12
Jul 18

Sextortion Scam Uses Recipient’s Hacked Passwords

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.

The rest is formulaic:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).

Tags: , ,

1,076 comments

  1. I received 2 of these this week in my junk email. Same as everyone else with different amount of Bitcoin. The second email had reduced the amount by $700 ! First one named Ted P 2nd is Doug Hwu . I have blocked the emails and warned my connections . The password was also an old one. I did change all my passwords on every account after receiving the email.

  2. I got one of these yesterday, old LinkedIn password and same boilerplate w/substitutions. Different Bitcoin address. Sent from a generated Outlook address. Makes no reference to LinkedIn or any other specific site.

    Like many here the message claims in the last paragraph to contain a tracking pixel, but on examination it has no inline images at all.

    I don’t allow mail clients to retrieve remote resources so it would have been moot, but I’m curious whether anyone finds a real tracking pixel. I expect there are none, since it would give another vector back to the would-be extortionists.

    Coincidentally I received a spoofed LinkedIn alert a few days ago telling me of a supposed blocked login to my LI account, with a phishing link. Unconnected I think.

    • I received a similar threat yesterday night (UK time), and interestingly I had been looking at LinkedIn earlier in th day, having not accessed it for probably four months or more. Could there be a connection?

  3. Same exact email, except mine at the end said “since i’m tracking you, don’t go looking on google about this”
    LOL…

  4. I also received two emails, one on Monday the other on Wednesday that I am just now seeing. Both in my junk mail, so I missed my 24 hour deadline. Twice.

    Y’all are getting off easy (no pun intended) my first “ransom” was $8,070 and my second was $1,900.

  5. I freaked out when I got this email especially since it went to my work email! Here is the full email.

    From: Avery Daveiga
    Sent: Thursday, August 2, 2018 3:51 PM

    I’m going to cut to the chase. I know ***** is your pass word. Moreover, I know your secret and I have evidence of this. You don’t know me and no one employed me to look into you.

    It is just your bad luck that I discovered your misadventures. Actually, I setup a malware on the adult videos (porn material) and you visited this website to experience fun (you know what I mean). While you were busy watching videos, your browser started out operating as a Rdp (Remote control desktop) having a key logger which gave me access to your display and webcam. Immediately after that, my software collected your complete contacts from your messenger, facebook, as well as mailbox.

    After that I gave in more hours than I should have looking into your life and generated a double-screen video. 1st part shows the recording you had been watching and other part displays the recording from your web camera (its you doing dirty things).

    Frankly, I’m ready to forget exactly about you and allow you to continue with your life. And I am going to offer you 2 options that will accomplish that. The above option is either to ignore this letter, or simply pay me $ 2250. Let’s investigate above 2 options in more detail.

    Option 1 is to ignore this e-mail. Let us see what is going to happen if you take this option. I will certainly send out your video recording to all of your contacts including relatives, colleagues, etc. It does not help you avoid the humiliation your self will must feel when friends and family discover your dirty videos from me.

    Second Option is to send me $ 2250. We will call it my “privacy fee”. Now lets see what happens if you choose this option. Your secret will remain your secret. I’ll erase the video immediately. You continue on with your routine life that none of this ever occurred.

    At this point you must be thinking, “I will call the cops”. Without a doubt, I have covered my steps to ensure that this e-mail can’t be tracked back to me plus it won’t stay away from the evidence from destroying your lifetime. I’m not trying to dig a hole in your pocket. I am just looking to be compensated for the time I put in investigating you. Let’s assume you have chosen to create this all disappear completely and pay me my confidentiality fee. You’ll make the payment by Bitcoin (if you do not know this, type “how to buy bitcoins” in google search)

    Amount to be paid: $ 2250
    Send To This Bitcoin Address: 1G8KVdvtaRd*KviRjvrDDAEWPQpFRPdscV8 (You need to Remove * from this address then note it)

    Tell no-one what will you be utilising the Bitcoins for or they possibly will not sell it to you. The procedure to acquire bitcoin can take a short time so do not delay.
    I’ve a specific pixel within this message, and at this moment I know that you’ve read this e mail. You now have 2 days in order to make the payment. If I don’t get the BitCoin, I definitely will send out your video recording to your contacts including relatives, coworkers, and so forth. You better come up with an excuse for friends and family before they find out. Nonetheless, if I receive the payment, I will destroy the video and all other proofs immediately. It is a non negotiable one time offer, thus kindly don’t ruin my time & yours. Your time has started. Let me tell you, my malware will definitely be recording what action you take when you are done reading this message. Let me tell you If you do something inappropriate then I will have to send your videotape to your members of your family, co-workers before your time ends.

    • i got the exact same email on 28/07/18. i absolutely shat myself when i received it. thank god it’s hopefully just a scam

    • Me too! It was somewhat disconcerting but I knew they had nothing on me. Wasn’t cool to see a 10 year old password tho. I think LinkedIn is where they’re getting these. I hate LI.

  6. LOL got this too today. Actually it was in SPAM. Usually I just delete SPAM mail without even reading it, but today, since it was the only message , I read it.

    They had a correct password, but one I used for some dumb websites

    Bombastically I had the same message and I think amount as “No Victim”, same bad grammar hehe

    I just deleted the message.

  7. Seems like we’ve all received such emails (twice this week) with different amounts. Below is the second one that i got:

    Young Zulueta
    Aug 1 (2 days ago)
    to me

    It is just so unfortunate. I do know ********** is your password. Most importantly, I know your secret and I’ve evidence of your secret. You do not know me and no one employed me to examine you.

    It is just your misfortune that I discovered your blunder. Let me tell you, I placed a malware on the adult video clips (adult porn) and you visited this web site to experience fun (you know what I mean). While you were busy watching video clips, your internet browser started out operating as a Rdp (Remote control desktop) that has a key logger which gave me access to your screen and also cam. Just after that, my software program collected your entire contacts from messenger, fb, as well as email.

    After that I put in more time than I probably should’ve exploring into your life and made a two view video. First part shows the recording you were viewing and next part displays the view of your web camera (its you doing inappropriate things).

    Honestly, I’m ready to forget exactly about you and allow you to move on with your daily life. And I am about to present you two options which will achieve that. These two choices are to either ignore this letter, or perhaps pay me $7050. Let’s examine these two options in details.

    First Option is to ignore this message. Let me tell you what will happen if you opt this path. I will certainly send out your video to all your contacts including friends and family, coworkers, etc. It won’t protect you from the humiliation your family will face when family and friends find out your sordid videos from me.

    Option 2 is to make the payment of $7050. We’ll name it my “confidentiality fee”. I will explain what will happen if you pick this path. Your secret will remain your secret. I’ll erase the video immediately. You move on with your lifetime as if nothing ever occurred.

    At this point you may be thinking, “I will call the cops”. Without a doubt, I have covered my steps in order that this mail can’t be linked back to me also it won’t steer clear of the evidence from destroying your lifetime. I’m not looking to dig a hole in your pocket. I am just looking to get paid for efforts and time I put into investigating you. Let’s hope you decide to make pretty much everything disappear and pay me my confidentiality fee. You’ll make the payment through Bitcoin (if you don’t know how, type “how to buy bitcoins” on search engine)

    Amount to be sent: $7050
    Bitcoin Address to Send: 176xWHadYbQ*kTH1kWF5HcazXbeeuVA1vCV (You need to Edit * from it then note it)

    Share with no-one what you would be utilizing the bitcoin for or they possibly will not sell it to you. The procedure to have bitcoins usually takes a couple of days so do not procrastinate.
    I have a specific pixel in this mail, and at this moment I know that you have read this email message. You have two days in order to make the payment. If I do not get the Bitcoins, I definitely will send out your video to your contacts including close relatives, colleagues, and many others. You better come up with an excuse for friends and family before they find out. Having said that, if I receive the payment, I will erase the proof immediately. It’s a non-negotiable one time offer, thus kindly do not waste my personal time and yours. Your time has started. Well, my malware will definitely be keeping tracking of the actions you’re taking when you’re done reading this letter. Swear to god, Should you choose something suspicious then let me share your video to your friends and family, coworkers before time finishes.

  8. Got one today as well.
    From Clint Lilley rramarcusgs@hotmail.com
    Amount to be paid: $ 5000
    Receiving Bitcoin Address: 19ybQCbvc3Y*MkC9F2EFZpnUSS42TQYaWFD (You must Delete * from this address and note it carefully)

  9. Got this one today, just to make sure they are all scams right?

    ——
    Hello.

    Hopefully you actually do not mind my english language grammar, considering that im from Saudi arabia. I contaminated your gadget with a malware and im in possession of your personal info from your operating-system.

    It previously was established on an adult page and then you have selected the video clip and viewed it, my application quickly gain access to your computer.

    And then, your camera documented you hand fucking, also i captured a footage that you’ve looked at.

    Just after a little while furthermore, it pulled out all of your social contact info. In case you would like me to clear off your everything i have got – send me 410 euros in btc its a cryptocurrency. It’s my wallet transfer address : 1GGWJZGxSbv1aT39EpcApuRNQxAkUsPSUT

    Now you will have 25 hrs. to produce a decision The moment i will get the transfer i’m going eliminate this footage and every little thing thoroughly. If not, please be sure this video would be submitted to all your buddies.

  10. I also got an email today (3/8/2018) with the same wording. they required 3500 $. I just blocked the sender and changed all my passwords. the password they used was indeed a very old password of the same email address the threat was sent to.

  11. I received one on 8/6 and looked it up on the web and saw it was a scam. After 36 hrs. the only thing that happened is that I was hacked on Facebook and if anyone opened the fake request from me they were shown porn. I of course immediately let eveyone know I was hacked. Do not know if that happened as a result of not responding to the letter, but the timing is suspicious. I had unfortunately not updated my Facebook pass word and had not restricted security on it like I should have. Have done that now so hopefully will not get hacked on Facebook again

  12. I got 2 this week. One went to my spam mail, and the other one I got today in my regular email. He didn’t mention what password of mine he knows about, so I don’t know which one has been hacked. I have several I use. I deleted both messages. I hope I don’t receive another one.

  13. I received the exact same email. Don’t pay. If they had real video or your contacts, they would have sent them to you.

  14. Sadly, some fool actually paid the BTC account in that example letter. $1900 to be price, just two weeks ago.

    https://www.blockchain.com gives transaction details on any account, but no names. Bitcoin is run by dishonest cowards, so you won’t get real data.

  15. I received the exactly same mail…

  16. I got this bitcoin address:

    1FhC95AphE7UeMnQFCPCitseW7Ru8nYcqK

  17. BTC ADDRESS: 1ComR1*MJCmDAngpAeJ8fcQzUyTsEcZGCpu

  18. BTC address:

    1K7Hu62xZ5aeptxGJBdADQyTbpaTCsbK4o

  19. I received 2 of them in the same day. Must not be American as they spelled it utilising – not utilizing.

    Stupid people have nothing better to do,

    Now getting emails saying my Google is being hacked – of course, the email comes to an address not associated with a google account.

    Why do people have to be jerks?

  20. 2 emails of the same scam directed to the following wallets.
    1E9aru8xPGbpyttY6zUN3NUGqC6KGArXye
    16k34SFSTf4sEUzzm5n9XTTUMei8doB2ym

  21. Got one last week saying the same thing, they know my password is (an actual old one) from ksangelhv@hotmail.com

    Requesting $2700 to bitcoin 1kMbPziegHr1UVy6xVm6SbmMRMGnupf3bh

  22. We get an identical email on 02/08, demanding $2,700.00 but, of course, we didn’t pay.

    Nothing more has happened since then..

  23. This post is very informative and useful to know about the process.

  24. I received this same email on August 2. It really freaked me out because they specifically mentioned one of my passwords. I reported it to the police and they said they had gotten a call about the same email the previous day. Unfortunately, it didn’t go into my junk mail, but was in my inbox. A big thank you to this website for letting me see that this is a new attempt that is really going around.

  25. Got this same email, but it went into my inbox, not my junk mail. Really freaked me out because it mentioned a specific password I use!

  26. Received this email. Was freaked out for a second, but upon really thinking about it realized that other than a password, which is an old one i have used many times and now only use for insignificant accounts not associated with payments or valuable information, the email was exceptionally vague in that it lacked even a single detail to support the claims it made… It’s very easy to phish for a password or find a hacked password and send an email claiming all these things, it’s quite another to actually have done these things. Anyone making such a threat would undoubtedly include any such video in the email. Still, of all the email scams I have ever seen, this was the only one that ever has had me even a little concerned. It is terrible that people do this. Hopefully these people get caught.

  27. I got the same email and it referenced my generic email for dumb sites. My email passwords are alphanumeric with special characters and even I forget the formatting for time to time because it is that complicated.

    The only thoughts had when I read the email is this dumb fuck wanted to extort me when I just heard I’m losing my job and I don’t even have $100 to my name.

    This email came after I do some reading on how to mine cryptocurrencies

  28. Yup I had the same it was send on saturday 6 am and it was indeed one of my passwords to be specific my first password I ever created in most accounts I already changed it but on a few old accounts I didnt and my roblox got hacked a few years ago and it had the same password connected to my e mai. Its probably a scam because it already expired and I have no facebook and messanger that are the things they notived in the mail so I feel a bit better now

  29. I got the same email on August 2 and August 6 with different bitcoins address! I was a little worried, but after reading this text I calmed down. I hope I did not make a mistake?