July 12, 2018

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.

The rest is formulaic:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).


1,076 thoughts on “Sextortion Scam Uses Recipient’s Hacked Passwords

  1. Jarhead

    Got mine today – wanted $4,000. Told hime if he could guarantee my wife would leave me I would double his asking amount.

    Waiting for response!! LOL.

  2. Arkay

    This is what I got on 24 July 2018
    ———————————————–

    From : Gerda Soth
    Subject :

    Lets get directly to point. You do not know me and you’re probably thinking why you are getting this email? No-one has paid me to check about you.

    Well, I actually installed a malware on the X videos (porno) site and there’s more, you visited this website to experience fun (you know what I mean). While you were watching videos, your browser started out operating as a RDP having a keylogger which provided me with access to your screen as well as cam. Right after that, my software gathered every one of your contacts from your Messenger, Facebook, and e-mailaccount. Next I created a double-screen video. 1st part displays the video you were viewing (you’ve got a fine taste omg), and second part displays the recording of your webcam, and its you.

    You have not one but two alternatives. We are going to read up on these choices in particulars:

    First option is to skip this message. In this scenario, I am going to send out your very own video recording to every bit of your contacts and also think about concerning the shame you experience. Keep in mind if you are in a romance, exactly how it will eventually affect?

    In the second place option would be to compensate me $7000. Let us call it a donation. Then, I will straightaway delete your video. You can go forward daily life like this never took place and you will never hear back again from me.

    You will make the payment via Bitcoin (if you do not know this, search “how to buy bitcoin” in Google search engine).

    BTC Address to send to: 1vimdYAGz9wnaEr59u5GUjoHRaWk3CBd7 [CASE-sensitive so copy & paste it]

    If you have been looking at going to the law, well, this message can not be traced back to me. I have taken care of my actions. I am not attempting to charge a fee so much, I prefer to be compensated. You have one day to make the payment. I’ve a specific pixel in this email, and now I know that you have read through this message. If I do not receive the BitCoins, I will send out your video recording to all of your contacts including relatives, coworkers, and so on. Nonetheless, if I do get paid, I’ll destroy the video right away. This is a non:negotiable offer thus please do not waste mine time and yours by responding to this email. If you want to have evidence, reply Yea! & I will send your video recording to your 11 contacts.

  3. Wakefield Carter

    BTC Address to send to: 13GYrV6NGHTqAyM9MEUpaNPvgdzVcyoqHM

    Being able to Google scams is a godsend.

  4. Chris Gruber

    Same email as everyone above. Bitcoin address: 14M7L38s9pnEwQkAYRv1zaDU2KRgxDVcuh

  5. SK

    Got the same mail yesterday.
    Very old PW on FB, used no more than 3 times.

  6. Conrad

    I’ve just been asked $7000…. Fortunately though I use my own personal domain name so when I sign up for anything I use WEBSITENAME@MYNAME.CO.UK…. So I know the website where this person has got my email address from! Suffice to say I’m emailing them now asking about their security breach!

    1. Conrad

      This was LinkedIn data breach they reported in May 2016 backdated to 2012. If all the comments are from people with LinkedIn accounts then it may well be this breach that has caused this recent influx of emails being sent.

  7. Nikfuns

    I got the same e-mail as well. It is weird. I cross referenced my own database which I found the same combination for the said e-mail and password ONLY was used in 2005 for APC personal page login. So I strongly believe that’s may be one of the user database the hacker use.

  8. sahn

    The same for me, received yesterday 10PM
    From: Shellie Itzler

    The password they gave was the one of my linkedin account…but not used since a while

    I know ………….. one of your pass word. Lets get right to the point. You don’t know me and you’re most likely wondering why you’re getting this e-mail? No-one has compensated me to check you.

    Let me tell you, I actually placed a malware on the 18+ vids (porn material) website and do you know what, you visited this web site to experience fun (you know what I mean). When you were watching video clips, your browser started out functioning as a Remote Desktop with a key logger which provided me with accessibility to your display screen as well as cam. Just after that, my software program obtained your entire contacts from your Messenger, FB, and email . After that I created a video. First part displays the video you were watching (you’ve got a good taste lmao), and second part shows the view of your web cam, & it is you.

    There are two solutions. Shall we understand these types of possibilities in details:

    1st solution is to ignore this email message. In such a case, I will send your actual video recording to all your your contacts and thus consider regarding the awkwardness you can get. Not to mention should you be in a romance, how it will affect?

    In the second place option will be to give me $1000. We are going to name it as a donation. As a consequence, I will straightaway erase your video. You will carry on your way of life like this never happened and you would never hear back again from me.

    You will make the payment via Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

    BTC Address to send to: 1G6qMVdoXcScXSWR5wYiTXFeuhvDJZhrzY
    [case-sensitive, copy & paste it]

    In case you are wondering about going to the authorities, look, this e-mail cannot be traced back to me. I have covered my moves. I am also not trying to ask you for much, I just like to be compensated. You now have one day to make the payment. I’ve a special pixel in this e-mail, and right now I know that you have read through this mail. If I don’t receive the BitCoins, I will send your video recording to all of your contacts including members of your family, coworkers, etc. Nevertheless, if I receive the payment, I’ll destroy the video immediately. If you really want proof, reply with Yeah and I will send your video recording to your 8 contacts. This is the non:negotiable offer, therefore please don’t waste mine time and yours by replying to this email.

  9. JG

    Seems like it might be one person or a small group of people modifying each e-mail – mine is most like those posted here around the same time as I got mine on 7/24. I clearly remember using this password on LinkedIn immediately before they were breached in 2012. Have not used it on anything since of course…

    Suffice it to say that the evidence they describe does not exist but it’s still a little jarring to see something so targeted.

    Subject: XXXXXXX – XXXXXXXXXXXXXXXX

    XXXXXXXXXXXXXXXX one of your passphrase. Lets get directly to the purpose. You may not know me and you are most likely wondering why you’re getting this mail? There is no one who has compensated me to investigate about you.

    Well, I placed a software on the xxx vids (sex sites) web site and there’s more, you visited this web site to have fun (you know what I mean). While you were watching video clips, your internet browser initiated operating as a Remote Desktop with a key logger which provided me with access to your display and also web camera. Just after that, my software program gathered every one of your contacts from your Messenger, FB, and emailaccount. And then I made a double-screen video. First part shows the video you were watching (you have a nice taste : )), and next part shows the recording of your webcam, and its u.

    You have two different options. We should review these solutions in details:

    Very first option is to skip this message. Then, I will send your very own videotape to all your your personal contacts and thus just consider about the humiliation you will see. And consequently should you be in a relationship, just how it can affect?

    Number 2 alternative will be to compensate me $7000. Lets call it a donation. In this case, I will without delay eliminate your video recording. You could go on with your daily routine like this never took place and you never will hear back again from me.

    You’ll make the payment via Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).

    BTC Address: 1KEcfkuoM6nMBG5M97pMHE2jzYSNUJZVzB
    [CASE-sensitive so copy & paste it]

    If you may be looking at going to the law enforcement, well, this email can not be traced back to me. I have covered my steps. I am not trying to demand so much, I would like to be paid for. I’ve a special pixel within this email, and right now I know that you have read this email. You have one day to pay. If I do not get the BitCoins, I will send out your video recording to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I receive the payment, I’ll erase the recording right away. If you need proof, reply with Yup! then I definitely will send your video recording to your 11 friends. It is a non:negotiable offer and so please don’t waste my time & yours by responding to this message.

  10. Samuel Kistler

    Same story again, with a very similar email. BitCoin used is as follows, be aware…

    1HEpaju84gHxz6LSDudRBGX7WDfSLXW5f7

  11. JM

    Got this email today.

    The email came from
    Manual Kavanaugh

    They were asking to submit a payment to:

    Transfer Amount: 0.125 BTC
    BTC ADDRESS IS: 12VQDyr1ovFXmAmGUmqZ14QKpBRNdxNzdc

    Same story, part of the email said:

    “I actually placed malware on adult vids (porno) & there’s more, you accessed same adult web site to experience fun (you get my drift). And when you got busy watching our videos, your browser started out functioning as a RDP (Remote Computer) that has a backdoor which gave me access to your device and also your camera access. After that, the software program collected all your contacts from messenger, facebook, and email. “

  12. Bertha N

    Required Amount: 0.9 BTC
    BTC ADDRESS: 1GqdRUW36attH9PKFTXDznokDH6ysMk8Sg
    From: Scot Cicinelli

  13. Janus

    Had one myself which I find particularly amusing since I do not and have never owned a webcam, it also helps that I have RDP disabled. Can trace the password back to 2004, it was only ever used once and only for a few months on a specific website.

    Wilburn Avrett

    Amount to be sent: 0.6 BTC
    BTC ADDRESS IS: 1JBFJJSWS4Swktu9i5ktaBGqgFWkbrKsTZ

  14. Jason

    Add Rodolfo Romine to the list…

    ******** is one of your Password and now I will directly come to the point. You don’t know me whereas I know you and you’re most likely thinking why are you receiving this e-mail, right?

    I actually setup malware on sex vids (porn) and do you know what, you accessed same porn web site to experience fun (if you know what I mean). When you were busy watching videos, your web browser initiated functioning as a RDP (Remote Control Desktop) that has a backdoor which provided me with accessibility to your screen as well as your camera controls. Just after that, my malware collected your complete contacts from messenger, social networks, and mailbox.

    Exactly what did I do?
    It’s simply your bad luck that I got to know about your bad deeds. After that I gave in more days than I probably should’ve investigating into your life and prepared a double screen sextape. First half displays the recording you were viewing and other part shows the view of your web camera (its someone doing dirty things). Frankly, I want to delete about you and allow you to move on with your life. And I am going to provide you two options that will achieve it. Those two choices are either to ignore this e mail (not recommended), or pay me 0.55 BTC.

    What should you do?
    Let’s explore above 2 options in depth. Alternative one is to turn a blind eye to this mail. Let’s see what is going to happen if you take this option. I will, no doubt send your video to your contacts including relatives, co-workers, and so on. It doesn’t protect you from the humiliation you and your family will need to feel when friends and family learn your sordid sextape. Option 2 is to make the payment of 0.55 BTC. We’ll call it my “keep the secret charges”. Now Lets discuss what happens when you select this option. Your secret remains your secret. I will destroy the recording. After you send the payment, You move on with your routine life and family that none of this ever occurred. You will make the transfer through Bitcoin

    Amount to be sent: 0.55 BTC
    My BTC Address: 1GkeEkeDUEmsmrn8qchdQhW4nJLouxstGc

    Important: You now have one day in order to make the payment. (I have a unique pixel within this e-mail, and at this moment I know that you’ve read this email). If I don’t get the Bitcoin, I will certainly send your sextape to all of your contacts including friends and family, colleagues, and so on. however, if I do get paid, I will erase the video immediately. If you need proof, reply with “yes!” and I definitely will send your video to your 12 friends. It is a non negotiable one time offer, thus please do not waste my personal time & yours by replying to this message.

  15. Mohammed Bhayat

    Got the email too.

    From: Francesca Levin [mailto:zmhebertpj@outlook.com]

    BTC Address: 1NZiQSYCkVi81ZoX4vzzSbsb5UrVxNMzNd

  16. Matt

    Got one of them as well.

    From: Tory Tatem
    BTC ADDRESS IS: 16PksmRstbLUtrKnsh48ZL7HTkiVGr5coJ

    I know that, xxxxxx is one of your password and now I will cut to the chase. You do not know anything about me whereas I know alot about you and you are probably thinking why you’re receiving this e-mail, correct?

    I actually installed malware on adult vids (sexually graphic) and there’s more, you accessed same porn web site to have fun (you know what I mean). And while you were busy enjoying those videos, your device initiated working as a RDP (Remote Control Desktop) having a key logger which gave me accessibility to your device and also your web cam recordings. Right after that, my software program obtained your entire contacts from messenger, facebook, as well as email.

    Exactly what did I do?
    It’s just your hard luck that I came across your blunder. After that I put in more days than I should have looking into your life and prepared a two view videotape. First half shows the recording you were viewing and other part displays the recording of your web cam (it is someone doing nasty things). As a family man, I’m ready to delete exactly about you and allow you to move on with your daily life. And I will offer you two options that may achieve it. Those two choices are either to disregard this e mail (not recommended), or pay me 0.95 BTC to close this mattter for life.

    What should you do?
    Let us explore those 2 options in depth. First Choice is to ignore my email. Let us see what will happen if you opt this path. I will definately send your videotape to all your contacts including friends and family, co-workers, etc. It will not shield you from the humiliation your family will face when friends uncover your sordid videotape in their inbox. Wise Option is to send me 0.95 BTC. We will name it my “confidentiality charges”. Lets see what will happen if you choose this option. Your dirty secret Will remain private. I will keep my mouth mum. Once you you pay me my fees, I will let you continue on with your life and family like none of this ever occurred. You will make the transfer through Bitcoins

    Amount to be sent: 0.95 BTC
    BTC ADDRESS IS: 16PksmRstbLUtrKnsh48ZL7HTkiVGr5coJ

    Note: You now have one day to make the payment. (I’ve a unique pixel within this message, and now I know that you have read this email). If I do not get the BitCoin, I will certainly send out your videotape to all of your contacts including close relatives, colleagues, and so on. nevertheless, if I do get paid, I will destroy the sextape immediately. If you need evidence, reply with “yes!” and I definitely will send out your videotape to your 11 friends. It is a non-negotiable one time offer, thus please do not waste my time and yours by responding to this e mail.

  17. Mary

    Did they really recordt any video in any case? and what’s more, did they reqlly send any video to anyone?

  18. EB

    Got the email.

    Required Amount: 0.25 BTC
    Sender: Emanuel Slauch
    BTC Address: 1KjdborP7pogqmXpAP3naHbFHe7bCxGM5X

  19. Rich

    Senders Name: Roland McNeill
    Old password from gmail account

    Bitcoin address: 1Jcp4VE5DNBw5kYTJAZGUacdrCYYEq4Z1z

    Glad I found this page. Was a bit freak out when I saw my password in the email. Took me a minute to realize it was an old one. Mine wanted $7k….

  20. Christian

    Got one of those mails too, thing is I have never had an active webcam lol.

  21. Catherine Smith

    I got a version of this spam, as did several other people I know. The password in it is an old one I set up for an Amazon account. This makes me wonder if Amazon was hacked but hasn’t notified its customers.

  22. Erin

    BTC ADDRESS IS: 1B9U2jyKsArYTmHdaJsiw7mygyW2hpWBxo
    Sender: Otis Sozanski

  23. JG2

    Got the same email today too. Password was well more than ten years old and they asked for $2800.

    Looks like the amounts and the number of contacts they’re sending to are all over the place (I only have 5 friends).

  24. Gabby

    Got mine today! I did freak out for a second but then I remembered I haven’t owned a webcam since 2005.

    Salvatore Troutman kwsjuliolcf@outlook.com
    Amount to be sent: 0.55 BTC
    BTC ADDRESS: 1HQ1FnQGBesThwQQHi7vYWtnQgj3uKquzF

    I wish I had spare $4k
    I wouldn’t mind anything being leaked, ha.

  25. tl

    got 2 in the past 2 days. one asking for $7000 the other for $1500 bitcoin addresses –

    Yule Frayser
    BTC Address: 1DaH9zLht6i3guDST162JnQi7n1hfiy3A4

    Thomasin Moretta
    BTC Address: 1G8mqNYWmHgXYnT1idhLTRCKAbTvQo9xAj

    kinda hilarious as i’ve never surfed porn (golly gee whiz… i’m not a prude – but have better ways of entertaining myself)

  26. Alex Alborzfard

    Not sure if anyone’s still looking at this thread or cares, but there’s a web site you can report bitcoin addresses associated with scams. You have to register an account though, which is free.

    https://bitcoinwhoswho.com

Comments are closed.