July 12, 2018

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.

The rest is formulaic:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).


1,076 thoughts on “Sextortion Scam Uses Recipient’s Hacked Passwords

  1. AK

    BTC Address: 14d7SjoM1gVXRuS6LWJN6A1FkFGCkcnUJg
    [case SENSITIVE so copy and paste it]

    I got same one this morning from Kizzee Tiemann.

  2. Simon

    I’ve had the same email, I’m in the UK and they are asking for £7,000. Like other people here the password they have referenced is an old password which I haven’t used since 2009 so I suspect that this is information from an old data breach BUT you can’t be too careful… These people are poisonous, if it’s happened to you then please report it to the Police and let’s hope that with enough people reporting it and some good Police work they criminals behind this are brought to justice. A horrid and distressing experience for anyone caught up in these blackmail attempts.

    1. ron

      Why, in this day and age, would ANYONE fall for this?!?! And I am speaking as a barely computer-literate person…

  3. Dennis

    I got exactly the same today. Worried for a while, simply because Id be continuously telling people it’s a scam. Not that I’d pay to avoid embarrassment.
    I wonder if anyone has actually ever ignored it and the perpetrated carried out the “threat”

  4. TadejV

    Two cases reported (CEST timezone):

    From: Lindon Sadowski [mailto:orisheliaamr@outlook.com]
    Sent: Tuesday, July 24, 2018 12:20 AM

    BTC Address to send to: 1GTtJeQ9GeXv1CaJZmxiLssCzKLSy5NNJM
    [case-sensitive copy & paste it]


    From: Hazel Chrenko
    Sent: Saturday, July 21, 2018 9:34 PM

    Receiving Bitcoin Address: 13c1JA4TgLGTUqwKPizgdykhxShc8pyc41

  5. PEROTINUS MAGNUS

    I received a very similar e-mail today (2018-07-24), asking 7,000$ not to diffuse my sex images (where captured?) to all my contacts, from Nikoletta Kotter (??) (@outlook.com)

    BTC Address to send to: 1BvQdF9KTnhipj5TQ22EeNGnJBapcPDn5C
    [CASE sensitive, copy & paste it]

    The pw was an old pw, perhaps I used in any commercial site years ago.

  6. Kelly

    I received the same message today but have never visited a porn website. Again with a password over a decade old.

    $7000

    BTC Address to send to: 159xqKQ9K8vF1mLnRQbLDr7EYCmwdtGvYW
    [case-SENSITIVE copy & paste it]

  7. Peter Pelland

    I received the identical email last night. Thank you, Gmail, for letting this through your spam filter! Seeing an old password that you knew you used years ago is very disturbing. I knew that my email address had been pwned several times over the last decade, now I see how cyberthieves can use that information for extortion attempts. I called my local FBI field office and will file a complaint with IC3. The sender demanded $3200 in my instance.

    BTC ADDRESS: 18S94CjTy4dkrWadkh62x12SuAmhzvgEYW

  8. NICK

    I received this email today. I’m in the U.K. and £7,000 is the money requested. My friend also received this and was worried as they had his password!. My password is an old one as now I use complex passwords. The last use I remember is Ancestry.com but cannot recall a breach advertised from them.

    Can they not tack these scum from the BITcoin address??

  9. John

    Same. 7/23/18:

    From: Heddie Shepstone

    BTC Address: 1FM8MDN1zS2PWzJJiUGhJM9KwzEVf3rVR
    [CASE sensitive so copy and paste it]

    “In the second place option should be to give me $7000. I will describe it as a donation. In this instance, I will straight away eliminate your video recording. You will carry on with your way of life like this never happened and you will never hear back again from me.”

    Years old PW, possible connection with Ancestry.com? Or old LinkedIn….

  10. Donny Darko

    I would have replied, “when you release the video please send me the URL so I can show my friends”. “I could care less if someone posted a video of me masturbating”. lol.

  11. Jeffrey

    Have so many passwords, and yet it was a current one, but again, with so many data breach reports, it could have been one of those….

    Darius Just
    BTC Address: 1GkigSU6nXc6oHqiRBVKHMNmCMt9pwwr6b
    [case-sensitive copy and paste it]

  12. Miranda

    Very creepy stuff. I got this same type of email last night 7-24-2018.

    From: Samson Ekiert [mailto:ololoritacw@outlook.com]

    BTC Address to send to: 1NPyMm7xmFNYdK3wF7sgfLL7N8gXghs2vF
    [CASE sensitive so copy and paste it]

  13. Donna

    I just got the threat today. Like the others, the password referenced is over 10 years old with one exception. But I have not looked at porn videos and do not have a webcam.

    1. ron

      I, of course, have also “not looked at porn videos.”

  14. Erin

    I received the same email last night. Perpetrator asked for $7,000. I’m in Canada. The password was old. I have had both Ancestry.ca and LinkedIn accounts.

    BTC Address to send to: 18wghSbkN6yDiwxWSdek6XXiHVuScJ7h3L

  15. AliS

    I received this 7/23, from Jonathan Mazzali
    Wanted $7000 bitcoin. Password was very old and used for non sensitive sites. I dont have a web cam not do I use sites in question.

    BTC Address to send to: 1t8Kb9tsEFQZroNa2yy1faXEwPr8R8X19 [CASE-sensitive, copy and paste it]

  16. Elizabeth

    I received the same thing this morning from “Yoshiko Hinson”. Again, an old password.

    BTC Address: 1GBS9nnoevAkW1sstFrAgkVWqJy2M6vUWL
    [case sensitive so copy & paste it]

  17. Joe

    Got two of these already. Thanks Kerbs for reporting on this scam!
    I looked at blockchain explorer for one of the addresses, and 2 people actually paid out around $2500 to one of these scammers.
    So unfortunately this scam is working.

  18. Diver86

    Received the same today from:

    BTC Address: 1HUd2TYCJQwspLeaV5WqqPxM5nNrESJCcy

  19. Jun

    This is the 2nd one I received from the same email address but different account.

    Staffard Cameron

    11:33 AM (30 minutes ago)

    to me
    Lets get right to point. Not one person has compensated me to investigate about you. You do not know me and you’re most likely wondering why you are getting this mail?

    Well, I installed a malware on the adult streaming (adult porn) site and guess what, you visited this website to experience fun (you know what I mean). When you were viewing videos, your internet browser began functioning as a Remote Desktop that has a key logger which provided me with access to your display as well as webcam. Just after that, my software obtained all of your contacts from your Messenger, Facebook, as well as e-mail . And then I created a video. First part shows the video you were watching (you have a good taste hahah), and second part shows the view of your web cam, yea it is you.

    You have not one but two solutions. Lets study the solutions in details:

    Very first option is to dismiss this e mail. In that case, I am going to send out your videotape to all your your contacts and then consider about the awkwardness that you receive. Or if you are in an affair, precisely how it is going to affect?

    In the second place choice will be to give me $7000. We will think of it as a donation. As a consequence, I most certainly will instantaneously discard your video footage. You will go on with daily life like this never happened and you will not hear back again from me.

    You’ll make the payment via Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google search engine).

    BTC Address: 1PfFh4CQ6us6kjYYzT7vvnB9M6oYXoec3E
    [CASE-sensitive copy & paste it]

    If you may be thinking of going to the authorities, anyway, this email can not be traced back to me. I have taken care of my actions. I am not trying to ask you for a whole lot, I simply want to be paid for. I’ve a special pixel within this message, and now I know that you have read this email message. You now have one day to make the payment. If I do not get the BitCoins, I will send your video to all of your contacts including members of your family, co-workers, and so on. Nevertheless, if I receive the payment, I will destroy the recording immediately. If you need evidence, reply with Yes! and I will send your video recording to your 14 friends. It’s a nonnegotiable offer, and thus please do not waste my personal time and yours by responding to this message.

  20. John

    Got one of these yesterday. I stopped using the password online long ago but still used it for computer (not anymore).

    BTC Address: 14R5yVYx3PTbRw1zk2s3yWhmkg3eCiyBCn

  21. Feena

    I got this mail today. Stupid.

    “I know … one of your password. Lets get directly to point. You don’t know me and you’re most likely thinking why you’re getting this email? No person has compensated me to investigate about you.

    In fact, I actually installed a software on the 18+ videos (sexually graphic) web site and do you know what, you visited this site to experience fun (you know what I mean). While you were watching video clips, your browser began functioning as a Remote control Desktop with a key logger which provided me access to your display and cam. after that, my software program collected every one of your contacts from your Messenger, FB, and e-mailaccount. And then I made a video. First part displays the video you were watching (you have a fine taste haha), and 2nd part displays the view of your web cam, yeah it is you.

    There are a pair of options. Let us understand each of these possibilities in details:

    First option is to just ignore this email message. As a consequence, I am going to send your very own video recording to just about all of your personal contacts and think about concerning the disgrace you experience. Not to forget should you be in a romantic relationship, precisely how it will eventually affect?

    Number two option should be to pay me $3000. We are going to think of it as a donation. In this scenario, I most certainly will promptly delete your video. You could continue on your way of life like this never took place and you will not hear back again from me.

    You’ll make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google search engine).

    BTC Address: 1tP8iwRhEs4KuKfBwXK6kRzPXLyUvEtAL [case sensitive so copy and paste it]

    In case you are looking at going to the police, okay, this email can not be traced back to me. I have covered my actions. I am just not looking to ask you for money a huge amount, I just like to be paid. I have a unique pixel within this email message, and at this moment I know that you have read this message. You have one day in order to make the payment. If I don’t receive the BitCoins, I will certainly send your video recording to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I’ll erase the video right away. If you want evidence, reply Yes! then I will send your video recording to your 5 friends. It’s a nonnegotiable offer, and thus don’t waste my time & yours by responding to this mail.”

  22. Vinny

    =) and another one… received today from Wat Maas , subject myname – password but indeed old password not used for a very, very long time…

    I am aware * one of your pass word. Lets get straight to purpose. You do not know me and you’re most likely wondering why you are getting this e-mail? No one has paid me to check you.

    In fact, I actually setup a software on the X vids (adult porn) site and there’s more, you visited this web site to experience fun (you know what I mean). While you were viewing videos, your web browser initiated operating as a Remote Desktop having a key logger which provided me accessibility to your screen as well as cam. Immediately after that, my software gathered your entire contacts from your Messenger, social networks, and e-mailaccount. After that I made a double video. 1st part shows the video you were viewing (you have a fine taste hahah), and next part displays the view of your web camera, yea it is you.

    You do have just two choices. Lets read up on each of these choices in details:

    1st choice is to skip this email. In this scenario, I most certainly will send out your actual video to each one of your personal contacts and thus just think regarding the humiliation you will get. Do not forget should you be in a romantic relationship, exactly how it will eventually affect?

    In the second place choice will be to pay me $7000. We will name it as a donation. Then, I will without delay delete your video. You will go on with daily life like this never took place and you would never hear back again from me.

    You’ll make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google search engine).

    BTC Address to send to: 1PMCv3r6UT2W6VovfbsXresdLtPrkZeiNN
    [CASE SENSITIVE copy & paste it]

    If you may be looking at going to the cop, anyway, this e mail cannot be traced back to me. I have taken care of my moves. I am also not attempting to ask you for very much, I prefer to be rewarded. You now have one day to make the payment. I’ve a unique pixel in this email message, and now I know that you have read through this email message. If I don’t receive the BitCoins, I will, no doubt send out your video to all of your contacts including close relatives, co-workers, and so on. Nonetheless, if I receive the payment, I will destroy the video right away. It’s a nonnegotiable offer so please do not waste my personal time & yours by responding to this email message. If you want proof, reply with Yea & I definitely will send out your video recording to your 9 friends.

  23. Mr. Doe

    Received sextortion email on July 23 similar or identical to those already posted.

    BTC “donation” address: 19jzYTz7dYtxBqRtJ3ZQyU2H57maQCM5ex

    Password is an old one for an email address (a Juno account) I still use. I also use this password for a few mainstream sites, and just one free (non-interactive) porn site.

    I was curious whether the accounts at that porn site had been hacked, so I requested a recovery of my password. As I suspected, I had used a different email address (not my current Juno one), and the recovery was sent to that address. So, I’m pretty sure (at least in my case) that the scam is targeting randomly (vs. striking at users of sex sites).

    Has anyone reported this scam to the FBI?

  24. Faris

    I’m from Russia, why the hell I got this email too? I haven’t $4000, it’s too big money for me! 😀
    P.S. It’s fake, thank you all, I got it.

  25. Sharon

    I received the email demanding $10,000 otherwise they would release information regarding my visits to porn sites. It wasn’t the release of information that was frightening since I don’t access porn sites; it was the fact they had my password. Of course it’s been changed thankfully, but it wasn’t all that old.

  26. Michele

    Me too me too, same mail,

    Terrijo Gilmour
    (urwdalorisiz@outlook.com)

    I know *** one of your pass. Lets get right to the point. None has compensated me to check you. You may not know me and you’re most likely thinking why you are getting this e-mail?

    Well, I installed a software on the adult vids (pornographic material) web-site and do you know what, you visited this site to experience fun (you know what I mean). When you were viewing video clips, your web browser began working as a RDP with a keylogger which gave me accessibility to your display and cam. after that, my software program gathered every one of your contacts from your Messenger, FB, and emailaccount. And then I created a video. First part shows the video you were viewing (you have a nice taste haha), and 2nd part shows the recording of your webcam, & it is u.

    You actually have just two choices. Why dont we explore each of these options in particulars:

    1st solution is to skip this e-mail. As a consequence, I will send your actual video recording to all your your personal contacts and also think about the embarrassment you can get. And consequently in case you are in an affair, just how it is going to affect?

    2nd alternative will be to pay me $7000. We are going to think of it as a donation. As a consequence, I most certainly will asap erase your video footage. You could go forward your daily routine like this never took place and you surely will never hear back again from me.

    You’ll make the payment through Bitcoin (if you do not know this, search for “how to buy bitcoin” in Google).

    BTC Address: 17LLnvPnYBhQx87JKsNmd6uP6L8U5ZARK
    [case sensitive copy & paste it]

    If you have been making plans for going to the cops, good, this e mail can not be traced back to me. I have taken care of my moves. I am not looking to charge you very much, I prefer to be paid for. I’ve a specific pixel within this e mail, and at this moment I know that you have read through this message. You have one day in order to make the payment. If I don’t get the BitCoins, I will definitely send out your video to all of your contacts including close relatives, co-workers, and many others. Nonetheless, if I receive the payment, I’ll erase the recording immediately. It’s a non:negotiable offer and so please do not waste mine time & yours by responding to this email. If you want proof, reply with Yea! & I will send your video to your 14 friends.

    same variation but basically the same stuff

  27. Ash

    I got this email today. I was very shocked. I knew that it can be a scam. However, it really scares you and ruins the day too.

    Lets get directly to the purpose. No one has paid me to check you. You may not know me and you’re most likely thinking why you’re getting this email?

    In fact, I setup a malware on the adult vids (porno) website and guess what, you visited this website to have fun (you know what I mean). While you were watching videos, your browser started functioning as a RDP that has a keylogger which gave me accessibility to your display and webcam. Right after that, my software collected every one of your contacts from your Messenger, FB, as well as emailaccount. After that I created a double video. First part shows the video you were watching (you’ve got a good taste haha . . .), and next part shows the view of your web cam, yeah it is you.

    You have just two possibilities. Let us read each one of these possibilities in details:

    First solution is to just ignore this e-mail. In this situation, I will send out your actual videotape to just about all of your contacts and you can easily imagine concerning the awkwardness you can get. Do not forget if you happen to be in an intimate relationship, precisely how it will eventually affect?

    In the second place alternative should be to give me $7000. I will name it as a donation. Consequently, I will quickly erase your video footage. You will keep on everyday life like this never took place and you are never going to hear back again from me.

    You’ll make the payment by Bitcoin (if you do not know this, search for “how to buy bitcoin” in Google search engine).

    BTC Address: 1LSMSUTrH1turB7eCJSr7nZ5FkpP6Fz4DT
    [case-SENSITIVE so copy & paste it]

    Should you are making plans for going to the cop, well, this email message can not be traced back to me. I have dealt with my steps. I am not trying to ask you for a lot, I only want to be paid. You now have one day in order to pay. I’ve a unique pixel in this e mail, and now I know that you have read this email message. If I don’t receive the BitCoins, I will send your video to all of your contacts including members of your family, colleagues, and many others. Nonetheless, if I receive the payment, I will destroy the recording right away. If you really want proof, reply Yeah! then I will send out your video to your 5 friends. This is the non:negotiable offer and thus don’t waste my time and yours by replying to this e mail.

  28. E andrrson

    Received similar/exact email as some have posted asking for $7K. Password was used at linkedin,coke, wedding wire, Kroger and some local sites years ago I’m in Seattle. Made me re-evaluate on which computer I store my sensitive info. Double check all of my security settings, changed many passwords and re-think My future online account habits Thank you all so much for posting and to Krebs for the forum Only 5 mins until the release of my video. I’ll be famous and dripping cash like a Kardashian very soon, right!

  29. bMan

    My buddy received this and freaked out. His email & old password were hacked a decade ago and “pasted” in a huge list online. I was waiting for news of this scam to go mainstream, and here it is!

Comments are closed.