Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.
The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:
“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.
The rest is formulaic:
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT
8V72
(It is cAsE sensitive, so copy and paste it)Important:
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.
However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.
It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.
I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.
Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.
Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.
According to the FBI, here are some things you can do to avoid becoming a victim:
-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.
The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).
Recebi hoje, dia 23, um e-mail semelhante a esse. A diferença é que nunca em minha vida utilizei senha nem sequer parecida com a informada pelo criminoso.
Just got a similar mail this afternoon (2018-07-23).
Wording was identical to what others have already mentioned, and originating email address was an @outlook.com domain.
BTC address was: 1EeV4ZHNwVYaNCsACmkEPetAkTRt7VCbdY
It’s amazing what they can catch with a lil Phishing…
I got one today as well…..
BTC ADDRESS: 1M3yGsSvRB3iYtRvL6rxuaoFEr8xdTphF1
$7,000 demand payable to 14eBemRmzcV7uXGcMFJTVMjNoQorW9SppQ. I’m flattered!
Hi there,
I received the same email this afternoon, 4:47 CDT from a Danny Padeira at cfuharoldlrfhc@outlook.com asking for $1,900 to be sent to Bitcoin address 1E1eSuaZ67HTsM2wVkaaDLLMiY8LTaf2Hx.
I called the FBI number mentioned in the article, but the agent recommended I submit a complaint of Internet fraud online at http://www.ic3.gov. (She said that only submitting something online will be filed, not calling.) She also suggested I email my friends and family to give them a heads up that they should not open an attachment if this motherf*cker decides to send them malware posing to be a skanky video. I’m curious if those who’ve been thrateatened have had their friends and family contacted at all?
Based on the password they baited me with (yes, an old one), I’d say it’s either LinkedIn or Tumblr that was hacked — ironically two accounts I always wondered why I had!
Oy.
Good luck and stay tuned!
I have LinkedIn but not Tumblr, so that looks like it’s the culprit.
Here was my email. Again, referencing a 10-year-old password and sent to an email I haven’t used regularly in years.
XXXX is one of your secret password. Lets get straight to the point. You don’t know anything about me whereas I “now” know alot about you and you must be thinking why you’re receiving this e mail, correct?
The truth is, I actually placed malware on porn vids (adult porn) & do you know what, you accessed same sex website to have pleasure (know what I mean?). When you were busy watching videos, your browser initiated working as a RDP (Remote Desktop Protocol) that has a backdoor which provided me access to your display as well as your web camera recordings. Just after that, the malware obtained every one of your contacts from your facebook, as well as email.
What did I do?
It is just your hard luck that I found your blunder. Later I invested in more days than I should’ve exploring into your data and created a double-screen videotape. First part displays the recording you had been viewing and next part shows the video of your cam (it is you doing nasty things)
What can you do?
Actually, I am willing to delete all about you and allow you to move on with your daily life. And I will present you a way out that will make it happen. These two choices are either to disregard this e mail (bad for you), or pay me $3200. Let’s investigate those 2 options in depth.
First Alternative is to turn a blind eye to this email. You should know what is going to happen if you select this path. I definitely will send out your sextape to your entire contacts including relatives, co-workers, and so on. It will not protect you from the humiliation your self will have to feel when family and friends discover your sordid sextape from me.
Wise Option is to pay me $3200. We will call this my “confidentiality fee”. Lets see what will happen if you opt this path. Your secret Will remain private. I’ll erase the recording. After you pay, You can freely move on with your routine life and family as if none of this ever occurred.
You will make the transfer via Bitcoins (if you do not know how, search “how to purchase “bitcoin” on google search) BTC ADDRESS: 1P4B7agwTWqFM8pE1jd3GCDGcirxz922qY
(It’s CASE sensitive, so copy and paste it)
Important: You have one day in order to make the payment. (I have a unique pixel within this message, and now I know that you have read through this mail). You shouldn’t explain nobody what you will be transferring the Bitcoins for or they might not give it to you. The process to have bitcoins usually takes a few days so do not procrastinate.
If I don’t receive the Bitcoins, I definitely will send your video to all of your contacts including close relatives, colleagues, and so forth. having said that, if I receive the payment, I’ll destroy the videotape immediately. If you need proof, reply with “yes!” and I definitely will send out your video recording to your 7 friends. It is a non negotiable offer, so don’t waste my time & yours by responding to this email.
I just got the same thing for $2,200.
The FBI said it’s a scam and not to pay it. They also recommend I file a complaint at IC3.gov.
Just got this gmail this afternoon. Wording identical and from outlook domain
My BTC Address: 13q7VJUNi66EYcuY2sTYBqvRGqEvyamZGK
Crazy people out there
I got one today, mine was from dzjsidneyalm@outlook.com. Its CRAZY that there are these type of people out there..
BTC ADDRESS: 1M3yGsSvRB3iYtRvL6rxuaoFEr8xdTphF1
From: Kristopher Faraway
BTC Address: 18H1otVnTn5CMcjk9eTLPJB3JJUwcaenRC
Amount Requested: $7000
I received one of these threats today. It requested I respond to:
BTC Address to send to: 1GeBWb4bbMPbgSg2fapDutkpWr3ipRP7Mu
I received one on Sunday and my son told me to immediately change my password.
BTC ADDRESS IS: 1A1VDamGLYLPPC24cviz1MWdB9jxauK8u6
I just received this as well and used a password that I haven’t used on a public site in ages.
Bitcoin address: 1DcH5EgSk5qYRY7CQvGoGHnhsL15gcMbzY
and asking $7000
7/23/18…got same here…old PW as well….
I received one from Elliot –
lcpflorentinoiwyqd@outlook.com
BTC ADDRESS: 1Aftm2pvzLCzPiWEoZSHgAHnCCXi2TG9yk
Yes, I got one, here in Australia from a Ronnica Villacorta, so-called. Same wording and a old password, but one I still had on an old, rarely visited site. I cut and pasted the text onto my FB page and, already a younger relative has informed me its a well-known scam!
I just got a very similar email except mine asked for $7,000 in BC. Must be a good video I guess …
I did too, 7000$. alberta. No porn here but how did they know my name. ( business email and one of my passeords.. thats what i was freaked out.scary organized crime at its finest. They said they had access to all my photos,which fine but how violated does that make a person feel. Terrible
Got the same exact e mail. Word for word. They wanted $5k in bitcoin. It’s scumbags like this that give bitcoin a bad wrap. Fuck em.
The wallet address they provided : 18eX9nf58wpsbPDhrKSpM9zfes3dwQ2qed
Got this today. Freaked me out to see a real password. Relieved to find this site! They asked for $7000 within 24 hours with this bitcoin address:
BTC Address to send to: 16Hv3SpcRrnjqciCZ4ZizKduARVzQDAjTN
Thank-you Krebs On Security!! And thank-you to everyone who has posted.
Got one from “Gardie Spino” at another Outlook address.
BTC address:
1MuFYM6Pn4nSTNok3TEAQrFrefsaKNQmzD
Just got one myself, asked for $2200
Address: nogpwiltonuqwi@outlook.com
Is anyone looking into these, seems to be a lot of people getting them? There are some seriously bad people out there.
Here is what I got in email.
Ulick Theriault
xxx is your password. Lets get directly to purpose. You don’t know me and you’re probably wondering why you are getting this email? None has paid me to investigate you.
In fact, I placed a malware on the X video clips (sexually graphic) website and guess what, you visited this site to experience fun (you know what I mean). When you were watching videos, your internet browser began working as a Remote Desktop that has a key logger which provided me accessibility to your screen as well as webcam. after that, my software program collected your complete contacts from your Messenger, social networks, and e-mail . Next I made a video. First part shows the video you were viewing (you have a good taste ; )), and 2nd part displays the view of your web camera, yeah its you.
You actually have a pair of possibilities. We will understand the possibilities in particulars:
Very first choice is to disregard this message. In such a case, I will send your tape to just about all of your contacts and thus think concerning the embarrassment you will definitely get. And as a consequence if you happen to be in an affair, exactly how it will eventually affect?
Number two choice is to give me $7000. Lets describe it as a donation. In this situation, I most certainly will immediately delete your video footage. You can continue on with your way of life like this never took place and you will not hear back again from me.
You will make the payment by Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google search engine).
BTC Address: 1FreKxLTA8JsQ925yaJi1z2P9Rvq6jbY1m
[case-SENSITIVE copy and paste it]
Should you are looking at going to the police, look, this e-mail cannot be traced back to me. I have covered my steps. I am not looking to ask you for money a huge amount, I would like to be rewarded. I’ve a unique pixel in this e-mail, and at this moment I know that you have read this message. You now have one day to make the payment. If I don’t get the BitCoins, I will send out your video to all of your contacts including close relatives, colleagues, and many others. Nevertheless, if I receive the payment, I will destroy the recording right away. This is the nonnegotiable offer thus please don’t waste my time & yours by replying to this email message. If you need proof, reply Yup! & I will send out your video to your 6 friends.
I must be middle class. He wanted $7,000. Thought I was worth more.
Anyway, I went through all of my many uses of the password he cited where there might be a correlation with that specific email address he used for me. (All were low-value targets.) The one that jumped out was LinkedIn. Did anyone get this that never had a LinkedIn account? If you got the message and you never had a LinkedIn account that would bust that theory. The other places I used the password were for store points at different retailers and for motel points.
Received this email today, and, yes, it seems to be associated with the passw/login I had used for Linkedin.
LinkedIn: In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.
I got same exact email at 5pm July 23rd. Came from Heriberto Newsome. hscydwightdpviv@outlook.com
Demanded $3900 in bitcoin
First and foremost thanks for posting the awareness Krebs keep up the good fight.
I got one myself today so will add the info. The password must be from an old site hack I’ve run randomly generated passwords for years now and this predates that. Love the poor english as it obviously isn’t native to the scammer. Sadly this is a little to wordy for a scam and they overplay their hand somewhat. I know it seems to have aspect that would cover most people to give them pause but putting more info into the email only allows readers to see through it. I don’t actually have things he / she is claiming to have collected nor do I have a machine that could be exploited like that.
I do know [*************] one of your pass word. Lets get straight to the purpose. No-one has compensated me to investigate about you. You may not know me and you’re most likely thinking why you’re getting this e-mail?
In fact, I setup a malware on the adult streaming (porn material) site and do you know what, you visited this site to experience fun (you know what I mean). When you were viewing videos, your browser started working as a Remote Desktop with a keylogger which provided me accessibility to your display screen and also webcam. after that, my software collected all of your contacts from your Messenger, FB, as well as emailaccount. And then I created a double video. First part shows the video you were watching (you have a fine taste lol . . .), and 2nd part displays the view of your web camera, yeah it is u.
You do have two different solutions. Lets take a look at these solutions in aspects:
Very first alternative is to skip this e-mail. As a consequence, I am going to send your very own video clip to all your your contacts and then you can easily imagine about the embarrassment that you receive. And likewise if you are in a relationship, just how it will affect?
Second choice would be to pay me $7000. Let us regard it as a donation. Then, I will straight away erase your video recording. You can keep on going your way of life like this never took place and you surely will never hear back again from me.
You will make the payment by Bitcoin (if you do not know this, search for “how to buy bitcoin” in Google search engine).
BTC Address to send to: 184Vk9pYZsvMAPKF53uiYLex2cJwoTZteP
[CASE-SENSITIVE copy & paste it]
In case you are thinking of going to the law enforcement officials, very well, this message can not be traced back to me. I have taken care of my moves. I am just not looking to ask you for money so much, I just like to be compensated. You have one day in order to pay. I have a unique pixel in this e-mail, and at this moment I know that you have read this e-mail. If I don’t get the BitCoins, I definitely will send your video to all of your contacts including relatives, co-workers, etc. Having said that, if I receive the payment, I’ll destroy the recording right away. If you want to have evidence, reply Yes! then I will certainly send your video recording to your 8 friends. It is a non-negotiable offer that being said don’t waste my time and yours by replying to this message.
I’d bet that this all came from this 2012 data breach at LinkedIn.
http://fortune.com/2016/05/18/linkedin-data-breach-email-password/
Someone bought the emails and passwords and is now using them for sextortion.
Much the same tonigjht- ab canada – demand 7000 , said had all my photos , and was supposr to be on some site. ( not the case) . I never read the entire email threat , but was concerned used my 1st and last name alomg one of the passwords i use. That scared me . I have a ton of contacts, private data ie work info . That is what alarmed me. Today ppl can photoshoot you in practically any scenerio which is scary. It was how they get the passwords that im concerned aboit. This is so wromg. Can malware be installed on a iPhone without knowing?
Pornagrophy or not, i still felt violated someone could possibly hack to see my camera roll,, abdundabce of work email, contacts. Imvasion of privacy! Sick sick ppl. What next.
Just got exactly same email only the password refered to is my current computer password that I have had for years and that is the worry, that they have indeed hacked into my computer.
I have now changed the password of the computer but I’m still worried about my online banking information.
Has any one any clues as to what Ishould do next.
I recieved the same email. I have never been to any porn site, but what’s wrong if I have? Here is the culprit’s BTC address for the FBI:
1EoNQ7EP938rS3fc6ipA9DPZhrL4TnS7fi
1B4ox92miD4EJbL6CmJLkGFKnJYhs8vi8
I got two of these in a week. Do I need to worry that some porno is actually going to get emailed to my contacts? I didn’t visit any porn the site, just received some porn pop ups while browsing, which I deleted immediately. What happened to everyone else?
Received 7/24/18 at 12:18 AM EST
From: Marguerite Lutfi
Subject: name – *old password*
Body:
Lets get directly to point. You may not know me and you’re probably wondering why you’re getting this mail? There is no one who has paid me to check you.
In fact, I actually installed a software on the xxx videos (adult porn) website and there’s more, you visited this site to experience fun (you know what I mean). When you were watching videos, your browser initiated working as a Remote Desktop that has a keylogger which provided me accessibility to your display and also web camera. Immediately after that, my software obtained your complete contacts from your Messenger, FB, as well as emailaccount. And then I created a video. 1st part displays the video you were watching (you’ve got a fine taste lol), and next part shows the recording of your cam, & it is you.
You have got not one but two solutions. We will read up on each of these options in aspects:
First solution is to neglect this e mail. As a consequence, I most certainly will send your actual tape to all your your contacts and you can easily imagine concerning the shame you will get. Furthermore in case you are in a loving relationship, exactly how this will affect?
In the second place choice should be to pay me $7000. I will call it a donation. As a result, I will instantly delete your videotape. You could carry on your life like this never happened and you are never going to hear back again from me.
You will make the payment through Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google search engine).
BTC Address: 1LeX9GRW3C9LP1sW4hppscqBEFAqi4s2nk
[case sensitive copy and paste it]
In case you are curious about going to the law enforcement, look, this email message cannot be traced back to me. I have covered my actions. I am also not trying to charge you a whole lot, I simply prefer to be paid for. You have one day to pay. I’ve a specific pixel within this e-mail, and now I know that you have read this email message. If I do not receive the BitCoins, I will definately send your video to all of your contacts including members of your family, coworkers, and many others. However, if I do get paid, I’ll erase the video immediately. This is a nonnegotiable offer, that being said don’t waste mine time & yours by responding to this mail. If you want proof, reply with Yup! and I will certainly send out your video recording to your 9 friends.
I also got one, BTC address is BTC Address: 167PGWofLoVT5fCV4iGNzAQNzE58do1Sfg
Interesting thing is I don’t “visit” the sites mentioned, nor do I have a web cam attached to my computer! I will use SD’s suggestions.
I got one today as well from a dani mostofavi (??) requesting $1,900 in bitcoin.