the sender but got another email with a different Name 19th July’18. Please advise what we do next to stop them?

  12. Got this same email today from “Cherey Bower” requesting $1000 Bitcom with very old password that is no longer in use. Hope no one falls for this scam!

  13. Here is the one I got:

    From Martelle Blau

    one of your pass word. Lets get right to the purpose. You may not know me and you’re probably thinking why you are getting this mail? There is no one who has paid me to check you.

    In fact, I placed a software on the 18+ vids (porn material) site and guess what, you visited this web site to experience fun (you know what I mean). When you were watching video clips, your web browser started out operating as a Remote Desktop that has a key logger which provided me with accessibility to your display screen and webcam. Right after that, my software program obtained your entire contacts from your Messenger, Facebook, and email . After that I made a double video. 1st part shows the video you were watching (you have a fine taste rofl), and next part displays the view of your webcam, yeah it is you.

    You do have not one but two possibilities. Why dont we go through these types of choices in aspects:

    First option is to just ignore this email. In such a case, I am going to send your actual video recording to each of your your personal contacts and consider regarding the shame you will see. And likewise should you be in a loving relationship, just how it will eventually affect?

    Second solution is to compensate me $1000. I will think of it as a donation. Then, I will promptly eliminate your video footage. You will go forward your way of life like this never took place and you never will hear back again from me.

    You’ll make the payment through Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google).

    BTC Address to send to: 13dw6EmoSJi1KgJmSG2ihow8x1r4vtCBuz
    [case-SENSITIVE copy & paste it]

    If you may be planning on going to the authorities, anyway, this email can not be traced back to me. I have dealt with my moves. I am just not attempting to charge a fee very much, I only want to be compensated. I’ve a unique pixel in this mail, and at this moment I know that you have read through this e mail. You have one day to pay. If I do not receive the BitCoins, I will, no doubt send your video recording to all of your contacts including family members, co-workers, and many others. Nonetheless, if I do get paid, I will erase the video immediately. If you really want evidence, reply with Yeah and I will send out your video recording to your 15 friends. This is the non-negotiable offer, thus please don’t waste my personal time and yours by replying to this email message.

  14. I received one of these e-mails today. As others have stated, the password is an old one. I have never visited a porn website in my life and I don’t even own a webcam. I, too, will file an internet crime complaint. As if we don’t have enough to worry about, we have to deal with these idiots and their nonsense

  15. Idem reçu de cette personne

    Virgilio Poole
    ven. 20-07, 18:41

    I know about your secret and I’ve evidence of your secret. Let’s cut to the chase. You don’t know me and nobody paid me to investigate you. It is just your bad luck that I found your bad deeds. As a proof, I am aware, (MOT DE PASSE), is your password.

    Actually, I actually setup a malware on the adult vids (pornographic material) and you visited this web site to experience fun (you know what I mean). When you were busy watching videos, your web browser initiated working as a Rdp (Remote control desktop) that has a keylogger which provided me accessibility to your display and also cam. After that, my software gathered data and every one of your contacts from messenger, facebook, and e-mail.

    I then gave in much more hours than I probably should’ve digging into your device and created a double-screen video. 1st part displays the recording you were viewing and other part displays the video of your web cam (its you doing dirty things).

    Frankly, I am ready to forget about you and let you get on with your regular life. And I am about to offer you 2 options that may accomplish that. Those two options are to either ignore this letter, or simply pay me $ 2200. Let’s examine those two options in more details.

    Option 1 is to ignore this e-mail. Let’s see what will happen if you pick this path. I will certainly send your video to your contacts including friends and family, colleagues, etc. It won’t help you avoid the humiliation your family will must face when family and friends learn your dirty details from me.
    Other Option is to send me $ 2200. We will call it my “confidentiality fee”. Let me tell you what happens if you choose this path. Your secret will remain your secret. I’ll destroy the video immediately. You go on with your routine life as if none of this ever occurred.

    I do not seek to dig a hole in your pocket. I am just looking to be paid for my time I put in investigating you. Let’s hope you have chosen to generate pretty much everything disappear and pay me my confidentiality fee. You’ll make the payment via Bitcoin (if you don’t know this, search “how to buy bitcoins” in search engine)

    Transfer Amount: $ 2200
    Send To This Bitcoin Address: 18CT2g3ZG3G87XXTdqtktwejKMEFF7RpLu
    (It is cASe sensitive, so copy and paste it)

    At this point you must be thinking, “I’ll just go to the cops”. Without a doubt, I have taken steps to ensure this email can’t be tracked returning to me also it won’t prevent the evidence from ruining your reputation.

    Explain no one what you will be transferring the bitcoin for else they may not provide it to you. The task to obtain bitcoin usually takes a few days so don’t put it off. I’ve a unique pixel in this message, and now I know that you have read this e-mail. You now have 1 day in order to transfer the payment. Incase, I don’t get BitCoins from you, I will definately share your video proof to your contacts (including family members, co-workers, etc). You better think of a an excuse for everyone before they see your video. Nevertheless, if you send the payment, I will destroy your files, recordings and all other proofs immediately. It is a non-negotiable offer, thus please do not waste my time & yours. Your time has started.

  16. I got mine too from
    Misty Berger, iukvittoriamz@outlook.com

    I know xxxxxxx is your pass. Lets get directly to purpose. None has compensated me to investigate you. You don’t know me and you are probably wondering why you’re getting this e-mail?

    actually, I placed a software on the 18+ streaming (adult porn) web-site and do you know what, you visited this web site to experience fun (you know what I mean). When you were viewing video clips, your internet browser began operating as a Remote Desktop having a key logger which gave me access to your display screen as well as web camera. Just after that, my software program gathered your complete contacts from your Messenger, social networks, and email . Next I made a double-screen video. 1st part shows the video you were viewing (you have a nice taste ; )), and 2nd part shows the view of your webcam, yea it is u.

    You have 2 alternatives. We will understand these options in particulars:

    1st choice is to dismiss this e-mail. In this scenario, I most certainly will send your videotape to each one of your contacts and just consider regarding the humiliation you will definitely get. And consequently in case you are in a loving relationship, exactly how it will affect?

    Second choice will be to give me $1000. Let us regard it as a donation. As a result, I most certainly will immediately erase your video. You will keep your life like this never took place and you surely will never hear back again from me.

    You will make the payment by Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).

    BTC Address to send to: 17F9k83dp37C1DdgydkawwdGR8wqXLpX4y
    [CASE-SENSITIVE so copy and paste it]

    In case you are looking at going to the cops, okay, this message cannot be traced back to me. I have dealt with my actions. I am just not looking to charge you very much, I wish to be paid for. I’ve a special pixel in this message, and now I know that you have read this message. You have one day to make the payment. If I don’t get the BitCoins, I will definitely send out your video to all of your contacts including close relatives, colleagues, and so on. Having said that, if I do get paid, I’ll destroy the video immediately. If you want to have evidence, reply Yeah! and I will certainly send out your video to your 14 contacts. This is the non-negotiable offer, thus please don’t waste my time and yours by responding to this e mail.

  17. Just got it! Looks like it is using some old breach like myspace.. or anyone already exposed in haveibeenpwned

    The email is from ####@outlook.com

    Bitcoin address has zero balance.

  18. yes.
    Italy. Mail yesterday from Ollie Adiele, outlook account. Request £ 3.000.
    Really hurt me for the threats and hope they get chased and prosecuted somehow.

    BItcoin address: 124EfYiFeqBZUxPongbXcik1y3whzizakA

  19. yes. I try to write a comment but looks like I have already commented (which is not)

  20. Got one 24 hrs ago by one Kiersten Engel [aureikoco@outlook.com], using a password from a European website last used 8 years ago, Bitcoin key:1QE9UWeZ3i7RHpQRBnwKB4uHCCcHQ4kqeu

  21. Received this today. Thought it a bit sus as it didn’t have my name and if it was genuine would have included video evidence. The password was very old and low security. I copy and pasted the email into Google and it came up with this site and others confirming my suspicions.

  22. I’m from Spain. Received one yesterday from Gar Parkman. Outlook acount.
    BTC Address:
    1AbRYucK5KLam5WnbQFEvqN9N1QyY6cT7G

  23. Sextortion email received just now. Bitcoin address: 1egkt7jmnlofodpsy8vo8znsndmxn9vsng

  24. Thank you for this write-up.
    Got the same message, requested 1 k$
    My password that was mentioned is old but I still use it occasionally.

    BTC: 1MgsuRxqP2pin6CCAtPx3RYSHFGa9XXG6q

  25. I am from Toronto and got the email on July 21 afternoon from Garv Garside Outlook.

    BTC Address: 1822Ywb4FRp7jMRT35a27rHpKGeYVzv4RU

  26. Got one of these yesterday, and it really stressed me out. Would love to see these people have to pay for this. I’m almost thinking the password they mentioned is an old Facebook password?? Anyway, bitcoin address is:
    18jnMxmYj5tFSjAum7EmYNa7ebXhZ5RLju

  27. I am from the UK and just fond this e-mail from 19/07/1018
    BTC Address: 12mT49TfZ4EeCD9LR9zGb4H6vxEiMqkmFA

  28. I am from Toronto and got the email this morning from “Brett Conant” (different email address with the name stephanouv in it@ outlook) asking for $1100
    BTC address 1NM9rA5Vf77aa4T1u65GwBQEV3CALRdobd
    Is anyone concerned that their online security may be at risk as a result of these people knowing one of their passwords? Or is it thought that the data breach simply provides an email address and the password?

  29. Received identical threat while traveling in England 7/21. They asked for 10k so they’re upping their demand. I’ve never been to a porn site and use my laptop w an external screen so no camera is available to record my mundane computer use. This was alarming enough to have me considering a password vault and am greatly relieved this is a scam and not a real threat- yet anyway.

  30. Received one today also. I’m in NY
    BTC ADDRESS: 1A1a3BdGxL4xv4HPVGG8WJXT1pm8pvJAZx