Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.
The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:
“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.
The rest is formulaic:
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT
8V72
(It is cAsE sensitive, so copy and paste it)Important:
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.
However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.
It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.
I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.
Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.
Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.
According to the FBI, here are some things you can do to avoid becoming a victim:
-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.
The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).
Like others, I received this email. Mine asked from 2700. The password was an accurate one previously used. Where.. I’m not too sure. I’d stopped using that password several years back. Nevertheless, I promptly deleted the email as it was obviously a scam.
Can confirm I got one as well, with an old password.
It’s from a LinkedIn password repository that they got in 2012.. Don’t fall for this stuff. Delete and move on about your day.
I just received this on my work email, from a Thunderbird email account also. It was a valid password from about 10 years ago, and I dont think I am still using it anywhere at all (maybe an old yahoo email group or list for business.) I am changing all my current passwords again, just in case. and since this is a work email am reporting it to my company. I am forwarding to FBI’s scam email address, and a couple of other things. It is a very frightening email to get, even when you know you haven’t done anything wrong.
Mine is from “Cornelius Apte” (atkentonuza@hotmail.com). Nice try, jerks.
Received the “I will come to the point..” similar to Frank Cabs above.
Name: JacInto Goodrich, oynburtri@hotmail.com
Price 2900
Received “This is your bad luck” with all the threats and asked for $1,200 in bitcoin. The password cited was old but still used in variations so scary. Is there anything to do other than just change passwords? We reported it to Comcast with the headers to their abuse@comcast.net
Mine came today from “Del Gravenor.” sfmaxwellqiz@hotmail.com. $3600. Pretty sure it’s an old LinkedIn pw.
Bitcoin address: 1MvRJtdWr7tf12LQGwYnAJzgYeaS9xEBt9
Ditto, it was my custom LinkedIn email address (I use catch-alls so I can identify the source of spam) and the password I used there when it was compromised.
I got one today.. it was using my password for LinkedIn. I use different passwords on every site, so I think this came from a LinkedIn hack…
I got the same email today, very convincing except for the very old password from a pawned database :-/
I read the source code of the email and there’s absolutely no “invisible pixel” in the email. There’s also no code in the email to display an image (or so a 1x1x pixel image)
Found 2 IPV6 addresses in the email body:
2002:a4f:f545:: Finland
2002:a63:8648:: Finland
Both are pointing to servers from Finland according to https://www.iplocation.net/
Email providers should be warned of these emails beacause I’m pretty sure their scam is going to pay :
“I will cut to the chase. I am aware XXXXXXXXX is your pass word. More importantly, I know your secret and I’ve evidence of your secret. You don’t know me and nobody paid me to investigate you.
It’s just your misfortune that I discovered your bad deeds. In fact, I installed a malware on the adult videos (sexually graphic) and you visited this website to have fun (you know what I mean). While you were busy watching video clips, your internet browser started out functioning as a Rdp (Remote control desktop) with a key logger which provided me with accessibility to your display screen and also cam. Right after that, my software gathered every one of your contacts from your social networks, as well as mailbox.
After that I put in much more time than I should have looking into your life and generated a double screen video. First part shows the recording you had been viewing and next part displays the view of your web cam (its you doing inappropriate things).
Frankly, I am ready to forget exactly about you and let you move on with your regular life. And I am about to offer you two options that will make it happen. Those two option is with the idea to ignore this letter, or simply pay me $2700. Let us investigate above 2 options in more details.
Option 1 is to ignore this mail. Let me tell you what is going to happen if you choose this path. I will, no doubt send your video to all your contacts including relatives, colleagues, and so on. It won’t save you from the humiliation you and your family will ought to face when relatives and buddies find out your sordid videos from me.
Other Option is to make the payment of $2700. We will name it my “confidentiality fee”. Now let me tell you what will happen if you pick this choice. Your secret remains your secret. I’ll erase the video immediately. You continue on with your routine life like nothing like this ever happened.
[…]”
I received a similar email today, that came from an outlook email address. I´m reading many people received the same email today, but was wondering if in fact anyone´s “screenshots” have been published in the past or we are completely sure this is just a scam.
Thank you!
Exact same e-mail. $ 2700 the ask.The password was off by one letter. As I dont have an attached webcam on the computer and there arent any “scenes” to display that calmed me somewhat.
Just as a precaution I decided to change my e-mail password. We should do that anyways. Maybe overeaction.
I copied a segment of the text and pasted it to google and came across sites like this that confirmed I dont have any worry.
So many e-mails also from people who I barely know with something they want to show me.Just click on this link! These get the delete and then delete from the deleted folder.
Thank you for the informative article. I received this exact email today and it was very unsettling. Glad to read this and know that it is not the end of the world.
Phew! That’s so good to hear….
Got one from sromichealvw@hotmail.com
Asshole got me worried for a few minutes.
Just received this email today, I did read through it a few times and started to notice the lack of consistency in the message which lead me to believe it’s BS.
What really gave it away was the fact that the person says getting bitcoin will take a few days but only gives 24 hours to deliver the money…OR ELSE!!!
Getting phishing emails is always a good reminder that it’s time to change my passwords.
just got this email. whats creepy is they do have a password I use to use many years ago. but my webcams have tape over them. looks like the email comes from kiolliefkp@outlook.com but that is probably fake I would image. how can I report this email to microsoft or the authorities?
I received the exact same email with a request for $4,000.
Just got this one this afternoon. They had a correct but outdated password from my email account and that was the subject line of this message. I will be forwarding this to the FBI for sure. Scum bags!!!
Let’s get straight to the point. I do know ****** is your pass word. Most importantly, I’m aware about your secret and I’ve evidence of your secret. You do not know me and no one hired me to look into you.
It’s just your bad luck that I found your bad deeds. In fact, I actually installed a malware on the adult vids (pornographic material) and you visited this website to experience fun (you know what I mean). While you were watching videos, your browser initiated working as a Rdp (Remote desktop) having a key logger which gave me accessibility to your display as well as cam. Just after that, my software collected your entire contacts from your messenger, social networks, as well as mailbox.
After that I put in much more time than I probably should have digging into your life and made a double display video. First part shows the video you had been viewing and next part displays the view of your cam (its you doing inappropriate things).
Frankly, I am willing to forget all information about you and let you move on with your regular life. And my goal is to present you two options that can accomplish that. The two choices either to ignore this letter, or just pay me $ 3200. Let us understand above two options in more detail.
Option One is to ignore this email. You should know what is going to happen if you choose this path. I definitely will send your video recording to all your contacts including relatives, coworkers, and so on. It does not protect you from the humiliation your self will ought to feel when relatives and buddies uncover your unpleasant details from me.
Other Option is to pay me $ 3200. We will name this my “privacy fee”. Now let me tell you what happens if you choose this choice. Your secret will remain your secret. I’ll delete the recording immediately. You continue on with your routine life as if none of this ever occurred.
At this point you may be thinking, “I’m going to report to the cops”. Let me tell you, I have taken steps to ensure that this e mail can’t be tracked to me plus it will not prevent the evidence from destroying your life. I’m not seeking to steal all your savings. I am just looking to be paid for my time I place into investigating you. Let’s hope you decide to create pretty much everything go away and pay me my confidentiality fee. You will make the payment by Bitcoin (if you do not know this, type “how to buy bitcoins” on google search)
Amount to be paid: $ 3200
Send To This Bitcoin Address: 1AmK*SjfSDUnL9JmmYiEuMJTLNcNJDFxPi (Delete * from it then copy and paste it)
Expalin no one what you should be utilizing the Bitcoins for or they might not provide it to you. The procedure to acquire bitcoins usually takes a couple of days so do not put it off.
I’ve a specific pixel in this message, and at this moment I know that you’ve read through this message. You have one day to make the payment. If I don’t receive the BitCoin, I definitely will send out your video to all of your contacts including close relatives, coworkers, and so on. You better come up with an excuse for friends and family before they find out. Nonetheless, if I receive the payment, I will erase the recording immediately. It is a non-negotiable offer, thus do not ruin my personal time & yours. The clock is ticking. You should know that my malware will be sharing the actions you adopt when you find yourself done reading this message. Frankly, If you try to act smart then I’ll send out your sextape to your friends and family, colleagues before your time ends.
I received an sextortion email today from a Larry Hollyer also requesting $8050 and if I don’t embarrassing screen shots will be sent to my contact list and social media accounts. He also said don’t tell anybody or call the police. I will be reporting this .
got mine today. its creepy they have a password I used many years ago. they wanted 0.7 BTC.
forward the email to abuse@outlook.com
This was my response:
Tuesday, July 31, 2018
From: Wuzisname
Subject: Video offer
Dearest Aaron Morgan
I will cut to the chase. I was so excited to hear from you and get this news. I couldn’t video myself masterbating to animal porn because I don’t know how to make the video work on my PC.
I know that you have a great video of me fucking your mom’s loose, but comfy ass. Most importantly, I’m aware about your skills and this email is proof of this. You don’t know me but we can become great friends!
It’s just your good luck that I discovered your email. Because, Well I actually have a counter offer. Because I don’t have a webcam and you have these amazing ninja skills and were able to record my dirty deeds done with sheep, I was hoping you would sell me that video for 20.00 bucks? All my friends and family are willing to pay me a watching fee and I will even kick back 1% of all revenues to you ( in bitcoins of coarse). After that I will be making more porn movies and doing all the “work” and paying the overhead fees ( food for the sheep and farm animals that I have sex with).
You have some options:
Option 1: Take the deal and we become great partners in the porn industry.
Option 2: Send you mom to me and I will have my sexapades with her and the Farm animals, I know I know, your mom already has sex with animals, but I am also willing to pay you an extra 1% of all revenues! That’s a whole 2% and you get to watch your mom fuck the same animals she did at home but here with me and my family and friends all joining in all in HI DEFINITION!!!!.
Option 3: Forget about all this , get a life, and get your mom some therapy and I forward your email to the FBI and interpol.
Please let me know ASAP!
Just got the same email as all of the above.
Bitcoin address;
Amount to be sent: $ 3200
Send To This Bitcoin Address: 1D*SR2dWUmhphoZNrKANX1a1Q8v4T1UmkdU (You need to Edit * from it and copy and paste it)
Dont mean to be repetitive but I also received this exact same email today. While I understand it is a Scam, is the best option just to ignore? How can I be sure nothing will happen? Thanks!
I received the same type email asking for 1.25 bitcoins ($10,000). Um, I don’t look at porn and have a cover over my webcam. However, the email did make me freak out a little! I do feel better now after reading this 🙂
I got exactly what everyone got. Freaked me out. I plan to notify the FBI.
I got that same one today!!! It’s scary even though I am not on any websites like that. I will be changing my email addresses. The one interesting twist here is I got a phishing email on my LINKEDIN acc
Got identical today.
Chicago police 911 will transfer to scam unit, take info and assign case number with detective followup.
Didn’t hesitate to call it in.
Years old password was scary.
Think I’ll do a password update all around.
Just got one of these today, so the dweeb running this is still at work. The password listed is roughly 15 years old. The funny part about the whole thing is the “we have webcam footage of you!” claim. I do not now nor have I ever had a webcam. The other funny part is that the email refers to looking at porn as a”misdemeanor.”
I never would have noticed this scam email except that I was expecting an important email today and checked my spam folder to see if it accidentally got caught up in there. When I saw my really, really old password in the subject line, it peaked my suspicion. However, that soon fell apart after it became increasingly ridiculous.
Here is the email I received this afternoon.
REDACTED is your secret password now I’m going to cut to the chase. You don’t know anything about me however I know alot about you and you must be wondering why you are getting this e mail, correct?
I actually placed malware on porn vids (porn material) and guess what, you accessed this adult web site to have pleasure (if you know what I mean). While you were busy watching video clips, your device started functioning as a RDP (Remote Control Desktop) with a backdoor which allowed me access to your device and also your camera access. Just after that, the malware gathered all of your contacts from social networks, and e-mail.
What did I do?
It’s simply your hard luck that I came across your misdemeanor. After that I gave in more days than I should have exploring into your life and generated a double display sextape. 1st half displays the video you were watching and second part displays the recording from your web cam (its someone doing naughty things). In good faith, I am willing to delete about you and allow you to get on with your life. And I will give you two options which will achieve it. The two options are to either ignore this email (bad for you and your family), or pay me 0.7 BTC to close this topic forever.
What can you do?
Let us understand those 2 options in more details. First Choice is to turn a blind eye to my message. Let’s see what is going to happen if you choose this option. I will certainly send your videotape to your entire contacts including members of your family, co-workers, and so on. It won’t protect you from the humiliation your household will ought to face when family and friends find out your unpleasant videotape from me. Wise Option is to send me 0.7 BTC. We will name this my “confidentiality charges”. Now let me tell you what happens if you go with this path. Your secret remains your secret. I will keep my mouth closed. After you you pay me my fees, I will let you keep your routine life and family that none of this ever happened. You will make the payment via Bitcoin
Transfer Amount: 0.7 BTC
BTC ADDRESS: 1PbMhf*pmMV447TQSp4wA9bCEppAMU74VM9
(Keep in mind that you need to Edit * from this address and copy and paste it)
Note: You now have one day to make the payment. (I’ve a special pixel within this email message, and at this moment I know that you’ve read through this mail). If I do not receive the BitCoins, I will definately send out your video to all of your contacts including friends and family, co-workers, and many others. nevertheless, if I receive the payment, I will destroy the video immediately. If you need proof, reply with “yes!” and I definitely will send your video recording to your 11 friends. It’s a non negotiable offer, thus do not waste my time and yours by responding to this message.
i also received yesterday:
xxx is your password and I will directly come to the point. You do not know anything about me but I know you very well and you must be thinking why are you getting this email, right?
I actually placed malware on adult vids (pornography) and guess what, you accessed same porn website to experience fun (know what I mean?). When you were busy watching video clips, your device initiated working as a RDP (Remote Desktop Protocol) that has a keylogger which gave me access to your device as well as your web cam controls. Right after that, my software gathered your complete contacts from your messenger, social networks, and mailbox.
What I want?
It’s just your misfortune that I came across your blunder. After that I invested in more days than I probably should’ve looking into your life and made a split view videotape. 1st part shows the video you had been watching and second half displays the video from your web camera (its you doing nasty things). Honestly, I want to destroy all information about you and allow you to get on with your regular life. And I am about to offer you two options that will accomplish it. The two choices are either to turn a deaf ear to this message (bad for you), or pay me 0.65 BTC.
What should you do?
Let’s explore these 2 options in more details. Alternative one is to turn a deaf ear this email. Let us see what will happen if you opt this option. I will definately send your sextape to all of your contacts including close relatives, co-workers, and many others. It does not save you from the humiliation you and your family will feel when friends and family discover your sordid video from me in their inbox. Wise option is to make the payment of 0.65 BTC. We will call this my “privacy fee”. Now let me tell you what happens if you select this option. Your naughty secret remains private. I’ll destroy the videotape. After you pay, You can freely move on with your daily life and family that nothing like this ever occurred. You will make the payment by Bitcoins
Amount to be sent: 0.65 BTC
My BTC Address: 18o3TS*7gyFhJHKgZb9A7cePMjdUtkgLXYy
(You already know that you must Edit * from this string then note it carefully)
Notice: You have one day to make the payment. (I’ve a specific pixel within this e-mail, and now I know that you have read this message). If I do not receive the BitCoin, I will send your video to all of your contacts including relatives, coworkers, and many others. having said that, if I do get paid, I will erase the videotape immediately. If you really want proof, reply with “yes!” and I will send out your videotape to your 15 contacts. It is a non negotiable offer, so please do not waste my personal time & yours by replying to this email.
i send copy of that email to cyber crime police dep uk
I received a variant of the emails mentioned here.
The subject had Ticket# followed my email address, then “I’ll_probably_get_your_attention_with_this_letter”. I didn’t paste it here due to utf-8 formatting in the subject line doesn’t translate here. There was no mention of a password like there has been in other emails by commenters here.
The bc wallet is 1Pak7ZQeq4RCJtEcwnibkHc83f9M8KCcM6 with a current balance of 0.
The email header didn’t have the usual outlook strings mentioned in other posts here and this is the single ‘Received line’ in the header:
Received: from swttlk.com ([37.139.6.145])
which resolves to a DigitalOcean addr block registered in Holland. The .com address doesn’t seem to exist, the sender claims to be German and apologizes for his grammer (I didn’t notice anything odd in the grammer). The text varies considerably from what I’ve read here but the contents are essentially the same regarding malware, webcam, & contact list, and BTC payment €440.
From: Tomas Mitten [mailto:tfricktr@hotmail.com]
Sent: Monday, July 30, 2018 7:13 PM CEST
Amount to be paid: $ 3600
Receiving Bitcoin Address: 1JiJ*rDvQxxE9gWthBjthEPVUkkWeHkT8wy (You need to Edit * from this address then copy and paste it carefully)
From: Truman Boezi [mailto:toeerwinjy@hotmail.com]
Sent: Monday, July 30, 2018 5:33 PM
Amount to be sent: $ 2600
Bitcoin Address to Send: 12VAKdZAW2e*Mz4P6Q1S3Z7iRqCPKabMvfZ ( You need to Remove * from it then note it carefully)