Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.
The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:
“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.
The rest is formulaic:
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT
8V72
(It is cAsE sensitive, so copy and paste it)Important:
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.
However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.
It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.
I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.
Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.
Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.
According to the FBI, here are some things you can do to avoid becoming a victim:
-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.
The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).
I’ve received several versions of this scan e-mail.
Strike one: I use Linux Mint.
Strike two: the Web cams are covered
Strike three: my e-mail address is not anywhere on the laptop.
And you’re out: I use Thunderbird that only displays plain-text. So much for the one-pixel graphic, that isn’t even there!
Or… “While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger” is highly illogical. Remote Desktop? Keylogger? I know of middle schoolers who wouldn’t fall for this. If you don’t install anything, it means no virus.
I work in IT.
Scarily enough we had a client targeted by this scam (the one referencing RDP and keyloggers), and I did actually find a keylogger on her computer. Her password kept getting changed, and her num lock key would continually turn on and off.
I don’t know if the keylogger I found was related to the sextortion scam or if it was just a gigantic coincidence, but it was there none the less.
Your strike one shouldn’t lull you into thinking that because you use linux mint, you’re immune to getting hacked.
Strike 3: Even if I did have a webcam on and was watching porn and they did manage to hack my computer and record the webcam and send a video to all of my contacts….I don’t care.
Just got the same email this morning, only they requested $7000 from me. Clearly the Bitcoin economy is suffering from chronic inflation in Scam Land. The password they quote is one I used well over a decade ago. The joke is on them. I do not have a web camera! And I am also certain that none of my friends could care less if I’ve ever looked at porn or not. They would probably be more concerned if I had not! So it is a big LOLS to these scumbag scammers! Nice try but your scam has been sent to spam and shredded into a million bits.
Hey, I am a little old lady in my late 60s, never looked at porn in my life, don’t have a web cam at all and never have. Whatever password they found for me was so old I actually did not recognize it as mine. I don’t remember ever using it. The writer of the email to me sounded like a foreigner had sent it, the syntax and grammar were all messed up. It asked me to send $3200. BTC Address: 1G4sFn5KFc27Czdh8ZgHahC2nzPZ9Rq7bR In answer to some of the questions I saw here, NO, I don’t think anyone can stop anything this easy, lucrative, and evil. You can punish the ones to catch, but there is no catching it before it happens.
I hope you don’t think that if a non-foreigner had sent something like that then it would have more credibility.
That’s what you chose to get out of the comment?
Do you know that there are people born in good ol USA who can’t read or write or speak good english? Many kids who win the Spelling Bee in US are kids have foreign born parents. Just wanted you to know.
got one today asking for $7K, lol – btc address was 1K7JZ4dAqeiLuy99cfTFhSyDCTec7Hg2c but no takers yet. LOLZ on you, scammers.
Got it today, July 23rd. Same garbage as described above. Ignoring it.
I received this email, and the password was the one I used at Yahoo before they got hacked, and haven’t used anywhere else.
I got my variation of the same mail today. Has anyone who ignored the mail (I’m planning to) had the sender actually act on their threats?
Beau Goodridge aka gvaestebanoufyj@outlook.com
Has my ‘video’ and I hope nightmares, as well.
bitcoin #161GSgDoUBLdLk736pkaQbvm1ucgDexPBD
Lelia Collett sent me one yesterday, demanding $7,000 to BTC Address: 122Z3rPu6tiwsb5NoFqCoebwAqnLEnPQf6
^ also not me.
Hmm. Maybe I should use a more creative name.
I responded to the email asking the scammer to please send the video to me so I could put it on my (adult webcam site) profile for everyone to see and if he did that I would be more than happy to pay him.
I then included my father’s address and asked him to send one of the scam emails to him.
PrNkSt3RB3Ar
Did he come up with a video? Or extort you? Exploit your contacts? I’m guessing not.
I ignored it it would really be a good trick to hack a webcam I don’t own, plus the password is one I haven’t used in probably 12 years. Not to mention that I don’t go to those type of sites on the internet. I figured it was a scam and this proves it!
The bitcoin address on the extortion attempt addressed to me 1KJjmQSsyi3P3FYm6E5BuQQZfCr1nMx7S8
I just received an identical email, requesting $8050 sent to:
1J8gnhpz3S2W4FRsJg82z4UstpPRzy4WVD
No takers yet:
https://bitref.com/1J8gnhpz3S2W4FRsJg82z4UstpPRzy4WVD
I got one about 48 hours ago. Old password, although still used on one site (not anymore). I ignored it; so far, so good. Anyway, no webcam! Unless they can hack the security cameras, I’m good. If they can, I’m still good!
I received this a few days ago, asking me to pay $1400 in Bitcoins.
BTC ADDRESS IS: 1A1VDamGLYLPPC24cviz1MWdB9jxauK8u6
(It’s CASE sensitive, so copy and paste it)
Can someone please do something about these evil people?
gdrobertxdypdonev@outlook.com
136bEXVPU1Gp73VCn9RpypcQMWtBXzXtgo
So far empty wallet
CBC Radio Calgary reported the sextortion on their news.
I got one several weeks ago from “Maurine Gagne” demanding $1400.00. So in response,I moved it from Spam into my Inbox and have been sending frequent HIDEOUS Vulgar Taunts back every few days since. LOLOL!!!
I just received as well. The same email as above mentioned. It was an old password.
$7000 for me!!
Really old password that I only used on non important sites, ie, ones that are *slightly* more likely to get hacked.
Hello, yesterday I received the third email of this type…
Like all of you, they indicated an old PW of mine
Are they just SPAM or can the FBI manage to track them by tracing the various BTC addresses?
Here are the names etc…
15 July: Giselle Kitchin # £2900 # BTC Address: 1n9m8pruzy1qkcn3spxqdzlik7pgefvs6v
18 July: Garret Looney # $3600 # BTC Address: 1dtyvj17algvjf2ndyc2mleuxsm6mma91h
24 July: Lou Marriott # $3200 # BTC ADDRESS: 1hhsbvc2ck5ppy8bh3mt8nb6y6p
RWQYMTX
BTC wallet i received : 15HKH28u9KTcAQRvy2fwEDWVs5ppXKSGYu
amount required 7000$
i’m from italy but still submitted a compliant to FBI
Got this July 23rd from outlook.com address.
Btc – 18vdG5VCEkCHbyVAq91Q44jzKnMioSTymo
after the initial surprise, what an incredibly freeing concept. sp..so and so likes this kind of porn, or has pics or vids of “…”..opens all sorts of doors..
I have receive same mail:
xxxxxxxxx is one of your Password. I will directly come to the point. You don’t know anything about me but I now know you very well and you must be thinking why are you getting this mail, correct?
Do you wanna know how?, I actually installed malware on sex video clips (porn material) & you know what, you visited same porn website to have fun (you know what I mean). While you were busy watching video clips, your browser started working as a RDP (Remote Desktop) that has a key logger which provided me with access to your screen and your camera recordings. Immediately after that, my malware obtained all your contacts from your social networks, as well as email.
What I want?
It’s just your misfortune that I stumbled across your misadventures. Next, I put in more days than I probably should’ve investigating into your personal life and made a split-screen video. 1st part shows the recording you were viewing and second half shows the video from your cam (its you doing nasty things)
Exactly what can you do?
Genuinely, I want to forget all about you and let you get on with your life. And I am about to present you two options that may make it happen. Those two option is either to ignore this letter (not recommended), or pay me $3200 to end this mattter forever. Let’s explore above two options in more details.
First Option is to ignore my message. Let us see what will happen if you take this option. I will send out your sextape to your entire contacts including members of your family, co-workers, etc. It won’t help you avoid the humiliation your household will have to face when family and friends discover your unpleasant videotape from me.
Wise choise is to pay me $3200. We’ll call it my “keep the secret tip”. Lets see what will happen if you go with this option. Your secret remains your secret. I’ll keep my mouth mum. Once you you pay me my fees, You keep your daily life and family as though nothing ever happened.
You’ll make the transfer by Bitcoin (if you don’t know how just search “how to buy bitcoins” on google)
My BTC Address: 1Pw8DjLd94kYzKXrQ1L1ahv9oR8yKcgg8r
(It’s cASe sensitive, so copy and paste it)
Note: You have one day in order to make the payment. (I’ve a special pixel within this e mail, and right now I know that you’ve read this email). Don’t tell anyone what you will be utilizing the Bitcoins for or they possibly will not sell it to you. The process to have bitcoin will take a few days so do not put it off.
If I don’t get the BitCoin, I will definately send out your video recording to all of your contacts including friends and family, colleagues, etc. having said that, if I receive the payment, I will erase the video immediately. If you want proof, reply with “yes!” and I will send out your video to your 8 friends. It is a non negotiable offer, so kindly do not ruin my personal time and yours by responding to this e-mail.
So far I have gotten at least half a dozen of these threatening emails seeking to extort various amounts from $1400 to $7,000 to punish me for being a very bad girl online. The sad thing is I have lived like a nun since before the Internet. So they’re gonna have to tempt me with something else besides fake porn threats to spend my paltry Social Security on. Timeshare in Cabo, perhaps?
I got this email today with an old password requesting $8050. Never been on a porn site in my life and don’t have a webcam but I am still freaked out knowing someone had access to an old password. Gives me the creeps!!!
Ellissa Harry
6:29 PM (15 hours ago)
to me
I know XXX is your pass word. Lets get straight to point. You don’t know me and you are probably thinking why you’re getting this e mail? Nobody has paid me to investigate you.
actually, I actually installed a software on the xxx videos (sex sites) web site and you know what, you visited this website to have fun (you know what I mean). While you were viewing video clips, your browser started working as a Remote Desktop with a keylogger which provided me with accessibility to your screen and webcam. Just after that, my software collected your complete contacts from your Messenger, social networks, and e-mailaccount. After that I created a video. 1st part displays the video you were viewing (you’ve got a good taste ; )), and second part shows the recording of your web cam, yeah it is you.
You have got two different alternatives. We will understand each of these solutions in particulars:
1st option is to disregard this e-mail. Consequently, I will send your actual video recording to almost all of your contacts and then just consider concerning the disgrace you experience. Or should you be in a relationship, exactly how it will affect?
Other solution should be to give me $7000. We are going to describe it as a donation. As a result, I most certainly will without delay erase your video. You could continue your daily life like this never took place and you never will hear back again from me.
You will make the payment by Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google search engine).
BTC Address to send to: 13imUEwW7jG4n4DmZ7m9JDFWP35Cvxm3vg
[case SENSITIVE copy & paste it]
If you may be looking at going to the police, well, this message can not be traced back to me. I have taken care of my steps. I am also not trying to charge you much, I prefer to be paid. I have a unique pixel within this email, and right now I know that you have read this e-mail. You now have one day in order to pay. If I do not get the BitCoins, I will send your video recording to all of your contacts including friends and family, coworkers, and so forth. Nevertheless, if I receive the payment, I’ll destroy the video immediately. It’s a nonnegotiable offer and so don’t waste my personal time & yours by replying to this message. If you need evidence, reply with Yup! then I will certainly send your video to your 10 friends.
THIS is the third email in two days.
Moises Vallee
5:29 PM (16 hours ago)
is your Password. Let me get straight to the point. You do not know me but I “now” know you very well and you must be wondering why you are getting this mail, right?
Well, I installed malware on adult video clips (pornographic material) and you know what, you visited this adult website to experience pleasure (you get my drift). When you were busy watching video clips, your web browser started out functioning as a RDP (Remote Desktop) that has a backdoor which gave me accessibility to your display and your web cam recordings. Right after that, the software program gathered every one of your contacts from your messenger, facebook, and mailbox.
What have I done?
It’s simply your bad luck that I saw your misdemeanor. After that I gave in more time than I probably should’ve exploring into your data and made a double display video. First part shows the recording you had been viewing and 2nd part displays the video of your webcam (its someone doing nasty things)
Exactly what can you do?
Actually, I am willing to forget everything about you and let you get on with your daily life. And I will offer you a way out that can accomplish it. The two option is either to turn a deaf ear to this email (not recommended), or pay me $ 1900 to end this mattter for life. Let us investigate above two options in details.
First Option is to turn a blind eye to this mail. Let me tell you what is going to happen if you take this option. I will send out your sextape to your contacts including close relatives, colleagues, etc. It won’t shield you from the humiliation your family will need to feel when friends and family learn your dirty videotape.
Wise Option is to pay me $ 1900. We’ll call it my “keep the secret charges”. Lets see what will happen if you pick this path. Your dirty secret remains your secret. I’ll keep my mouth silent. Once you you pay me my fees, I will let you keep your lifetime and family like none of this ever happened.
You’ll make the transfer by Bitcoin (if you don’t know how all you need to do is search “how to buy bitcoins” in google)
BTC ADDRESS IS: 1JgShbwZ7vyqdb9eVE3MkKibJSDNhKvfcj
(It is cASe sensitive, so copy and paste it)
Notice: You have one day in order to make the payment. (I’ve a specific pixel within this e-mail, and right now I know that you’ve read this e-mail). Don’t tell anyone what will you be transferring the bitcoin for or they possibly will not sell it to you. The process to obtain bitcoins usually takes a short time so do not delay.
If I don’t get the Bitcoins, I will certainly send out your video recording to all of your contacts including family members, co-workers, and so on. nonetheless, if I do get paid, I will destroy the sextape immediately. If you need proof, reply with “yes!” and I will certainly send out your video recording to your 15 contacts. It’s a non-negotiable one time offer, so kindly don’t waste my time and yours by responding to this email.
Got the same email today. Seems like they use a few synonyms for a couple of the words in the email to make it harder to Google.
is your personal password now Lets get straight to the point. You do not know me but I know you and you must be wondering why you are receiving this e mail, correct?
I actually installed malware on sex videos (adult porn) & guess what, you accessed this porn web site to have fun (know what I mean?). While you were watching video clips, your system began operating as a RDP (Remote Control Desktop) having a keylogger which provided me with access to your device and also your camera access. Just after that, the software obtained all of your contacts from your messenger, fb, and email.
Exactly what I want?
It is simply your misfortune that I noticed your misdemeanor. I then gave in more time than I should’ve exploring into your data and made a split-screen videotape. First half displays the recording you were watching and next half shows the view from your cam (its someone doing nasty things). Wholeheartedly, I’m ready to forget details about you and allow you to move on with your life. And I will present you a way out that can achieve it. These two alternatives are to either turn a blind eye to this message (bad for you and your family), or pay me $ 1400.
What should you do?
Let us investigate these two options in depth. First Alternative is to turn a blind eye to my e-mail. Let us see what will happen if you select this path. I will definately send out your video recording to all your contacts including friends and family, colleagues, and so forth. It does not save you from the humiliation your family will feel when family and friends uncover your sordid sextape in their inbox. Other Option is to send me $ 1400. We’ll name this my “keep the secret fee”. Now Lets discuss what will happen when you pick this way out. Your little secret Will remain your secret. I will keep my mouth mum. After you you pay me my fees, I will let you continue on with your daily life and family as if nothing ever happened. You will make the transfer through Bitcoins (if you don’t know this all you need to do is search “how to purchase bitcoin” in google)
BTC ADDRESS: 14hyhUhbHJ74cPNw4L4ZJJ5goJw1gD8Mxe
(It’s case sensitive, copy and paste it)
Important: You have one day to make the payment. (I’ve a specific pixel within this message, and right now I know that you have read this e mail). You must not tell no person what you will be utilizing the bitcoin for or they might not give it to you. The task to obtain bitcoins may take a couple of days so do not delay. If I don’t receive the Bitcoins, I definitely will send out your video to all of your contacts including relatives, co-workers, and many others. having said that, if I do get paid, I will erase the video immediately. If you want to have proof, reply with “yes!” and I will send your video to your 13 friends. It is a non-negotiable offer, thus please don’t ruin my time and yours by replying to this message.
BTW: The FBI said to file the complaint with http://www.ic3.gov. Don’t call the 1-800 number listed here as they’ll just point you to the ic3 site.
“You’ve bought me a webcam? How nice of you. Can I use it with my programs too?”