12
Jul 18

Sextortion Scam Uses Recipient’s Hacked Passwords

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.

The rest is formulaic:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).

Tags: , ,

1,076 comments

  1. Received the email starting “I will cut to the chase… ” on 15 July 2018 from an outlook.com address. I’m in UK. The password in the email had been used by me in the past.

    Amount to be sent: $ 1900
    Receiving Bitcoin Address: 1MpJX5aUTcugTKgPcFMvod5LwnwGF5tqSG

    • AntiPhish Guy

      That bitcoin wallet actually received payment of one bitcoin this afternoon so i guess the scammer was successful in scaring the S out of someone who then paid….

  2. Received a similar mail yesterday, from an Outlook mail account to a german web.de mail account. Scammer used an old password which was stolen during a security breach on a MMO website years ago.

  3. Same message for me received yesterday…. i m french
    Deadline has passed for many of you and so any video sent to your contacts ?

  4. Henkiepenkiespermatankie

    Yep, same email received yesterday

  5. Larson Rhianne

    I also received this email on my work account. Plan to report to my MIS dept but can i also report somehow directly to authorities?

  6. I received the above email demand yesterday on the 15th July and it scared the life out of me. Now I’ve read this article and the comments I can rest a bit easier. Thanks for providing somewhere for simple folk like me to check up on these matters. Logic told me it was a scam, but my falling stomach kept me on edge all night. The password provided was probably ten years old but its worrying that the information is still in use. The advice from IT pros to keep updating passwords, and make them more complicated has never been more appropriate!

  7. Jo Ann Stallings

    I received the same message yesterday.
    They want $3,600

    Nannie Maliawco
    7/14/2018 10:35 PM

    I’m going to cut to the chase. I know goldilocks is your password. More to the point, I’m aware about your secret and I have proof of your secret. You do not know me and no one hired me to check out you.

    It is just your bad luck that I discovered your bad deeds. Well, I actually placed a malware on the adult video clips (porn) and you visited this web site to experience fun (you know what I mean).

    When you were busy watching video clips, your web browser started working as a Rdp (Remote control desktop) with a
    key logger which provided me access to your display screen and web camera. Just after that, my software obtained all of your contacts from social networks, as well as mailbox.

    I then gave in more time than I probably should’ve digging into your life and made a double display video. 1st part displays the video you were viewing and 2nd part shows the capture from your webcam (its you doing dirty things).

    Honestly, I am willing to forget exactly about you and let you continue with your regular life. And I will provide you two options which will accomplish that. Those two options are either to ignore this letter, or just pay me $3600. Let ’ s investigate those two options in more details.

    Option One is to ignore this message. Let’s see what will happen if you pick this path. I will definitely send out your video to all your contacts including friends and family, co-workers, and so forth. It won’t help you avoid the humiliation your household will have to feel when friends find out your dirty details from me.

    Option 2 is to make the payment of $3600. We ’ ll call it my “ confidentiality tip ” . Now let me tell you what happens if you choose this path. Your secret remains your secret. I’ll erase the recording immediately.

    You keep your life as if none of this ever occurred.

    Now you may be thinking, “ Let me call cops ” . Let me tell you, I’ve taken steps to ensure this mail cannot be tracked returning to me and it won’t steer clear of the evidence from destroying your life. I am not planning to dig a hole in your pocket. I just want to get compensated for efforts and time I put in investigating you. Let’s assume you have chosen to generate this all go away and pay me the confidentiality fee. You will make the payment via Bitcoins (if you don’t know this, search “how to buy bitcoins” on google)

    Amount to be sent: $3600
    Receiving Bitcoin Address: 1MAFzYQhm6msF2Dxo3Nbox7i61XvgQ7og5
    (It’s cASe sensitive, so copy and paste it)

    Tell no-one what you should be transferring the bitcoin for or they will often not offer it to you. The
    procedure to acquire bitcoins usually takes a short time so do not wait.

    I have a unique pixel within this e-mail, and now I know that you’ve read this email message. You have 2 days in order to make the payment. If I do not receive the Bitcoins, I will definately send out your video to all of your contacts including relatives, coworkers, and so on. You better come up with an excuse for ​
    friends and family before they find out. Nonetheless, if I do get paid, I’ll erase the video immediately. It is a non-negotiable offer, so do not waste my time and yours. Your time has started.

    • AntiPhish Guy

      That wallet also received three transactions since the 14 July. No wonder we have these types of fraud as there are people out there ready to pay.

  8. I got one of these and I don’t even have a webcam! The password they showed in the email was from the LinkedIn data breach. I had changed it ages ago.

  9. Web these days. Apps, websites, virtually any way to connect wants permissions to capture the contacts on your device or email accounts. Intertwine with the world so to speak. No wonder there are such problems.

  10. Isn’t this the storyline of a Black Mirror episode? -_-

  11. I got this 2 days ago – I laughed – since I don’t have a webcam on my computer, nor do I surf for porn.
    Plus, that email address password was changed at least a decade ago.

    Just as a piece of mind, figuring it was a scam I did a search for the scam to confirm. I guess at 4:39pm today I will find out who they actually videod watching porn doing “dirty things”. LOL

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Cornela Skerry
    Sat, Jul 14, 2018 at 4:39 PM (Jul 14 (2 days ago))
    to charles
    I will cut to the chase. I’m aware ***** is your pass word. Most importantly, I do know about your secret and I’ve evidence of it. You don’t know me and no one employed me to investigate you.

    It is just your misfortune that I came across your blunder. The truth is, I installed a malware on the adult vids (pornographic material) and you visited this web site to experience fun (you know what I mean). While you were watching video clips, your browser started working as a Rdp (Remote control desktop) that has a keylogger which provided me with accessibility to your display and also cam. Right after that, my software gathered your complete contacts from your fb, as well as mailbox.

    Next, I gave in more time than I probably should have looking into your life and created a double screen video. 1st part shows the recording you were watching and other part shows the view from your web cam (its you doing dirty things).

    Honestly, I’m ready to forget all about you and let you move on with your daily life. And I am going to provide you two options that may make it happen. The two option is either to ignore this letter, or simply pay me $1900. Let us examine above 2 options in details.

    First Option is to ignore this e mail. Let’s see what will happen if you opt this option. I will send your video to all your contacts including family members, coworkers, etc. It will not shield you from the humiliation your family will face when relatives and buddies find out your unpleasant details from me.

    Option 2 is to pay me $1900. We’ll call it my “confidentiality tip”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I will destroy the recording immediately. You continue on with your life as though nothing like this ever occurred.

    Now you must be thinking, “I will go to the cops”. Without a doubt, I have covered my steps to make sure that this mail can’t be tracked back to me and yes it will not steer clear of the evidence from destroying your daily life. I’m not seeking to steal all your savings. I am just looking to be paid for time I placed into investigating you. Let’s hope you have decided to create this all disappear and pay me my confidentiality fee. You’ll make the payment via Bitcoins (if you do not know how, search “how to buy bitcoins” in google)

    Required Amount: $1900
    Bitcoin Address to Send to: 1KBVnnJCPMDai81kMq2sUMFPKejAo7svE9
    (It’s CASE sensitive, so copy and paste it carefully)

    Tell no person what you would be transferring the Bitcoins for or they might not offer it to you. The procedure to obtain bitcoins will take a few days so do not put it off.
    I have a special pixel in this mail, and at this moment I know that you have read this email message. You now have 48 hours to make the payment. If I don’t receive the BitCoin, I will certainly send out your video to all your contacts including members of your family, colleagues, etc. You better come up with an excuse for friends and family before they find out. However, if I do get paid, I’ll erase the video immediately. It’s a non negotiable offer, so kindly do not waste my personal time and yours. Your time is running out.

  12. If my family and friends got naked videos of me I could make $$$ by sending them emails threatening to send yet more videos of me if they didn’t pay.

  13. I received the same message July 15 and it went straight to my spam folder, I only by coincidence happened to look in the folder for something else and saw it there. Was from Aron Hinton, email jmnardenwgh@outlook.com demanding $2900. It had been sent to my old email I haven’t used in several years and referenced a password I previously used on LinkedIn but changed after they reported a security breach several years ago.

    • Had exactly the same email, from exactly the same address, asking for exactly the same amount of money, using an old password from LinkedIn. These scams are getting more sophisticated. Still, I’ve spent an hour changing all my passwords and doing security checks on my computer – something I should have done a while ago, so I guess I can be glad I got that email

  14. I got two of those.

    I looked at the mail source and examined the html line by line.
    There’s no image reference at all. So the claim of special pixel is also a lie. The email was sent from outlook.com with ip address
    40.92.253.100. I did a trace and it timed out. So the email header was faked also.

    to file a complain to FBI online, use this link https://www.ic3.gov/complaint/default.aspx

    or you can see more options here at the FBI site https://www.fbi.gov/tips

  15. I received it as well, Sunday July 15 at 3:14pm from Cory Reheem , asking for 2900$ to this address:

    Bitcoin Address to Send to: 1Je5CbHkcdjnMfbna78y4FfomRHQX2xawU

    I looked it up and some people seem to have paid into it, very sad to see. It got me nervous that they knew this old password that I still used in a few non threatening websites (no credit cards infos) so I went ahead and changed those. I was temped to send a reply along the lines of “nice try but I hide my webcam lens when I’m not using it because I’m paranoid and no, I don’t use my computer to access porn, but I will flag you to the FBI and Microsoft.”

    Is there any way we can flag the email to Microsoft without just flagging it as spam? That stuff is next level criminal. Does the FBI have an email address for that stuff? I’d like to flag the bitcoin address as well but don’t really feel like spelling this on the phone…

  16. Oh really big relief as so many of friends are here who were the victim. I also revived the exactly the same mail on 15th July with threatning using the pretty old password. I also received from outlook email I’d on this sextortiom scams.

  17. I received this as well…

    I will directly come to the point. I know ——– is your password. Most importantly, I know your secret and I have evidence of this. You don’t know me and nobody paid me to investigate you.

    It is just your misfortune that I came across your bad deeds. The truth is, I actually setup a malware on the adult vids (sex sites) and you visited this web site to experience fun (you know what I mean). While you were busy watching video clips, your web browser began operating as a Rdp (Remote desktop) having a key logger which gave me access to your screen and also web cam. Immediately after that, my software program collected your complete contacts from social networks, and mailbox.

    After that I put in much more time than I probably should’ve digging into your life and generated a double display video. First part shows the video you had been watching and other part displays the recording of your web cam (its you doing inappropriate things).

    Frankly, I am willing to forget details about you and allow you to get on with your daily life. And I am going to present you two options that will accomplish that. These two options are with the idea to ignore this letter, or just pay me $ 2900. Let us explore those two options in more details.

    First Option is to ignore this email message. You should know what will happen if you pick this option. I will send your video recording to all your contacts including close relatives, co-workers, and so forth. It won’t save you from the humiliation your household will feel when friends and family discover your dirty details from me.

    Option 2 is to make the payment of $ 2900. We’ll call it my “confidentiality tip”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I will destroy the video immediately. You continue on with your routine life as if none of this ever happened.

    Now you may be thinking, “I will complain to the police”. Let me tell you, I have covered my steps in order that this email message can’t be traced returning to me also it will not stop the evidence from destroying your health. I’m not planning to break your bank. I am just looking to get compensated for the time I place into investigating you. Let’s assume you decide to create pretty much everything disappear and pay me the confidentiality fee. You will make the payment through Bitcoins (if you don’t know this, search “how to buy bitcoins” in google search)

    Required Amount: $ 2900
    Bitcoin Address to Send to: 1B4ox92miD4EJbL6CmJLkGFKnJYhs8vi8
    (It is CASE sensitive, so copy and paste it)

    Tell no-one what you will use the bitcoin for or they may not offer it to you. The method to have bitcoin usually takes a couple of days so do not procrastinate.
    I’ve a special pixel within this e mail, and now I know that you’ve read this email message. You have two days in order to make the payment. If I don’t get the BitCoins, I definitely will send out your video recording to all your contacts including close relatives, co-workers, and so forth. You better come up with an excuse for friends and family before they find out. However, if I do get paid, I’ll destroy the video immediately. It’s a non-negotiable offer, thus do not waste my time and yours. Your time is running out.

    From reading this, it appears to be a scam. That, and the fact that this ended up in my spam filter.

  18. Got one today. Was older password that was compromised a few years ago. Mine is from another outlook.com address seemingly from outlook.com via the headers. And, go figure, the sender is listed as from Russia (15.20.952.17).

    Received: from BL2NAM02FT016.eop-nam02.prod.protection.outlook.com (10.152.76.56) by BL2NAM02HT228.eop-nam02.prod.protection.outlook.com (10.152.76.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.952.17; Mon, 16 Jul 2018 16:37:58 +0000

    Major tip-off for me is i have no webcams anywhere and my laptop has a blinder (and sure, i don’t ever look at anything naughty).

  19. Got one of these on Friday. Same pitch. There were so many things in “Karilynn Drager’s” message (we KNOW that’s not her REAL name, even if it IS a female sender!) that I had to stop LOL in order to finish reading. The question I have, though, is for the poor fools who DO pay, where is that money actually going? Since so many people are being phished under a multitude of email addresses, how do they properly line up with Bitcoin accounts?

    As has been said about this kind of scamming: We have to be vigilant 100% of the time…the asshats perpetrating these scams only have to be lucky once…times the hundreds–if not THOUSANDS–of poor fools who take the bait!

    BEWARE, FOLKS!!

  20. I got one similar to this today. It was an old password of mine. got scared for 5 mins. I am glad I found your article!

    here is the message :

    I will cut to the chase. I do know ——– is your pass word. Most importantly, I know your secret and I have proof of your secret. You don’t know me personally and nobody paid me to examine you.

    It’s just your hard luck that I discovered your blunder. Actually, I setup a malware on the adult videos (pornographic material) and you visited this site to experience fun (you know what I mean). While you were busy watching videos, your browser started out functioning as a Rdp (Remote control desktop) having a key logger which gave me accessibility to your screen and web cam. Just after that, my software program gathered all your contacts from your messenger, fb, as well as email.

    After that I gave in much more hours than I probably should’ve investigating into your life and generated a double-screen video. First part shows the video you had been viewing and second part displays the capture of your webcam (its you doing dirty things).

    Honestly, I am ready to forget about you and allow you to get on with your daily life. And my goal is to provide you two options which will achieve that. The two option is to either ignore this letter, or simply just pay me $ 1900. Let’s investigate these two options in more detail.

    Option One is to ignore this email. Let me tell you what will happen if you choose this path. I definitely will send out your video to your contacts including close relatives, co-workers, and so on. It will not shield you from the humiliation you and your family will face when friends uncover your unpleasant details from me.

    Other Option is to pay me $ 1900. We will call it my “confidentiality fee”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I’ll delete the recording immediately. You go on with your life like none of this ever happened.

    Now you may be thinking, “I’m going to report to the cops”. Without a doubt, I have covered my steps in order that this message can’t be traced returning to me and yes it won’t stay away from the evidence from destroying your life. I am not planning to break your bank. I just want to get paid for the time I put into investigating you. Let’s assume you have chosen to make this all disappear and pay me my confidentiality fee. You will make the payment by Bitcoins (if you do not know how, type “how to buy bitcoins” in google search)

    Amount to be sent: $ 1900
    Receiving Bitcoin Address: 19224kBa2V1PyPntEhiJmkBgh6RGyGH3Vj
    (It is case sensitive, so copy and paste it)

    Tell no person what you would use the bitcoin for or they may not sell it to you. The method to acquire bitcoin usually takes a few days so do not put it off.
    I’ve a special pixel within this e mail, and at this moment I know that you have read this e mail. You have 2 days in order to make the payment. If I don’t get the Bitcoins, I will, no doubt send your video to your entire contacts including close relatives, coworkers, and so on. You better come up with an excuse for friends and family before they find out. Nonetheless, if I do get paid, I will destroy the video immediately. It’s a non-negotiable one time offer, so please do not waste my personal time & yours. The clock is ticking.

    • got one recently too. mine was also for 1900 in bitcoins. they had an old password that has not been used on my email account for years. needless to say very upset!

      • I just got another one of these emails! Will they keep on coming! Any way to stop them?

  21. Rec’d the same message as Michael above dated 7/15/18

    Since what they claimed didn’t apply to me, I knew it was a scam but was very disturbed and nervous that my recent password (up to December of 2017) appeared. It’s a password I’ve never told anyone or written down so it definitely caught my attention. I can see how some might fall for the threat and pay – especially if it’s a professional email account.

  22. That’s the second time I get an email like that, but there are no passwords mentioned.
    Should I be worried ? Because it’s the second time

  23. I got a few in my spam, i cant believe people fall for those. I wonder what would happen if someone responded to the email?

  24. I received this email tonight, asking for $3200. The biggest reason it gave me a scare was I just had an Instagram account hacked with the same password that this email mentioned. The password was one I used on sites I didn’t care much about, and it was an old password that was previously associated with the email. In the Instagram instance, I had never even posted on there, and suddenly, my account was full of pictures with Arabic captions. I turned on the two-step verification, and had a bugger of a time deleting everything. Then, two days later, I get this email with the same password.

  25. Thank you for this article! I received this email, and even though I am in the technology industry and have been to dark web lectures and “should” know better…there’s something about seeing your secret nickname for your childhood pet that nobody would ever know, thrown in your face as proof of potential future blackmail that makes your heart drop! Time to start changing passwords. Does anyone recommend a good place/way to store passwords? I have a password protected excel sheet on my work computer but I’m wondering if there’s a better option out there. Although, with website getting hacked maybe my best bet is to keep them on a piece of paper in my nightstand!

    • Laura,

      I use LastPass Manager. The free version is probably all you’ll need, but I go ahead and pay $11 per year for the Premium.

      Good Luck!
      Kevin

      • I’ll second Last Pass and add that I do only use the free version and it does everything I need.

  26. pierre doussiere

    received the same to day july 16,
    Was automatically filtered as a spam by my yahoo email, also a very old password that I used on linkdn and yahoo email before. Quite scary at 1st.

    the bitcoin adress was

    1PhAzthZMqAaFHBAEDLinbNk6yZBVVfyrr

    nice to have set this site to inform people

    San Jose Ca

  27. I got the same email as you all on July 15th. Anyone know of way to trace the IP – or bitcoin recipient?

    I know this is only going to get worse but would like to put scare back into whoever this is with the outlook address..

    Thanks guys!

  28. received the same email today

    was automatically filtered as spam by yahoo email , the pswd is very old and i used it on linkdn and yahoo in the past, and other non sensitive sites. quite scary indeed, good to see it is a scam, and i am sure some will fall for it an pay.

    the bitcoin address is :

    1PhAzthZMqAaFHBAEDLinbNk6yZBVVfyrr

  29. Hi,

    Recieved that e-mail yesterday.
    Assuming my password in the title was correct (changed immediately), should I be worried about my contact list being spammed?

  30. Mine was from a Myrilla Laubacher

    Same Message but different bitcoin address: the one they gave me was
    Amount to be sent: $ 2900
    Receiving Bitcoin Address: 1AoQB1GHm41XrrbZ6orcH4eKA5nummvGgr