July 12, 2018

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.

The rest is formulaic:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).


1,076 thoughts on “Sextortion Scam Uses Recipient’s Hacked Passwords

  1. sindar

    I have received an e-mail with very similar text to my work e-mail, yestserday. The password is real but 10 years old.
    The bitcoin adress is below, i checked that there is no transaction on this one.

    12ACQJxMyDr3ZN6i4oMwQaMbckomtr3a7S

    Hope no one pays based on those threats…

  2. Dennis McFadden

    Sir:
    I received an email from you_yes_you_u@hotmail.com threatening disclosures if certain amounts in bitcoin was not paid by a certain date. This is blackmail/extortion. I deleted the email. Please run this to expose the jerk who sent it! Thanks.

    S,
    Dennis

  3. jc

    I believe that that the company where this data breach occurred may be Net 10 for the following reasons:

    I received one of these on July 12, 2018 – same format but wanted $2,900 – The email address was an earlier format used by the same server i use today. The server changed the @ …. to something simpler many years ago. I don’t go to porn sites and could find no malware on the computer. I don’t use the web cam but have always put black tape over it. I have no FB account .

    I also believe the data used to generate these emails is old.

    So the email was sent to an old server address (which still gets forwarded to me) and identified a password which I still use for an account set up under the old email address. The only company that uses that email and password is Net 10. Before i found this article – i called them and they denied any data breach.

    There may be a number of companies whose breaches are supplying information to the jerks –

    I would like to know if anyone who received one of these emails, had the email address used in the message and the password identified once tied to a Net 10 account or could identify another company where the information provided by the scammer was used

  4. saran

    I received exactly the same email with a bitcoin address. Oddly , after 30 minutes it disappeared and I cannot find it in any folder.

  5. Tempo

    Received on 7/22 as well. It referenced a very old password I no longer use. Of note, the email references pixel tracking, but if you run a pixel tracking blocker (as I do) you’ll notice that there’s not a tracker attached to the email. If there had been a pixel tracker in the email, it would increase the “authenticity” of the mail.

    1. Spidey

      That’s right. All my emails open in text mode, so I can see if there are any scripts in the content and none would even launch if there were, because I’m not viewing the email in HTML format. Also no images are showing, because they are blocked in my view. Only after I choose to view the images, that would work at that point.

  6. Myself

    Hi, I received a similar email. Thanks for this article! Found it after I copied the email to google. Btw I am 100% this password leak is from linkedin 2012 (or around). That was the only place where I used the attacked email and the password together + haveibeenpwned website confirms that. Anyway, it would be great to found some way to delete this data from the web…I can change the passwords everywhere but I cant change my email (as it is my real name) and I dont want to receive this scams all the time 🙁

    1. Greg

      I was looking to find the password referenced in the e-mail, and you pointed me to the right place, if I look at where I erased the old password, there it is, four or five year old Linked-In Password.

  7. Sean

    I have just received an almost identical email to those mentioned above. Also an old password and the only site to which I can link that password is to LinkedIn. Would be really great if some clever person could track such emails and scare the sh*t out of the perpetrator. Certainly stresses the importance to me of regularly changing my passwords. Inconvenient for one with a poor memory.

  8. Duane Viljoen

    Im based in Cape Town, South Africa and received similar threat early hours of this morning 23/07 – I have to admit that its pretty scary though even if very unlikely and probably social hacking! Email below….

    Let me get straight to the point. Isn’t ##### your secret pass? You don’t know me personally and nobody employed me to examine you.

    duane It’s simply your bad luck that I discovered your bad deeds. Let me tell you, I installed malware on sex video clips (porn) & you accessed this infected site to experience fun (you know what I mean). And while you were busy watching those videos, your internet browser started functioning as a RDP (Remote Desktop) with a backdoor which allowed me access to your display as well as your web cam. Right after that, my malware collected all of your photos, data and contacts from fb, as well as email.

    Next, I invested in more hours than I probably should have digging into your life and created a double-screen video. 1st part shows the video you had been watching and second part displays the view from your web camera (its you doing naughty things).

    As a family man, I’m ready to forget all information about you and let you move on with your life. And I am about to give you (a way out|two options} which will accomplish your freedom. Those two options are either to turn a deaf ear to this message (Bad for you), or just pay me $ 3300. Let us examine above two options in more detail.

    *Not Recommended* Option One is to turn a deaf ear my e-mail. You should know what will happen if you select this option. I will send out your video recording to your contacts including relatives, co-workers, and so forth. It will not shield you from the humiliation you and your family will feel when friends and family learn your unpleasant detailsin their inbox.
    *Recommended* Other Option is to pay me $ 3300. We will name it my “keep the secret fee”. Now Lets see what will happen if you choose this path. Your dirty secret remains your secret. I will delete the video. After you pay, I will let you keep your life and family like none of this ever happened.

    Let’s assume you have chosen to make all of this go away and send me my confidentiality fee. You will make the payment by Bitcoins (if you don’t know this, type “how to buy bitcoins” in google search)
    Receiving Bitcoin Address: 16FghVupomDqx2VSu8qrKJCxazivhhCGCp
    Amount to be sent: $ 3300

    I understand, at this point you must be contemplating, “I should call the cops”. Without a doubt, I have taken steps to make sure that this email message can’t be tracked to me plus it will not steer clear of the evidence from destroying your lifetime. I am not trying to dig a hole in your pocket. I am just looking to be paid for the time I put into investigating you.

    You need not tell nobody what will you be utilizing the bitcoin for or they may not sell it to you. The task to acquire bitcoin usually takes a few days so do not put it off.

    I have a unique pixel in this email, and right now I know that you have read through this message. You now have 48 hours in order to make the payment. If I don’t receive the BitCoin, I will definitely send your video to your contacts including relatives, co-workers, and so on. You better come up with an excuse for friends and family before they find out. Nevertheless, if I receive the payment, I’ll destroy the evidences immediately. It’s a non-negotiable offer, thus kindly do not waste my personal time.

  9. Pietro Masturzo

    I received a mail as the one of Dave above. I never write on Facebook except some comments and never use webcams or other visual registration systems. Interestingly, this scam came through the e-mail of my office and not through my personal e-mail (no trace of it even in the spam).

  10. Hera

    Same here – email received FRI, JUL 20

    For the benefit of others and in order to find this article better:

    sender “name”: Reuven Monopoli
    sender address: ryutessieczx@outlook.com

    bc wallet: 17eb6uAX6YqcxVW7RgwtsAJVwxrb6ZgDEE

    amount asked: US$9000

    throw-away password used many years ago

    Informed abuse@ on MS side – although the account the mail was send from was most likely used only once for that purpose, they may be able – if interested – to update message filters for that specific scam.

    Really sad to see that already people payed some serious money…

  11. Scott

    I recieved the same email as you guys in my Yahoo spam fulter. I too agree that its an old password for my Linkden account. Im not paying these losers anything.

  12. Karl

    Got the same email. 10 year old PW and and with an email address that is not in use anymore…
    Has been moved to the bin

  13. anon

    Got one of these today:

    from: yxqchanceywc@outlook.com

    I do know XXXX one of your passphrase. Lets get right to point. No-one has compensated me to check about you. You do not know me and you are most likely wondering why you are getting this e-mail?

    Let me tell you, I installed a malware on the 18+ video clips (adult porn) website and guess what, you visited this site to have fun (you know what I mean). When you were viewing video clips, your web browser began operating as a RDP having a keylogger which gave me accessibility to your screen and web camera. Immediately after that, my software program collected all your contacts from your Messenger, social networks, as well as emailaccount. Next I made a double-screen video. 1st part shows the video you were watching (you’ve got a nice taste rofl), and next part displays the view of your webcam, and its u.

    You get 2 solutions. Why dont we study each of these solutions in particulars:

    First option is to skip this email message. As a result, I most certainly will send out your video recording to every bit of your personal contacts and then visualize about the disgrace you can get. And definitely if you happen to be in a committed relationship, just how it would affect?

    Other choice would be to pay me $7000. We are going to name it as a donation. Consequently, I will promptly delete your videotape. You can go forward everyday life like this never took place and you will never hear back again from me.

    You’ll make the payment via Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google search engine).

    BTC Address to send to: 1CiohGZaTSNKh4YM2WrGTaSNbfnD8Y8WF2
    [case-SENSITIVE, copy and paste it]

    If you are curious about going to the law, very well, this mail cannot be traced back to me. I have covered my actions. I am also not attempting to ask you for money so much, I want to be paid. I have a specific pixel within this message, and at this moment I know that you have read this e mail. You have one day in order to make the payment. If I don’t receive the BitCoins, I will definately send out your video recording to all of your contacts including friends and family, colleagues, etc. Nevertheless, if I receive the payment, I’ll destroy the video immediately. If you need evidence, reply with Yes and I will certainly send your video to your 10 friends. This is a non:negotiable offer, therefore do not waste my personal time and yours by responding to this message.

  14. chris

    Got essentially the same a few minutes ago … July 23, 2018; 2:58 PM eastern time in the United States. Like the others, I confirm it’s a legitimate password, used only on LinkedIn some time ago. I also had a special email address for Linkedin at the time and the email came in to that unused address, 100% confirming that’s where this came from. I checked the bitcoin address they provided (they asked for $7,000 in my email) and currently 0 balance and no activity.

  15. Ali

    I received similar email on 22.July 2018, 0.00h. It has the same structure, with minor changes.
    (the password I have replaced with [xxxxxx]).

    The sender is: Loree Archard and the sender’s email is: yztruemanndh@outlook.com.

    Here is the text of the email:

    [xxxxxx] is your pass. Lets get straight to the point. You may not know me and you are most likely wondering why you’re getting this e mail? None has compensated me to check you.

    Let me tell you, I actually placed a software on the xxx vids (porn) website and guess what, you visited this website to experience fun (you know what I mean). When you were viewing videos, your browser initiated working as a RDP that has a key logger which provided me with access to your screen and cam. after that, my software program gathered all of your contacts from your Messenger, social networks, and email . And then I created a double-screen video. First part displays the video you were watching (you’ve got a nice taste hahah), and 2nd part shows the view of your cam, yeah it is you.

    You got two options. Let us read up on these types of possibilities in details:

    Very first solution is to neglect this email message. In this case, I am going to send out your actual videotape to every single one of your contacts and then visualize about the embarrassment you will get. Not to forget in case you are in a committed relationship, exactly how it would affect?

    Number two solution would be to pay me $1000. We are going to describe it as a donation. In this situation, I most certainly will immediately eliminate your video recording. You will keep going on your way of life like this never occurred and you never will hear back again from me.

    You will make the payment by Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google search engine).

    BTC Address: 1JhPGsqKFzaDRxkAL8PpFqWt7YLeKPJjW3
    [CASE-SENSITIVE, copy & paste it]

    If you are wondering about going to the law enforcement officials, good, this message cannot be traced back to me. I have covered my actions. I am just not trying to charge you very much, I prefer to be rewarded. You have one day to pay. I’ve a specific pixel within this mail, and at this moment I know that you have read this message. If I do not get the BitCoins, I definitely will send out your video recording to all of your contacts including members of your family, coworkers, etc. However, if I do get paid, I’ll erase the video immediately. If you need proof, reply with Yeah & I will certainly send out your video to your 12 friends. It’s a non-negotiable offer, therefore please don’t waste my personal time & yours by replying to this email.

  16. Keith

    I received two of these, on 19th July and 20th July. Different senders, but both Outlook.com email addresses. The wording on them was slightly different but both quoted the same password, which is one I had used recently to book a train journey and some theatre tickets. I dismissed them immediately as I don’t even own a webcam, so it was an obvious scam. I was concerned about the password and immediately changed it because it also linked to my online banking. These jokers demanded $19,000 and $9,000 to be paid to two different bitcoin accounts within 24 hours, otherwise they would send videos of me to all my contacts on FB and email. But the password they quoted has never been used for either my FB or email. Needless to say my friends are still waiting to receive their videos! If you get one of these emails just stop using the password they quote and then forget all about it.

  17. Scott E

    I received the same email, and (being a techy), I have deduced that they must have hacked one of the following sites (from 2010):

    Miami Dolphins – ticketing group
    Town & Country Optimist – Austin, Texas little league baseball
    Manta.com
    NFL Rush Zone – kids football program
    JibJab – funny video site creation

    Maybe someone should contact one of these company’s and let them know that their site has been hacked and their user information stolen.

  18. Scott E

    Same thing:
    18CGKxDMkwGgf5XLtXyUzqYDdpPJLE63U8

    I believe one of the following sites (not using any pw encryption) that got hacked was:

    Miami Dolphins – ticketing
    Town & Country Optimist – Austin little league baseball
    Manta – business registration site
    NFL Rush Zone – Kids pop warner football league
    JibJab – funny video site

    Like everyone else, the info of mine was from 8 years ago. Total scam, just never good to see.

  19. George Haeh

    What we need is a way to freeze criminal wallets; even better, reverse the transactions.

    bsconyd@outlook.com
    17rUDvG25wLqi2tb8n3kwoNpQ3BY7przNh

    lutherjfutsantosdg@outlook.com
    1Gsgt8XrvoUAvLZ1H68tJbvUe6JuQV7P6h

    jxvtwilahh@outlook.com
    14nBqkd48qJ8WLni8KSgwEx3AiZWz53SAd

    BitRef shows:
    Total Received: 0.91218300

    Total Sent: 0.00000000

    Final Balance: 0.91218300

    Total transactions: 2

    Recent transactions:

    Date ▼ Amount Balance
    ⛁ 2018-07-19 19:21:20 0.44118300 0.91218300
    ⛁ 2018-07-15 15:47:23 0.47100000 0.47100000

    1. Spidey

      Your middle one has managed to get money, 0.44118300 bitcoins.

  20. TheRealAndyCook

    I believe this was leaked data from Tumblr, given the specific password I was displayed.

  21. Brian

    All of these—mine too—vary the words a bit. I wonder whether that’s just to evade filters, or whether it’s a watermark that can show the intended recipient?

  22. John

    I got this one tonight. (July 23rd, 2018) from Rodina Sterne. ezfaxkj@outlook.com

    Lets get directly to the purpose. You may not know me and you are most likely thinking why you’re getting this e mail? No person has paid me to check about you.

    Let me tell you, I actually setup a software on the adult videos (porno) website and do you know what, you visited this web site to have fun (you know what I mean). When you were watching videos, your internet browser started out functioning as a RDP with a keylogger which provided me with accessibility to your screen and webcam. Immediately after that, my software program obtained all of your contacts from your Messenger, Facebook, as well as email . Next I created a video. First part shows the video you were viewing (you’ve got a good taste omg), and second part displays the recording of your web camera, and it is you.

    You have two options. We are going to explore these choices in aspects:

    First choice is to neglect this message. In this instance, I will send your actual tape to each one of your contacts and then think about concerning the humiliation you experience. Not to mention if you happen to be in an intimate relationship, precisely how it will affect?

    Next option will be to pay me $7000. We will call it a donation. Subsequently, I most certainly will instantaneously delete your video footage. You could continue your daily routine like this never occurred and you will never hear back again from me.

    You’ll make the payment through Bitcoin (if you do not know this, search for “how to buy bitcoin” in Google search engine).

    BTC Address to send to: 1AuKYEQFHheYWNTJV6gbCiRoNRZpSiQido
    [CASE SENSITIVE copy and paste it]

    If you have been planning on going to the cop, very well, this email cannot be traced back to me. I have covered my moves. I am also not attempting to charge you a lot, I just like to be rewarded. You have one day in order to pay. I have a specific pixel within this email, and right now I know that you have read through this message. If I do not receive the BitCoins, I will definately send your video recording to all of your contacts including members of your family, co-workers, etc. Having said that, if I do get paid, I will destroy the video immediately. It’s a non:negotiable offer so do not waste mine time & yours by replying to this mail. If you need proof, reply with Yea! then I will certainly send your video to your 6 friends.

  23. Doug

    I received one of these extortion e-mails. Too bad for them the first thing I did when i started up my new computer was put masking tape over the webcam.

  24. Mike

    This is another version received in UK 23 July. I have reported the Bitcoin address to .
    ===========
    XXXXXXX one of your passphrase. Lets get straight to point. Nobody has compensated me to investigate about you. You may not know me and you’re probably wondering why you are getting this e-mail?

    Let me tell you, I installed a malware on the 18+ vids (pornographic material) site and guess what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your internet browser started out working as a Remote Desktop with a key logger which provided me with accessibility to your screen and also web camera. Right after that, my software program collected your complete contacts from your Messenger, Facebook, as well as e-mailaccount. And then I created a double-screen video. 1st part shows the video you were viewing (you’ve got a nice taste ; )), and second part displays the view of your cam, & its u.

    You will have 2 solutions. We are going to explore these types of solutions in details:

    Very first choice is to skip this e-mail. In this case, I will send out your video recording to each one of your personal contacts and thus imagine regarding the embarrassment you will definitely get. And as a consequence should you be in a romantic relationship, exactly how it would affect?

    Second alternative should be to pay me $7000. Let us call it a donation. Subsequently, I most certainly will immediately erase your video. You could go on your way of life like this never took place and you would never hear back again from me.

    You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

    BTC Address to send to: 1GsjSFR878viktp5AiGYyKjW9mq4eLsZcL
    [case sensitive copy and paste it]

    Should you are looking at going to the authorities, very well, this e-mail can not be traced back to me. I have taken care of my actions. I am just not looking to charge you a lot, I simply prefer to be rewarded. You have one day in order to pay. I have a special pixel within this email message, and right now I know that you have read this e-mail. If I do not receive the BitCoins, I will certainly send your video to all of your contacts including relatives, co-workers, and so on. However, if I do get paid, I will erase the video immediately. If you want to have proof, reply Yes & I will certainly send out your video to your 12 friends. This is a non:negotiable offer thus do not waste my time and yours by replying to this e-mail.

  25. Mary Ann

    I also have received one of these email today. I too am not about to pay. The BTC address I received was 1BNsJAMRHHQmNssb4mXkmideLTjMj7GbfG. I use a hard drive and have no webcam.

  26. jup

    Another variant, another bitcoin address. Only asked me for $1000. 😉

    from: Dorine Kaxiras
    date: Jul 21, 2018, 9:46 AM
    signed-by: outlook.com

    I do know XXX is your pass word. Lets get right to the purpose. None has compensated me to investigate about you. You do not know me and you’re most likely thinking why you’re getting this mail?

    In fact, I placed a malware on the X videos (pornographic material) site and there’s more, you visited this web site to experience fun (you know what I mean). While you were viewing video clips, your internet browser started functioning as a Remote Desktop having a keylogger which gave me accessibility to your display screen and cam. Immediately after that, my software obtained all your contacts from your Messenger, FB, as well as e-mailaccount. Next I made a video. 1st part displays the video you were watching (you have a fine taste lol . . .), and 2nd part shows the recording of your web cam, yeah it is u.

    You actually have only 2 alternatives. We will go through these solutions in aspects:

    Very first option is to ignore this message. In this case, I will send your actual recorded material to every bit of your contacts and imagine concerning the humiliation you will get. In addition if you happen to be in a loving relationship, precisely how this will affect?

    2nd solution is to give me $1000. We will call it a donation. In this scenario, I will instantly discard your video. You will go on with your way of life like this never happened and you are never going to hear back again from me.

    You will make the payment through Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google search engine).

    BTC Address to send to: 1JiqkDdX7sX3QH9QVodhgqCVnRJokKg6ty
    [case sensitive copy and paste it]

    In case you are curious about going to the cops, surely, this email can not be traced back to me. I have covered my actions. I am just not attempting to charge you much, I just want to be rewarded. You now have one day in order to pay. I’ve a specific pixel in this mail, and right now I know that you have read through this mail. If I don’t get the BitCoins, I will certainly send your video recording to all of your contacts including family members, coworkers, and so on. Having said that, if I do get paid, I will destroy the video immediately. If you want to have evidence, reply with Yup then I will send out your video recording to your 5 friends. It is a nonnegotiable offer, and thus please do not waste my personal time and yours by responding to this email.

  27. Tim

    I received it from dvbmartitave@outlook.com, name Pearla Moustaid.
    Bitcoin address: 1Eqcme8i3RNk36Gy5P4piGpYKaURfBatKK
    He wanted $7000.

    It was a part of an old password. Not the whole password.

    (On 23th of July, 2018)

Comments are closed.