Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.
The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:
“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.
The rest is formulaic:
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT
8V72
(It is cAsE sensitive, so copy and paste it)Important:
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.
However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.
It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.
I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.
Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.
Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.
According to the FBI, here are some things you can do to avoid becoming a victim:
-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.
The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).
Did anyone had their video sent to his contacts?
Got one today. Wanted .35 BTC ($2,897) LOL
“Jerald Sommers”: dhmheathwp@outlook.com
BTC ADDRESS: 1FovB1MBqLVhV9DzkJE5ycT13A2B41C2dk
I forwarded it on to these three phishing reporting address:
phishing-report@us-cert.gov
spam@uce.gov
reportphishing@apwg.org
Got the same email, looked and there was an IPCam extension installed in Chrome. Obviously deleted that. I have no web camera, and even if I did, I’d have tape over the lens unless I needed to use it.
I’m not so sure this is just from the LinkedIn databreach, the IPCam extension installed points to it being malware, and possibly pulling saved passwords from the browser.
Sender was ‘Benoit Siegrist.’
email address gmgnathannd@outlook.com
Demand was for $7,000 Bitcoin to this address
1HizCngPTCtbM4FDcGSFz3MzhVGcegyFW4.
Started with ” ______is your pass”. This is similar to a few of my passwords, but actually not one I can ever remember using.
Came at 8:43pm last night.
Notable that the English in the email sent to me is off/clumsy, but in some ways verbatim what others have received in the past couple of days.
Notable that it appears targets include women. Helpful to read this is likely automated.
Just received one:
hicyriliu@hotmail.com
Amount to be paid: 0.275 BTC
BTC ADDRESS IS: 1HxyowpDFuVKCsJcYRWCQVgzzhjPSpKYJn
Got one today as well – really freaked me out as I’ve never gotten any kind of email like this. Prompted me to change all my passwords, which I’ve been meaning to do anyway.
Rupert Demple
My BTC Address: 1GjkA499EiDuxygedF6P8NegPejVhJ1Nmy
Shena Kaul
marcosqahqh@outlook.com
1B4ox92miD4EJbL6CmJLkGFKnJYhs8vi8
Asking for $1900
Got one of these today:
From: Monty Flack
Date: Thu, Jul 26, 2018 at 11:42 AM
Required Amount: 0.85 BTC
BTC ADDRESS: 1KdaDgjXeWWWVb25DNAUH3A6dvu2idG4m2
Got one too:
Transfer Amount: 0.6 BTC
BTC ADDRESS IS: 13B75whgietWKYL1HNYdKv1KtQzUfaLuku
nlgeraldkl@hotmail.com
Received the below today:
… is one of your Password and now I will cut to the chase. You do not know me but I know alot about you and you’re probably thinking why you are receiving this mail, correct?
I actually installed malware on porn vids (porno) & there’s more, you accessed same sex website to have pleasure (you get my drift). While you were busy watching videos, your browser started working as a RDP (Remote Computer) that has a keylogger which allowed me accessibility to your display and your web camera recordings. After that, the malware obtained your entire contacts from social networks, and email.
Exactly what did I do?
It’s just your misfortune that I stumbled across your blunder. After that I put in more time than I probably should have exploring into your life and generated a double display video. First half shows the video you had been watching and second part displays the video from your webcam (its you doing naughty things). As a family man, I’m ready to delete exactly about you and allow you to get on with your regular life. And I will offer you two options that will accomplish it. The two alternatives are to either disregard this email (bad for you and your family), or pay me $ 1500.
What should you do?
Let’s investigate these 2 options in details. First Choice is to disregard this email. Let’s see what will happen if you pick this path. I definitely will send out your sextape to your entire contacts including family members, coworkers, etc. It doesn’t shield you from the humiliation your family will face when friends uncover your unpleasant sextape. Wise option is to pay me $ 1500. We will name this my “confidentiality tip”. let me tell you what will happen when you choose this option. Your dirty secret Will remain private. I will destroy the recording. Once you make the payment, You go on with your daily life and family that nothing like this ever happened. You will make the payment via Bitcoin (if you do not know this just search “how to purchase bitcoin” in search engine)
My BTC Address: 1GjkA499EiDuxygedF6P8NegPejVhJ1Nmy
(It’s case SENSITIVE, copy and paste it carefully)
Notice: You have one day to make the payment. (I have a unique pixel in this e-mail, and right now I know that you’ve read this message). You need not tell anybody what you will be using the bitcoin for or they might not sell it to you. The process to obtain bitcoins can take a day or two so do not procrastinate. If I do not get the BitCoins, I will send your video recording to all of your contacts including friends and family, coworkers, and many others. nevertheless, if I receive the payment, I’ll erase the sextape immediately. If you really want proof, reply with “yes!” and I definitely will send out your sextape to your 14 friends. It is a non-negotiable one time offer, so kindly don’t ruin my time & yours by responding to this e mail.
As a follow up to the many people asking the question about whether any video was released after the 24 hour period expired…NOPE.
Received one today.
From Tuan Atan gatmilanvhi@hotmail.com
Thu 7/26/2018, 4:24 PM
Amount to be sent: 0.85 BTC
BTC ADDRESS: 1GiUdXhgyCPwz7Q4KJDkss9nsvs8SXZi5g
Got one today from
Franni Rozen
BTC Address to send to: 1HoQKUZ4v3tmi7FSiKayfarT8U5mqt5jC1
Transfer amount $7000
They sent to one of mu email accouint but with an old password. Anyway it really freaked me out. i d never received some kind of mail.
I received this email today. However the password mentioned is still being used on other accounts. Don’t know if this means the password to my email or what? Since he mentions my contacts, must me my email account. Anyway, I don’t have a webcam and I’m 66 and don’t watch porn! These things do kind of freak me out though as I’m always careful what I do online. The guy that emailed me is Tim Teeter, not very creative, lol.
My wife got scam email today. She forwarded it to me and I immediately came here only to be relieved that it’s common amongst people and not to worry. I see people saying it’s passwords from the LinkedIn breach.
Amount to be sent: $3200
I guess we’ll skip sending the money and listen to the advice and “…go on with your routine life as if nothing ever occurred. “
Thx for info, very usefull,
I was fearing to give 50% credit to this blackmail being half true…most of all bacuse being written plane english and showin reasonable content , even if based of old passw of somewhat i don’t remeber!
tnx again
Alberto
My wife got this exact email today and showed it to me because I’m “the techie”. It didn’t seem legit, but I thought I’d search to see if this was a known scam, and this article was the first hit! Great job getting the info out there, guys! Interestingly, it seems my wife got lucky with one of the smallest demands reported: $1000.
Got the same email, asking for $1.2K
I received this just today:
xxxxxxxxxxx is one of your secret password now Lets get straight to the point. You do not know anything about me whereas I know alot about you and you must be wondering why are you receiving this email, correct?
I actually setup malware on adult vids (pornographic material) and do you know what, you accessed same sex website to have pleasure (you get my drift). When you were busy watching videos, your system began functioning as a RDP (Remote Computer) that has a backdoor which provided me with accessibility to your device and your webcam recordings. Immediately after that, the malware gathered your entire contacts from messenger, fb, as well as e-mail.
Exactly what have I done?
It is just your hard luck that I noticed your misdemeanor. Next, I put in more time than I probably should have exploring into your data and created a two screen video. 1st half displays the video you had been viewing and next part shows the view from your cam (its someone doing nasty things). Frankly, I’m ready to destroy everything about you and let you move on with your regular life. And I am about to offer you a way out that may accomplish your freedom. These two alternatives are either to turn a blind eye to this message (not recommended), or pay me 0.35 BTC.
Exactly what should you do?
Let us investigate those two options in details. Alternative one is to turn a blind eye to this email message. Let us see what will happen if you pick this option. I will definately send out your videotape to all of your contacts including friends and family, co-workers, and so on. It won’t protect you from the humiliation your self will feel when friends uncover your unpleasant sextape. Wise Option is to pay me 0.35 BTC. We’ll call it my “privacy tip”. Lets discuss what will happen if you go with this choice. Your dirty secret Will remain your secret. I’ll keep my mouth silent. After you you pay me my fees, You go on with your daily life and family that none of this ever occurred. You will make the transfer via Bitcoin
My BTC Address: 17bR2ApE34vJVmQ6B59aEDg4VxwCA4wurU
Note: You have one day to make the payment. (I have a specific pixel in this email message, and at this moment I know that you have read this email message). You should not tell no one what you will be transferring the bitcoin for or they will often not provide it to you. The task to acquire bitcoins can take a day or two so do not delay. If I do not receive the BitCoin, I will definately send your video to all of your contacts including friends and family, colleagues, and so forth. however, if I do get paid, I’ll destroy the sextape immediately. If you really want evidence, reply with “yes!” and I will send out your video recording to your 13 contacts. It is a non-negotiable offer, thus kindly do not waste my personal time & yours by replying to this message.
Sounds like some of you know more about this, but I’m with the folks here that want to know if this should be ignored, or if it’s really true what is said in the email.
I just got the same email and sent him an email back telling him I would turn this over to the state’s Attorney General’s office. I told him that I’m sure they would be happy to research this. I probably shouldn’t have responded but I did. I am going to change all my passwords which will take an entire day because I have so many.
Well, received my second such email within a week, last time wanted USD1,000, this time USD2,900.
Forwarded to UK police @ NFIBPhishing@city-of-london.pnn.police.uk
Needless to say, I’m not paying
I received this same email from Melesa Hadi with bitcoin # 1EcKBqGw3khpTx3T2ngLfXmgTGoaocuG59
Hope no one pays it! If anyone knows how to check it…..
Lets get right to the purpose. There is no one who has paid me to investigate about you. You may not know me and you are most likely thinking why you are getting this email?
Let me tell you, I installed a malware on the 18+ vids (sexually graphic) web-site and guess what, you visited this site to experience fun (you know what I mean). When you were watching video clips, your browser started working as a Remote control Desktop having a keylogger which provided me with accessibility to your display screen as well as web camera. after that, my software collected your entire contacts from your Messenger, Facebook, as well as email . After that I created a video. 1st part displays the video you were watching (you’ve got a good taste lol), and 2nd part shows the recording of your web camera, yea it is you.
You actually have not one but two solutions. We should analyze these possibilities in aspects:
First alternative is to just ignore this e-mail. In this scenario, I most certainly will send your very own video to each one of your personal contacts and thus think regarding the humiliation you feel. And consequently should you be in an intimate relationship, how it will affect?
In the second place solution is to pay me $1000. Let us regard it as a donation. In this case, I will immediately remove your video footage. You can keep going your daily life like this never occurred and you will not hear back again from me.
You will make the payment by Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google search engine).
BTC Address to send to: 1EcKBqGw3khpTx3T2ngLfXmgTGoaocuG59
[case-sensitive copy & paste it]
If you are planning on going to the police, very well, this message can not be traced back to me. I have covered my actions. I am not attempting to charge a fee a whole lot, I just like to be rewarded. You have one day in order to pay. I have a specific pixel in this e mail, and now I know that you have read through this email. If I don’t get the BitCoins, I will, no doubt send out your video to all of your contacts including family members, colleagues, and so on. However, if I receive the payment, I will erase the video right away. If you want evidence, reply Yea! then I will send out your video recording to your 6 friends. This is a nonnegotiable offer, and thus do not waste mine time and yours by replying to this message.
I received the same email today BT address
1Gx5amRiY47Qw5eM6r1ndR11sehDmEX9QW
today received the same mail. it’s sad because i use password what i recieve in this mail, on another platform. say me please – didi you receive second mail from this guy?
Did anybody of you answerer “Yep” and had an answer back? Does that video really exist? Thank you
I received mine yesterday.
A very old Gmail already known leaked password in the subject.
Exact same message word by word.
Sender: Xavier corkern
Required Amount: 0.125 BTC
BTC ADDRESS IS: 13FwvijHMnZJtGETj4cSEGysYxBZKvndnu
Just got one too :
I am well aware xxxxx is your passphrase. Lets get directly to the purpose. There is no one who has paid me to investigate you. You may not know me and you are most likely wondering why you’re getting this e mail?
Let me tell you, I actually setup a malware on the adult vids (sex sites) web site and do you know what, you visited this site to experience fun (you know what I mean). When you were viewing video clips, your web browser began operating as a RDP that has a keylogger which provided me with accessibility to your display as well as webcam. Just after that, my software program gathered your complete contacts from your Messenger, Facebook, as well as email . After that I made a double video. 1st part displays the video you were watching (you have a fine taste ; )), and next part displays the view of your web cam, & it is you.
You have not one but two solutions. Why dont we read the options in aspects:
1st solution is to dismiss this message. In this situation, I most certainly will send your video to every single one of your contacts and also just think concerning the embarrassment you will see. Or if you happen to be in an intimate relationship, just how it will affect?
2nd choice should be to compensate me $1000. Lets describe it as a donation. In this scenario, I will quickly eliminate your video recording. You will carry on with your way of life like this never happened and you never will hear back again from me.
You will make the payment via Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google).
BTC Address to send to: 1C3zWQbPwrBmvBw7wAgTbi61JQAso22W11
[case sensitive copy and paste it]
In case you are making plans for going to the law, look, this email message cannot be traced back to me. I have taken care of my moves. I am just not attempting to charge you a whole lot, I simply want to be compensated. I have a specific pixel in this email, and now I know that you have read through this email. You now have one day in order to pay. If I do not receive the BitCoins, I will send your video recording to all of your contacts including friends and family, coworkers, etc. However, if I do get paid, I’ll erase the recording right away. It is a non-negotiable offer, and so do not waste my personal time and yours by responding to this message. If you really want evidence, reply with Yeah & I definitely will send out your video to your 5 friends.
Also received the same email, ransom $7000 in Bitcoins
Also received the same email
BTC ADDRESS IS: 19SR3RKdgkHBc3ybYJ2ZmsYAP4eto5Yv8D
I know that————is your password and now I won’t beat around the bush. You don’t know me however I know alot about you and you are probably wondering why are you receiving this e-mail, correct?
I setup malware on sex video clips (sex sites) and there’s more, you visited this adult website to have pleasure (know what I mean?). While you were watching video clips, your device started out operating as a RDP (Remote Control Desktop) that has a backdoor which allowed me accessibility to your display and your web camera recordings. After that, the software program obtained every one of your contacts from messenger, fb, and email.
Exactly what have I done?
It’s simply your misfortune that I came across your misadventures. I then invested in more days than I should’ve exploring into your data and made a double-screen videotape. 1st half shows the recording you were viewing and 2nd half shows the recording from your web camera (it is someone doing naughty things). Wholeheartedly, I am ready to destroy exactly about you and allow you to get on with your daily life. And I am going to give you a way out which will make it happen. The two choices are to either turn a blind eye to this e mail (bad for you and your family), or pay me 0.32 BTC to end this topic for life.
What can you do?
Let’s understand those two options in more depth. First Choice is to turn a deaf ear this email message. Let us see what is going to happen if you pick this path. I will certainly send out your video recording to your entire contacts including family members, co-workers, and so on. It will not shield you from the humiliation your self will ought to face when friends and family find out your dirty video. Option 2 is to send me 0.32 BTC. We’ll call this my “privacy charges”. Lets discuss what will happen when you pick this path. Your little secret remains your secret. I’ll delete the recording. Once you you pay me my fees, You continue on with your lifetime and family that none of this ever happened. You’ll make the transfer through Bitcoins
BTC ADDRESS IS: 19SR3RKdgkHBc3ybYJ2ZmsYAP4eto5Yv8D
Note: You have one day in order to make the payment. (I have a specific pixel within this e mail, and at this moment I know that you’ve read this e mail). Don’t tell anyone what will you be sending the bitcoin for or they might not provide it to you. The method to get bitcoin will take a few days so do not wait. If I do not receive the BitCoins, I will definitely send out your video to all of your contacts including family members, co-workers, and many others. nonetheless, if I do get paid, I will erase the videotape immediately. If you need proof, reply with “yes!” and I definitely will send your sextape to your 12 friends. It is a non-negotiable one time offer, thus kindly don’t waste my time and yours by replying to this email.
I was so freaked out
In my case the scam mail include the right amount of contacts of my webmail account address book.
_recording to your 6 contacts._
How it’s possible?! Thus, the attacker would at least have had access to the webmail mailbox to receive this information.