Oh, no! A hacker (says he) planted a Trojan, (claims he) took over your computer’s camera and microphone, (purportedly) filmed you watching porn, (theoretically) has the password to your email account, and is threatening to forward the scandalous video to all your email and social media contacts unless you fork over Bitcoin!
“It must be true,” many people have unfortunately thought about this new twist on an established sextortion scam. After all, he’s (apparently) sending email from your very own email address!
Good news: thankfully, it’s not true. The sextorting phisher has not, in fact, demonstrated that he’s hacked your email. All he’s done is demonstrate that anyone can send an email claiming to be from someone else.
DON’T PANIC! (30 SECOND VIDEO)
(Watch directly on YouTube if the video won’t play here.)
This is s nothing new – it’s just the way email is designed, and plenty of phishers use this fact to send spoofed email that looks like it comes from a trusted party (like you!).
We’ve seen sextortion emails that have included an intended victim’s password – that the attackers actually found in a data breach dump – in order to make their claims to have taken over somebody’s computer seem legitimate. Those passwords are typically outdated. But with the latest spin, they’re also pretending to have access to their victim’s email account, by simply spoofing the sender of the scam email to make it look like the same email as that of the victim.
The new variant of this lucrative scam was first seen targeting people in the Netherlands. RTL Nieuws reported on Thursday that the scammers had thus far bilked people of €40,000 (USD $46,000).
The spoofed mail claims that victims’ computers have been hacked and that the targets have been filmed while watching porn. It gives them one day to cough up a €1000 ransom in bitcoin, or else the video will be sent to all of their contacts.
Here’s Google’s translation of the Dutch scam email:
Hey, I've been watching you for a while because I hacked you through a trojan virus in an ad on a porn website. If you are not familiar with this, I will explain this. A trojan virus gives you full access and control over a computer, or any other device. This means that I can see everything on your screen and switch on your camera and microphone without you being aware of it. That way I also got access to all your contacts. I made a video that shows how you satisfy yourself on the left half of the screen and on the right half you see the video you were watching. With the press of a button I can forward this video to all contacts of your email and social media. If you want to prevent this, transfer an amount of 1000 euros to my bitcoin address (If you do not know, search with Google "Buy Bitcoin".) Bitcoin address: xxxxxxxxxxxx As soon as the payment is received, I will delete the video and you will never hear from me again. I give you 72 hours to make the payment. Then you know what happens. I can see it if you have read the email.
NAKED SECURITY LIVE: SEXTORTION – WHAT’S NEW AND WHAT TO DO
(Watch directly on YouTube if the video won’t play here.)
It may be just a slight tweak of an extortion scam, but people are unfortunately falling for it. You can see why: most people who watch online porn would be horrified at the notion that they’d been filmed while doing so and that their reputations could wind up in the gutter if embarrassing video of them were to be disseminated to friends, family and colleagues.
It’s not hard to believe that a hacker could take over your microphone and webcam, after all: Crooks can use a piece of malicious software called a remote access trojan (RAT) to take over your computer, record your conversations, and yes, to turn on your webcam and microphone to spy on you.
Victims of sextortionists have included those as famous as Miss Teen USA: Cassidy Wolf was blackmailed by a crook who used a RAT known as “Blackshades” to take nude pictures of her through her webcam.
We’ve seen plenty of stories about hijacked baby monitor webcams, too, and we’ve seen one couple who didn’t realize that they’d been joined by a peeping Tom who spied on them via their webcam as they snuggled together to watch Netflix.
Couple the too-real threat of RATs and hijacked webcams with an email that looks like it came from within your very own email account, and it’s easy to see how people can get strung along.
Like most scam email artists, these criminals are adept at playing on our fears. These “I have your email account” guys are piling fear on top of fear – “we recorded you watching porn!” “we have all your contacts because we have your email account!” – to make a sky-high, multi-layered fear sandwich.
Alan Wilcox
Three of these arrived, all similar, all spoofing my email account. The first caught my attention because it had an old (5-10 yrs ago) temp password I used on several throw-away accounts. A quick look at the email raw data showed it clearly wasn’t my doing. I checked my sites at JustHost.com, and nothing was violated.
My systems are locked down tight: I use NordVPN and 1Password. My LANs are behind firewalls. I’ve not been guilty of the behavior the extortionist hoped to exploit, but it sure took my vigilance to a new level.
Makes me wish for the Internet of the 80’s and 90’s!
RadioStormRyan
What I miss are emails claiming to share an inheritance & etc with me if I let them put money in my account. Right and I have a bridge in Brooklyn to sell them.
Rachel O'Dell
People at my company get FAXES for inheritance scams all the time!
RyanJames
I was dealing with fax calls on an old home phone I had. The calls came at certain times of day. Due to the overwhelming number of calls a day I was receiving I added CID and received approximately 50 calls day. The phone company suggested calling the number which turned out to be out of service. Someone I knew suggested trying to receive the fax my computer which I believe I tried without success. Since the issue couldn’t be resolved my number was changed for free.
ric
I too have been sent this scam, I would of almost believed it, until he mentioned that I was on a porn site, Thats when i knew he was lying cause I never visit those sites. But I want to know how he got my email in the first place.
Mark Stockley
Email addresses aren’t secrets, unlike passwords, so you shouldn’t be surprised or alarmed if somebody discovers or guesses yours. If somebody knows your email address then it’s trivial for them to send you an email “from” that address because anyone can write anything they like in the “From” field.
Christophe Rigaud
I got one too. Put appart the outdated password, it contained some Windows’ stuff while I only use Linux. Would have been interesting to ask how he/she got access to my Windows’ computer…
The used email address was part of a LinkedIn data breach dating back many years ago. This is probably where he/she got it. Eventually, it is a good remainder to use a unique password for each online service we use.
R
My issue is I actually did watch porn and then got the email LOL!!! True story
Anonymous
That’s funny. You must have semi freaked out. 🤣
Anonymous
Same with me. I’m not ashamed at watching porn.
Anonymous
but did u transfer the money or actually scammer recorded video of you?
Robert
Hundreds of these blocked last week and this week at this Australian enterprise.
Anon
I’ve been getting a number of these. I will also admit that the premise is plausible as I have certainly used my computer for those activities (don’t judge, many of you do too!). I could tell that my address/password were scraped from the Supercell forum breach in 2016. The interesting part was that the password they presented to me was a legitimate one but the characters were reversed.
Nic Coen
One of these arrived today, as it was the beagles email address and he eats poo and bonks everything when out on his walk, for all to see…..am I bothered 😂
Ken
I got an email yesterday that followed the example email almost exactly. So sad that this works on less-experienced users. The Internet is now full of so much bad stuff that my usage continues to go down. I warn all my friends of these kinds of schemes. Thank you for posting this very good, helpful article!!!
Brett
Interesting stuff. How does the scammer use their victim’s email address as the scammer’s originating address? Additionally, when I right-clicked on MY email address, it revealed all of my properties – very unsettling to see!
Please explain, so that I can get some peace of mind about a possible breach!
Thanks,
Brett
Mark Stockley
An analogy:
When you send a letter, the postal service doesn’t need to know where the letter is coming from in order to deliver it, it only needs to know where it’s going to. You can write who it’s from on the envelope, if you want to, but you don’t have to. And if you lie about who it’s from it doesn’t make it any harder to deliver.
That’s how email works. By design, you can put whatever you like in the “from” header.
A lot of people don’t understand this, so they assume that getting an email from themselves must be proof that they’ve been hacked, rather than proof that email was designed by fluffy academics who thought we’d all be nice to each other.
As you can imagine, this has caused a lot of problems, so since email was first designed almost 50 years ago some technologies have been bolted on to make lying about who an email is from harder (SPF and DKIM), but they aren’t used everywhere and they aren’t foolproof.
Bob
Hi, I’m interested in getting some clarification if you’d be willing. The first thing I did as I always do was hover the mouse over ‘my email address’ but must admit I was surprised when it showed my own address. So as it was a dummy account I decided to test it and replied. Lo behold I received my email into my own account seconds later. Would I be right to believe that the sender can supply my own address as the senders address rather than just change the display text to hide the true sender?
Mark Stockley
Correct, the sender (any sender) can supply your address (or any other address) as the sender’s address.
Bob
This is the first time I’ve come across this type of scam so although I was initially sure it was a scam it threw me a little and took the usual steps to ensure my account was secure. Thank you for the clarification and putting my mind at ease.
Anonymous
Why can’t the ISP’s prevent this?! I usually hover and see it is a random email address but I too saw that it appeared to be my genuine email address. I’m pretty sure that in order for my ISP to deliver any email I send it verifies that by needing a security password. Surely the ISP’s can get to gather to prevent this and stop acting as the ‘postman’ for criminals?
Paul Ducklin
Some ISPs prohibit their customers from sending email directly by blocking TCP traffic to port 25 (SMTP) other than port 25 on one of their mail servers. That means, in theory, that they could aggressively filter out email with “From:” addresses that look wrong, because they get to see your email before you are allowed to send it.
But that degree of filtering and firewalling is not universally popular. Most ISPs are under simultaneous pressure from different censorship cliques, with some people insisting ISPs should “fix everything by filtering my feed to protect me from myself”, others saying “ISPs should provide me with TCP/IP connectivity and then get out of my face/life”, and governments saying “ISPs should be competitive, cost-effective, unjudgemental, free, fair, open, democratic…and should also keep lots of logs about everyone, just in case we suddenly decide that not having all that data would aid terrorists.”
Also, I suspect that many companies still use deliberate email spoofing to allow selected remote users to inject “internal” emails from outside, so blocking this practice universally could end up causing as much trouble as it fixes.
The bottom line is that the “From:” header *is part of the email itself*, and is under the control of the sender just as much as the salutation at the start of the email text. If ISPs mess with the headers, should they also block emails that start “Dear Sir/Madam/Other” or “Dear Customer”, because that would mop up lots and lots of phishing messages on the grounds that we tend not to speak like that to people we know?
Bryan
…and governments saying “ISPs should be competitive, cost-effective, unjudgemental, free, fair, open, democratic…and should also keep lots of logs about everyone, just in case we suddenly decide that not having all that data would aid terrorists.”
The USA government lately is embracing the second part quite well, while no longer necessarily prioritizing the first.
[insert Ajit Pai insult here]
:,(
David
So, what if the sent message appears in your Sent mailbox. Doesn’t that prove it was really sent from your email account?
Lief
If it is in your sent box, yes, almost certainly it was sent from your account. You need to take action.
Peri Boob (@Periboob)
I had this sort of threatening email/, found this thread. When I saw your response above I got a little scared. But I checked up. It seems to me that Gmail at least (maybe other servers) is getting TOO HELPFUL. I have 2 accounts. Sent email from ACCT1 using a return address of ACCT2, sent to ACCT2. Gmail I guess looked at the email, evaluated the return add, and added this message to the “Sent” folder for ACCT2.
I use Thunderbird, and it picked up my msg from the sent folder in the gmail server, but not the local “Sent” folder., I used the TBird raw format option to view the email, and it was sent though a list of elements in UK and Japan before getting through to Gmail.
GOOGLE! I am a stock holder! DO NOT File messages in the Sent folder unless they belong there!!!
Anonymous
What action do you need to take?? This was sent from an e-mail account that I rarely use anymore.
MR
Thanks for this, I didn’t even think to check if my account had send it! It had my email address on it so I assumed it did, but it turns out it did not.
Thank you!
aladyandherlizards
Hi,
Yes, the “from” address in an email can be anything the sender wants it to be. They can type your email address as the “from” and it will send. The “from” address doesn’t matter to the email server; its communication with the sending program is handled on a lower level.
Hope that helps!
Anonymous
so does that mean that i havent gotten hacked? because when i used windows defender, it said that there were 3 trojans on my computer, but i removed them, however, the ‘hacker’ introduced himself as Ad0zzz. (forgot the name because i removed the email)
Paul Ducklin
Without knowing what those Trojans were, it’s hard to say what they might have done… but hacking your email account and sending this particular email? I’m saying, “No.”
aladyandherlizards
I agree with Paul; the likelihood of your email account being hacked and sending this particular email is very low. The trojans identified are another matter entirely, and I strongly advise not performing any online shopping or banking activities until you’re confident that your computer is clean.
A Human
I received one also recently but it was more descriptive than the Netherlands email.
My question is this…
the spoof email from myself (apparently), also states that they have a 1 pixel facebook pixel within the email to let them know I have opened it and activity within the sent email. I did not use my vpn on my mobile one time when I opened the email, Will this expose my GPS locations like image malware would?
I am learning the trade (just started) but need help on this one as I am aware of image link hacks and thrown off with this 1pixel (naked to the eye) image malware.
Thanks
Paul Ducklin
If your email client is set to display inline images by default (most are not) then any image in an email body triggers a web download to fetch the image. This can be used to track whether you opened the email or not… but no more than that.
In other words, although 1×1 pixel images are called “trackers”, they don’t actually track *you*, or get access to your location history, or get to read your GPS position.
The words “email receipt detector” would be clearer, but we’re stuck with “tracker”, even though it exaggerates the risk.
HtH.
akhtar
does that mean that i havent gotten hacked? because when i used windows defender, it said that there were 3 trojans on my computer, but i removed them, however, the ‘hacker’ introduced himself as brinkley67. and the name of the trojen was like sppextcomobjpatcher.exe
Paul Ducklin
If you had malware on your computer, then technically, yes, you *were* hacked – but those Trojans are almost certainly nothing to do with this sextortion email. The email would have arrived anyway…
Anonymous
If you’ve genuinely sent an email from yourself to yourself then it’ll mr in the sent box , I had one yesterday which was worrying, but having checked my SENT box , there was nothing there from me to me . Obvious scam but still worrying .
Anonymous
+1 for you mate! Didn’t even think of that but it is an easy way to see if it is actually coming from your own account.
Anonymous
I had not even thought to check my “sent” folder. Nothing from me to me. Thank you! Nevertheless, this does seem like a call to be more diligent.
Fremean
You can send an e-mail stating it is from anybody, even your boss or CEO! It is pretty easy to do.
You
Thank you for this helping write up. I hope people read it before they receive these kinds of emails so that they are saved from loosing their money. I received a similar email today. What really worried me was the fact the email appeared to have been sent from my own email address, as is the case in these kinds of scam attempts. Initially I was of course very worried for a good hour, but then I started noticing and realized some things that calmed me a bit. The password at the time of the hack, according to the email, was my first name, which I never ever have used for any of my accounts in my entire life. It didn’t occur to me to look in the sent items folder, but I did go to the sent folder and didn’t see this email there, but it didn’t calm me at all. So I went ahead and changed my password, enabled 2-factor authentication and checked to make my email account accessible from my own machine only. Since the email said my videos will be emailed to all my contacts and shared on my social networks (I never used this particular email to sign up at any of the social networks I am on, so that was not my concern because I knew the email writer was lying there as he couldn’t have possibly have my social network accounts’ passwords), and thinking he might not have downloaded my address book and intended to email the videos after 48 hours by downloading it, I went ahead and deleted all my contacts and even emails in all my folders (inbox, sent, draft, spam etc.) (good thing is this was not my main email address, but a very old one which I rarely used for proper communications, but yeah there were some emails that I would have liked to keep, but no worries, but yeah this kind of fraud attempt made me lost them). I never intended to pay up because I believe people, including all my contacts, already know watching porn and masturbation is perfectly normal, healthy human activity, but I was of course still very worried and had to delete my emails and contacts. I did know that one can use a software to email from an email address that looks like any email address, so I googled something like “is there a software that lets you send email from a made up email address including your own” and arrived on this article. Thank you again for this really calming and helping post.
mikey
I have received one of these email today and panicked! because the email was sent from my own email address, They had and old password and not the one used for this email account (and i don’t do that sort of thing in front of my computer that is a LINE i will not cross!) So that was the key giveaway knowing it’s just a fake scammer trying to get me to pay out $760 in bitcoin, Looking in my sent folder there is no email that i have sent to myself. And there grammar is not very good or should i say there english and the subject was a give away (You password must be need changed).
After looking into this more i’ve tracked there email IP address because they say they can’t be tracked and they don’t make any mistakes well they made a big mistakes there haven’t they as i have tracked them down to the following location listed below.
Continent: Asia
Country: Cambodia kh flag
State/Region: Phnom Penh
(SOUTH EAST ASIA TELECOM (Cambodia) Co.)
City: Phnom Penh
Latitude: [Redacted]
Longitude: [Redacted]
UP DATE:
The deadline has past (48 hours) later i will not pay them scumbags no videos of me online anyhow i’m not that stupid.
**Will the admin of this site please post my comment this is the 4th time i’ve tried to post here to help others ?.**
Mark Stockley
You should expect that spam like this is being sent from a large number of compromised computers, so finding (or even shutting down) the IP address where an email originated doesn’t tell you very much at all about who pressed “send”, or how to stop it.
Stevie
Got one very close to this today. I will say it freaked me out for a while. I did the same things that others have done on here. Checked my sent file, nothing. Then I found this site and read it all and the comments and I feel a whole lot better now.
Thanks for sharing this.
MEW
Is this something that can be reported? What are the proper authorities or channels? I can see how someone less savvy would fall for this activity.
Greg Whitehair, Esq.
Yes. You can make a report to the FBI here: ic3 DOT gov
They ask for your contact information, whether you paid the extorted monies, any information you have on the sender, and a copy of the extortion email. They do not reply so I am not sure what happens next.
[Editor’s note: ic3 is short for “Internet Crime Complaint Center” if you want to look up the website for yourself.]
JJ
I have been getting these emails for about over 1 month already ( 2-3 emails per day). what i wanted to ask, is if there’s any action i should take or anything i should to in order to stop these emails from coming…thanks
Mark Stockley
File them under ‘Junk’. This will help to train your spam filter, and pretty soon it should learn to filter them out.
Agnes
Hi, I have email-in junk- but email from my account. Demading payment or sending some compromising videos to 16 of my contacts. Should I worry? Should I change email password? Report them? Thx A
Sofia
Hi agnes
Did you receive this email today?
Did it say caution! Attack hackers to your account? On the subject line?
I also recieved this email today which brought me to this page. I looked up the bitcoin address that they put in the email and it has already been reported 3 times today as spam
Scott
Hey,
I had one of these emails today but it was sent from my work email address to a colleague? They started the email with, dear [name removed]@…com well that is not even an email address of mine and not my name. The worrying thing is it looked as though it came through my work servers to my email and then said forwarded from I phone to my colleagues email. Should I be worried, obviously is claimed I do all the awful stuff if I didn’t pay up.
Thanks in advance
MeToo
Can you imagine if a message like this was received by a teenage kid, where kudos and rep means everything? Most of us who are commenting on here are grown and therefore likely have the cognitive capacity to fight the ‘what if’ demons that such emails will bombard you with. Do we – as the ‘grown ups’ – not need to do something more to respond to this, to limit the impact these bastardos might have on those younger than us? – or do we just sit with the contentment and soak-up the relief of; ‘phew…we know the score!’
Mark Stockley
(Half joking) Move them away from email, it’s badly broken.
Ragnar Danneskjöld (@JoeHoyaSaxa)
Black Mirror episode about this, of course…
James
Hi, this thread has certainly put my mind at ease after receiving one of these emails today. The sender apparently uses facebook pixel to know that I have opened the email and that he used a rep to use a key logger which apparently got my details. I Hope everyone that gets this email see this thread because it certainly helped.
Worried
Hi, I’ve received one of these emails today and it really, really looks like it’s from my own email address. If I click on the email address it comes from it shows recent emails I really have sent to friends and family. Also, it says it’ll send videos to my 19 contacts, and turns out I do have 19 contacts – how does it know? I only ever use an iPhone for internet use so I’m not sure if the type of malware it claims to have used even works on an iPhone? my logical side says it’s a scam but it’s really scary that it looks from all angles like it’s actually come from my account, and that they know how many contacts I have in my address book!
Mark Stockley
Hackers don’t have to have any kind of access to your email account in order to send an email that looks like it’s from you. The bit of an email that says who it’s from is cosmetic and it can say anything the sender wants.
In other words I can send an email from my account to you, and make it look like it comes from you. And so can anybody else on the internet with about 1 minutes training.
See my comment above too:
paul baker
having read the above comments i think its not as simple as some on here claim , so ive had one of these scam emails , fine it could be true that someone can send an email claiming to come from your account , but what they could not do is tell you how many contacts you have and even get close to your password with a random guess?? go on tell me my password? no you cant but the email i got today told me a password i only changed 3months ago , so to think your security has not been got around and these people have not looked at some of your security info is hope rather than fact.
Jason Lee
I found mine funny as it says about the webcam i never have a webcam rigged to my Pc cos i know ppl can hack it and see whats going on in my home so i laughed mine off and posted it on FB to warn others
paul baker
some of the stuff in my email was obviously made up but the fact they DO know a certain amount of my personal info which should of been between me and my email provider is of concern?.
are email providers are always telling us to protect are personal info and then they allow it to fall into the hands of fraudsters :( .
it seems they just dump are personal info anyware rather than disposing of it securely :(
allibabanorth16
My concern is that even though there is no evidence of an email sent from my account to my account, there is information that they should not have had access to, such as the old passwords. Can someone explain this?
Paul Ducklin
The data usually comes from a data breach, where a service you use (or used to use) gets hacked and some or all of the data about you gets stolen (probably along with 1000s or even 1,000,000s of other people’s personal information).
Stolen data is often sold on from crook to crook, or even released for free to anyone who wants it. That’s how the crooks “know” information such as your full name, your phone number and your password…
Jane Smith
I keep getting these as my details were obtained in the linkedin hack and another huge hack I think in January. So far they all have old passwords.
They are quite convicing – I got one today apparntly from my email address but they all say I have been watching porn (not true – I am an (oldish) female) and that they spied on me on my webcam. I don’t have a webcam on my computer so I know that part is not true.
I have been saving all scam emails from a month printed out and it is a huge huge pile – so many every single day.of many different kinds. I feel as though I must be on some kind of hit list.
Paul Ducklin
You probably are on a “hit list” – the problem is, not least because of the huge number of email addresses that are floating aroudn because of data breaches, that the “hit list” covers hundreds of millions of people.
Like you, I get a steady stream of these, mostly from a scammer who obviously has a faulty or corrupt database because the “password” they say is mine is actually part of someone else’s email address. The amusing thing is that I’ve never paid a cent and yet they haven’t released any of the “pictures” yet, despite promising to do so. Obviously, therefore, their word is not to be believed, yet I am expected to accept that if I do pay, they really will delete the “pictures” and never come back for more money later on.
Joan Sinclair
I’ve received 6 of these in 2 days. Normally I would just ‘block sender’, but assume this isn’t possible since own e-mail has been spoofed? Is there nothing I can do except manually junking them?
Paul Ducklin
Often your mail security provider – your ISP? Gmail? whoeveritis?- will block these because they were sent from a known-bad computer, but blocking the sender by the name in the email isn’t an option id the crooks put your name in there ;-)
Joan Sinclair
:Thanks – I have Outlook so have set a couple of Rules to automatically junk emails with certain keywords in the body of the message, e.g.BitCoin and porno. My experience of the Rules function is that it is not foolproof, but it generally catches most of the offending e-mails. Not holding my breath for my ISP (1&1, now Ionios) to do anything, but I will contact them also.
Ragnar Danneskjöld (@JoeHoyaSaxa)
I chose block sender. Than sent an email to myself – and it received it in inbox rather than junk.
Irene
Hello
Just received this kind of email at work. Work. Not going to lie it scared the crap out of me. After calming down, googled porn email scam and hey presto. I used the password mentioned for work and changed it when it became mandatory at work. I remember an email saying my work password, for the email scam, had been compromised but I had already changed it by then to a new password.
I do watch those sites however I am not going to pay.
batski
We’ve seen plenty of stories about hijacked baby monitor webcams, too, and we’ve seen one couple who didn’t realize that they’d been joined by a peeping Tom who spied on them via their webcam as they snuggled together to watch Netflix.
batski
just received one of these with my throwaway password. well oops I always keep my webcam covered with a piece of cloth loool
unclejohn12015unjohn
Just received this today but I dont even have a camera on my PC so I have no worrys
Not Falling For It
I got one of these today. They supposedly sent the e-mail (nothing in sent folder) from one of my unique addresses I give out to businesses so I know who is selling/not careful with my info. Those e-mails can come to me, but I cannot send from them let alone login to my e-mail with them. Nice try, but major fail on their part
Anonymous
Hi I have also received the email below, this started up dec. 2018. this is what they say,
Hi!
As you may have noticed, I sent you an email from your account.
This means that I have full access to your account.
I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence.
Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this,
transfer the amount of $734 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).
My bitcoin address (BTC Wallet) is:
[redacted]
After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.
Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.
If I find that you have shared this message with someone else, the video will be immediately distributed.
Best regards!
Anonymous
That’s what I got!
Jennifer Medina
I got this same EXACT one today!!
Anonymous
Here’s mine!
Hi, your account was infected! Renew your pswd immediately!
You probably do not know me me and you really are most likely surprised why you’re reading this particular electronic message, is it right?
I’mhacker who exploitedyour email boxand OStwo months ago.
Do not waste your time and try to talk to me or seek for me, in fact it’s impossible, because I sent you a letter using YOUR account that I’ve hacked.
I developed malware to the adult vids (porno) website and guess you have spent time on this website to have some fun (you realize what I want to say).
Whilst you have been keeping an eye on video clips, your internet browser started out operating like a RDP (Remote Control) with a keylogger that granted me the ability to access your desktop and camera.
Consequently, my softgotall info.
You put passcodes on the sites you visited, and I caught them.
Without a doubt, you could possibly change them, or have already modified them.
Even so it does not matter, my spyware updates needed data every time.
What did I do?
I made a reserve copy of your system. Of each file and personal contacts.
I got a dual-screen video recording. The 1st screen presents the video you had been observing (you have a good preferences, ha-ha…), and the 2nd part displays the recording from your own camera.
What actually must you do?
Good, I believe, 1000 USD will be a reasonable price for our small secret. You’ll do the deposit by bitcoins (if you don’t know this, try to find “how to purchase bitcoin” in any search engine).
My bitcoin wallet address:
Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (redacted)
(It is cAsE sensitive, so copy and paste it).
Warning:
You will have 48 hours to send the payment. (I have an exclusive pixel to this e-mail, and at this point I understand that you’ve read through this email).
To monitorthe reading of a letterand the actionsinside it, I usea Facebook pixel. Thanks to them. (Everything thatis appliedfor the authorities can helpus.)
In the event I fail to get bitcoins, I’ll undoubtedly transfer your video to each of your contacts, including relatives, colleagues, and so forth?
Claire
Hi. Very useful article. I knew it was nonsense as I don’t watch porn & I have no webcam! Lol. But I wanted to know if there’s anyone I can report this to? And also how to block these irritating threats?
Thanks
Joan
Apparently you can try your ISP – I just set up a couple of ‘rules’ in Outlook to automatically delete emails with keywords like ‘bitcoin’ and ‘porno’. Just to mention that my emails of this type have tailed off – in favour of a big increase in my overdue compensation funds from Nigeria / Benin, but that’s a different story…
Johann
What wonders me the most is how they do that using your email without using your account. Can someone explain that to me? thx
Mark Stockley
See my answer here:
https://nakedsecurity.sophos.com/2018/10/15/beware-sextortionists-spoofing-your-own-email-address/#comment-5463939
Suzanne
i got one of these and the instant give-away was that it said it hacked in through facebook, which has a personal email address, but sent the email to and from my work email address.
Johann
Question is if it would be be wise to go after them. The header of those mail points to japan.
Prya
I’ve gotten 4 emails now, 2 to my personal account, 2 to my work account. I have read tons of web sites like this one saying I shouldn’t be afraid but I am. Because I do go to porn sites like 4 times a year… I don’t know what to believe? :(
Joan
Thousands of people, maybe hundreds of thousands of people, have received these emails – have you read a single report anywhere which says that the blackmail threat has been carried out? Of course not. I have never logged on to a porn website in my life, and I have had at least 30 of these emails over the past 3 months – they are irritating, but otherwise harmless – no different from the various African princes and the like wanting to send you millions of pounds in return for your bank account details and a copy of your password. I assume you have never been stupid enough to respond to these, so this latest variation is a con attempt pure and simple and if you pay up – more fool you. These hackers DO NOT HAVE THE ABILITY THAT THEY CLAIM TO SPY ON YOU VIA WEBCAM.
Jennifer
I have just received this threat but it is also in my ‘sent’ emails. What should I do? It is telling me to change my password which worries me as though said person is watching and waiting for that? I have not been guilty of the behavior the extortionist hoped to exploit so on that hand I am not worried but I am worried about all of my work contacts etc and passwords. Email is to my work address. Can anyone recommend the action that I should take here? Thanks!
Paul Ducklin
I think you can relax. If the person really had stolen all your data and wanted to blackmail you – surely they would choose something they knew you *had* done rather than something they know you haven’t :-)
If you are worried that you might have malware on your computer that is letting crooks trigger actions remotely, you might want to check it out it with a “second opinion” virus scanner just in case.
We have various tools that can help you do this for free (you don’t need to remove your existing anti-virus first) at:
http://sophos.com/freetools
Jennifer
Thank you :) I knew it was bogus on one hand but it did concern me after reading this thread that the email was also in my SENT. I just changed my passwords and deleted it and will look into your suggestion to check out the virus scanner. Thank you so so much!
Paul Ducklin
Glad you found it useful.
Not worried
Obviously emails like this could seriously worry a certain proportion of recipients who feel they have been sprung and might pay up without stopping to think, but seriously – if somebody had really obtained what they say they have, they would need to back that claim by sending you a copy. And they don’t so straight into the trash it goes.
Anonymous
Well this scam does bother me… with the “Microsoft Department” that calls me from time to time I can waste their time. But with this type of scam I can not!! What a shame!!!
almost worried
Got one of these today and almost worried about it, but remembered hearing a discussion of this on a podcast (maybe the Sophos podcast). Then remembered – I’m on a Mac mini with no camera or microphone, the email address they used can’t send mail (it’s just a forwarding address to my actual mail account). Still slightly worried, because the extortion was in the form of a jpg attachment, so will run a scan of my system (Sophos Home) to make sure the attachment didn’t have a nasty payload. Didn’t actually click on the attachment, Mac mail displayed the contents when I opened the email. Used an IOS device to open the attachment. My password manager also can display compromised logins and vulnerable passwords and I check it every time I see a new article about a breach.
DannyB
Appeared today in a german version (pretty much a literal translation of the wording of one version of this scam), demanding 1000 € in bitcoin. targeted email was available more or less publicly (corporate contact), no password stated.
Billy Wallace
I’m in the USA and I got one of those hacker emails today. It had me nervous. But I started to think, “wait I have even gone to any porn sites in quite a while.” I was nervous cause 10 years ago my Skype account was hacked, and the idiot made a mess of my personal life for like a month. Contacting people in my Skype contacts… I still don’t know how that happened, but it’s the worse feeling. To say the least, I was walking on eggshells!
jack
I received this message this morning, The only thing that concerns me here is there is a record of it in my sent box though it is from an email address I rarely use. Earlier I read that if it shows in your sent box then its time to be concerned. Is this so? Mine is in the form of an embedded mail therefore I am unable to copy and paste the bitcoin address as they have advised in the mail… Oh and I keep the camera covered at all times
Anonymous
This happened to me too. I changed my password and haven’t had an issue and I received this over a week ago. It was also in my sent which was concerning but I haven’t had a problem since updating my password.
Anonymous
Thank you for reply.
David K
I’ve received 2 such blackmail emails from “myself” making similar claims to have captured video of me watching porn. In fact one just arrived this morning. I ignored the first one just like I’ll ignore this one because I know it can’t be true. How do I know that? Well it can’t be true because when I setup my computer one of the first things I do is put a piece of tape over the webcam. So even if my system should get hacked (which I’m positive did not happen) they wouldn’t be anything to record to use for blackmail.
Is there anyone where such blackmail email attempts should be forwarded? Does the FBI take these to investigate? I would think that the viewing the expanded headers on such emails might reveal traceable info to find the bastards?
Paul Ducklin
The official cybercrime reporting site in the USA is the Internet Crime Complaint Center (ICCC, or IC3 for short), which has the super-easily remembered web address:
https COLON SLASH SLASH ic3 DOT gov
David K
Paul . . Thank you for the link. I have reported it. I don’t know that it will do any good but it sure can’t hurt. It is a crime to even threaten someone with blackmail even if no money (bitcoin) exchanged hands and I suggest that everyone that gets one of these sextortionist emails report it to the Cyber Crimes Authorities in your respective countries . . . David K
Rob
I got one of these, just laughed. Reckon you’ve hacked my webcam do you? I haven’t got one! xD
Make up all the scary stories and idle threats you like, sunshine. You won’t get a penny out of me =)
Anonymous
It leaves me to wonder how these hackers actually come across your email address, or why they choose you.
Paul Ducklin
The email addresses typically come from data breaches, where a huge number of email addresses and other personal data get stolen in bulk from some online provider.
As to “how do they choose you” – they “choose” everyone they can, spamming out 1,000,000s of these emails at a time.
lief
I’d go further. It is pretty clear that some/most of the recent upsurge is due to these extortionists simply using spam lists. I get ‘normal’ spam to addresses on which I also get scam and extortion demands, and on address that have never been associated with a log in to any site, not even an email address. This is why most have no password identified, and no breach of any account has actually occurred. My guess is that ‘amateur’ spammers are diversifying.
carolina
Today I received the second email of that sort. Yet today was from my email address and I can see it in my ‘sent’ folder. what is weird is time – it is sent later then the next one which has been sent earlier (maybe it shows the local time where it was sent from).
It looks like they hacked my account.
Anonymous
I received one today showing my work email account. It doesn’t show in my sent file and it went to my Junk folder instead of my inbox which it always goes it when I do send one to myself. Mine didn’t say anything about a webcam or microphone which I don’t have either on this computer but it said something about a porn website and my passwords. I wasn’t worried since I haven’t been on porn sites. Too bad people actually fall for this scam.
Will
Thx. Gr8 stories. What some scammers want you to do is change Ur pw. This what they capture, trading in an old bogus one for a fresh new one U’v just made up. These requests are not for things they say they want. The demands are designed to make U do something to avoid them, that’s what they expect U 2do.
lief
The suggestion to change your password without demonstrating that they do have it is to convince you that they have something when they don’t. It is purely psycololgy.
Of course, if they actually state your password and you still use it, then you do need to update it quickly.
9/10 I have received include no password and the 1/10 that did identified a password taken in a known leak, but that I haven’t used for more than 10 years.
Rock Madison
I’ve received several of them and I agree they could frighten someone. Reason they didn’t frighten me (aside from the fact that the activity they’re threatening to “expose” is just not my thing) is that my personal laptop has NO camera– it’s a refurbed business Dell, and I carry a plug in cam if I need to videoconference (which stays in my briefcase). My work laptop does have a camera–which has a plastic security shield snapped in place. So unless Cambodian Doorknob (or whomever is trying to con me) is somehow enabled X-ray vision as well, this just isn’t going to happen.
Anonymous
I work at a hosting company and we get this complaint all the time. It’s a very simple fix as you just change the ?all in your domain’s zone files TXT record to -all (located at the end of the string of text) and boom no more spoofing emails.
Paul Ducklin
To explain, this means setting your company’s SPF record (sender policy framework) so that it specifies a fixed list of servers from which your company will send email. If ever anyone receives a mail saying it’s from you but it comes from a server not on your list, you are supposed to throw it away.
But it’s amazing how many companies refuse to set their SPF records into this so-called “hard fail” mode. Organisations are so used to letting third parties – marketing companies, for example – send email on their behalf from time to time that they simply can’t come up with a list of authorised senders, so they use the SPF setting “~all” instead. This means “soft fail”, which is kind of useless because it gves you no idea whether emails from unexpected servers are supposed to be allowed or blocked.
Anonymous
I received one of these emails today, from myself apparently, and when I looked in my spam/junk folder I discovered lots of emails from myself saying “view her personal photos”. I am too scared to open any of these but at the same time worried that it may be true and that my personal photos have been accessed by someone, and will be shared. Also that a video was made of me and will be shared. Is that possible?
Paul Ducklin
Don’t open them (they are in your junk folder for a reason!). Just delete them. If you watch the video above it ought to set your mind at rest.
nancy
how real do these get… i got an email on the 21st saying my account had been hacked and then got a bunch of maildemon emails failure to send emails – and today my email and amazon account had locked me out cause someone changed my email address
Anonymous
What made me laugh is that I think they’d find it hard to find someone that doesn’t know I watch porn……. Me and the rest of the world that is. Who cares??
Paul Ducklin
A lot of people probably care quite a lot. Remember that the crooks are saying they’ll tell your friends and family – so if they’re not hurt or angry they’re probably going to mock and embarras you about it for nearly ever. There are loads of things “everyone” does that they expect to keep private. That’s fair enough…
Damon Ogden
It’d be a little more credible of a post if it wasn’t anonymous.
Damon Ogden
Don’t you think if they had a video of you they’d attach it to the blackmail email? The odds they get both a video and hack your password are so low it’s time to relax.
Paul Ducklin
The whole idea of the hoax is that the crooks got hold of your password and the video in the same way – using malware they implanted on your computer.
Anonymous
i just revieved this email and the first thing i did, was that i changed my email .. just wanted to ask that did i make a mistake changing it ?
Paul Ducklin
If you received an email that is basically identical to this one then you can assume the crooks have nothing on you. (Of course, if the original email were true, changing your email wouldn’t stop the crooks releasing the video anyway.)
So, my opinion is that changing your email was unnecessary, but your new address should get less spam so you might not get any more of these annoying sextortion emails for a while.
Bill
One small thing you can do to set your mind at ease is to look at the full-headers of the email. These give the full path the email has followed and the real originating email address (which may well be genuine but has usually been hacked). Turning on full headers is easy but depends on what email client you are using. It is usually straight forward (Google “turning on full headers – the 1st one that comes up is for Outlook). After turning on full headers, amongst all the pathing, you’ll see the real sender as well as the fake “sender” i.e. the phantom you!
Its probably best then to turn off full headers after that as they take up a lot of space and clutter up your email.
IMHO it is a pity that law enforcement agencies don’t pursue this a little more vigorously, but to be fair it is difficult to find the perpetrator.
Mark Benfield
What’s interesting is that these scams seem to work. I monitored the balance in the bitcoin address of one scammer who sent me a message. He was asking for $750 and 8 people deposited approximately that amount of btc in his wallet over the period of about 5 days before he withdrew it. PT Barnum was right!
Paul Ducklin
We found something similar in 2018. We formed the opinion that the crooks weren’t making as much as, say, ransomware scammers – we didn’t find millions getting paid out, but we did find thousands:
https://nakedsecurity.sophos.com/2018/08/15/the-sextortionists-are-back-this-time-with-your-phone-number-as-proof/
I’d like to think that this scam is getting less and less successful as people learn [a] that the crooks almost certainly have nothing and [b] why pay anyway – for all you know the “video” could have been published, stolen or sold on already, and anyway how would you ever know the crooks deleted it?
Joan
I had managed to get these automatically diverted to my junk mail using Outlook rules, i.e. by searching for some of the key words in the message and deleting it automatically if they appear. Annoyingly, I am now receiving the emails where the body of the ‘blackmail’ message is now a PDF cut and paste.Obviously, the rules function doesn’t work on PDF content. At least the frequency has fallen away over the last couple of months – and none of my friends and family have been in touch to mention the video that they should all have received by now…
N Ttalks Mabhena
It appears these crooks keep on sending these emails even if you ignore them. They can be quite an irritant. . can someone advise on a simple way of blocking these.
Oznog
Yes of course. We all know that ! But we need solution to stop that.
Mike
If you read the email carefully you will find a number of logical errors. The most blatant is that it is not possible to see what the user is viewing with his computer’s own webcam. Though I suppose it might be reflected in his glasses – if they are not too steamed up!
Paul Ducklin
Many of these emails claim that they have a side-by-side video consisting of live screenshots from your graphics card plus a live feed from your webcam. Given that malware exists that can do either or both of these things – remotely capture a screen grab and remotely capture your webcam – then this part of the story is technically possible.
lief
Even if technically possible, it is hardly proof that the two were captured simultaneously.
It is also possible to stick two videos together and imply it was what was being viewed.
As said previously, if it was true, you’d expect a still to be included with the message, if it isn’t, almost certainly it is because it doesn’t exist.
RadioStormRyan
I received two of these joyful emails about two or three months apart. I shared it with a computer guru friend who confirmed my suspicion that it was a scam. The most recent email I guess was supposed to be a follow up message and the grammar was atrocious. I will be the first to admit that I have made more than my fair share of typos, but this was beyond that.
Dr. C
Please can anyone clarify me? I already red here that one person can write anything in the “from:” field but I have made an experiment: When you create a new message in Windows Live Mail it doesn’t show a “from” field because you have already configured it with your actual email address and server ; In my Hotmail.com web-mail I tried to send myself an email but wrote an invented email address as the sender but when I hit the sent button, it displayed a warning message saying I had no permission to use that sender address… So, How can one send me an email writing my own email in the sender (from) field? In which circumstances is that possible?
Paul Ducklin
If you use an email sending program (an ’email client’) you created yourself, you are in control of every byte of the email exchange with the server, so you can send emails with any sort of weirdness that you like. Whether the server at the other end will accept them or not is another matter, but you can send whatever you want.
For example, you could date your message 10 years ago or 10 years ahead, whereas a regular email app or webmail service would probably stop you doing that because it’s ‘obviously wrong’.
Same thing with the ‘From:’ line. Some mail programs won’t try to stop you cheating; others will. So the crooks use the ones that allow them to cheat…
Dr. C
Thank you, Paul. Got it!
Rudy Basso
I saw this exact mail in my spam folder 2 weeks after receiving it so knew it was false. Also I do not have a camera of mike hooked up to my desktop. But like others here I occasionally dabble in the eye candy so it briefly scared me.
Anonymous
Just got a similar email to this. However, it was using an old school email account (where all emails get forwarded to my current one) which I cannot access to check whether the email is in the sent box. Luckily, as i write this I remembered the system puts a warning on the email when it is sent from someone outside the school system, which can be found with the email. I was worried for a second as the email was quite well written with some dark humour.
As some people have said, this could be effective against some of the more savvy people on the internet (younger) because it strikes that emotion of fear, similar to what politicians do with the old ;).
I really should get a good VPN though.
Paul Ducklin
A VPN won’t stop people sending you email, though.
Anonymous
I’ve had a series of email from “your worst nightmare” with subject showing a very old password. Latest one said ” you better pay me – old password”. Very persistent, all coming in to my spam folder. I don’t open them, I just empty folder. Any one else get this?
Anonymous
I received one very similar email 2 days ago with an old password i used to use. It didnt say to what the password was for, nor did it give any proof of any videos of me “black mirror” style. I have my webcam covered with tape but still freaked me out a bit, thinking they could have hacked my phone somehow. This person didnt send from “my” email however, but used this email incase any of you stumble on to it: john77@2424.com
I am no computer wiz kid so dont know how to react to these emails. Have changed my passwords and done full system scan of my computer. Do people have any advice as to be protected?
Below is the exact email:
I know your password is:
I infected you with a malware (RAT) / (Remote Administration Tool), some time ago and since then, I have been observing your actions.
The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphone and you won’t even notice about it, yes such things exist, you can google it!
I have also access to all your contacts, I collected everything private from you, pictures, videos, everything!
And I MADE A VIDEO SHOWING BOTH YOU (through your webcam) AND THE VIDEO YOU WERE WATCHING (on the screen) WHILE STATISFYING YOURSELF!
I can send this video to all your contacts (email, social network) and publish all your private stuff everywhere!
You can prevent me from doing this!
To stop me, transfer exactly: 800$ with the current bitcoin (BTC) price to my bitcoin address.
If you don’t know how to get bitcoin, Google – “How to buy Bitcoin”, it’s very simple for example with credit card.
The wallet you can create here: www.login.blockchain.com/en/#/signup/
My bitcoin adress is: 1HB3KtKoguFuZ4BdmCv9Fc4tYTwDQgmqmW
Copy and paste my adress – it’s (cAsE-sensitive).
You know this all isn’t a joke, you got the proof above!
I think it’s a very good price compared to the damage and hell it can bring into your life!
After receiving the payment, I will delete everything from you and you can life your live in peace like before.
I give you 3 days to get the bitcoins!
Don’t share this email with anyone, this should stay our little secret!
MsgID:
2225500531
Paul Ducklin
Take a look at the first video (the 30 second one)…
…it should set your mind at rest.
If not, watch the second, longer one.
Anonymous
It has. Thank you
Mark Benfield
So that little scumbag has received over 0.5 BTC!
RadioStormRyan
The first message I received contained what appeared to be an older password. But I couldn’t say what service it might have been connected to. The second message had my own address as if I emailed myself. Since it claimed to have access to my account I decided to check my sent email just for the heck of it and sure enough this message wasn’t there.. What a surprise. I kind of wish it was the password to my old MySpace account or even Classmates.
Paul Ducklin
I went through about a month of getting these scams all the time with an unusual-looking three-letter password. The three letters could have been random but they did match part of a domain name in an email address I used for a while. I can only imagine that this data was scraped from a stolen logfile from some ancient server and the combination of my current email address and this weird string are floating around the underweb in a data dump that claims to be passwords but is mostly just a mess of unknown digital stuff.
JustAGuy
I’ve received 2 of these similar emails in the last 3 days. The only difference is that the ones I received didn’t contain any of my passwords or email accounts. Initially I was freaked out. I changed my password to the email after the first one and installed an antivirus software. The second one still came. It wasn’t in the email text box either, it was sent as a pdf within the email both times. Still no actual evidence.
It’s on my school email account which I access through gmail. And, when I received the email it said it was from myself but via some other website. It also appeared in my sent folder but I heard of other gmail users reporting the same issue.
I think I should be all clear, but I’m just worried about receiving another very similar email after I changed passwords.
SuitablyHumiliated
I received one yesterday and had a severe panic attack lol… yes I watch porn. No I don’t want all my church group knowing or seeing me doing it! It was from my Hotmail address, but it wasn’t in my sent email folder. It didn’t have any current or old passwords mentioned. It just talked about being shocked at my fantasies haha. I do have some freaky tastes ;) so that was pretty scary. For a solid hour I thought I would vomit. Then I copy/pasted part of the email into google and got a tonne of info about the exact same extortion email.
Anyway… I don’t watch anything on my computer, but I do on my phone, so since they didn’t specifically mention a computer, just a ‘device’ I thought they hacked my iphone. I’ve since read that it’s even less likely that someone could hack your phone camera/video. Not sure if that is true? Anyway, I’m glad I read this thread and haven’t seen even one person say that the extortion was actually true and happened to them. I’m sure I’ll still feel a bit uneasy until the 48hr deadline has passed…. These people are awful!
Rock Madison
I get these every few weeks and have tried a different approach. When they’re stupid enough to leave an email trail (check header information if it’s an HTML email program) I send a response back a week or so later with the following creative lies:
“Got one of your hacker extortion emails. You picked the wrong person. I am a porn industry executive, so even if you did what you claimed I would not care and neither would any of my contacts. But I know you’re lying for four reasons: my webcam is always blocked, there’s nothing in my “sent” folder, you sent no proof because you don’t have any, and your deadline expired days ago and nothing happened.
Now here’s the real problem: amateurs like you are scaring away our paying porn customers! Who do you think is behind our industry? That’s right, and our investors are coming to get you. So here’s what you must do…”
That’s followed by a fake string of Bitcoin in case they fall for it, telling them to pay up protection money so the Russian mob or something similar doesn’t come after them. I never get a response and maybe they aren’t seeing anything, but figure why not have some fun with them?
Paul Ducklin
I strongly urge you not to do this. By demanding money with menaces in return you are simply lowering yourself to the level of a cybercrook – what you are doing is a bit like trying to teach someone a lesson after they’ve put you in danger by cutting you up on the road… by overtaking them and cutting them up on purpose to show them what danger feels like.
As my Mum used to say, “If you lie down with dogs, you get up with fleas.”
Don’t try. Don’t buy. Don’t reply.
Rock Madison
Good point. There’s no intention of any money, just giving them a hard time and (maybe) encouraging them to find a better line of work. And, to your point, giving them a slight taste of their own medicine in an unexpected way. I think you’re right though and next time will just send to the junk folder for disposal.
JJ
I received this email today and it certainly got my attention because the email appeared to be sent from me:
Hi, stranger!
I hacked your device, because I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.
You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy
(you know what I mean).
While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.
Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.
What I’ve done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes … but strange for me and other normal people),
and the second part shows the recording of your webcam.
What should you do?
Well, I think $550 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don’t know, look for “how to buy bitcoins” on Google).
BTC Address: 1K75LGyfBewpanhYRzViP4cL4uK96zCQee
(This is CASE sensitive, please copy and paste it)
Remarks:
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).
If I don’t get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.
If you want to get proof, answer “Yes!” and resend this letter to youself.
And I will definitely send your video to your any 19 contacts.
This is a non-negotiable offer, so please do not waste my personal and other people’s time by replying to this email.
Bye!
Tony Abueil
People, people, people. ANY time you get an email or text or phone call from out-of-the-blue demanding money from you, particularly some non-traceable or cash money transfer (e.g., bitcoin) and/or with some stated threat or urgency, it should stink to high heaven. Extortion threats, bad syntax or spelling, or scary claims to be from law enforcement or some govt agency should only serve to further raise the BS factor. NEVER take such correspondence at face value. NEVER. If you can’t dismiss it and it’s applicable to do so, then look up the phone number yourself (DON’T use the number in the email, text or supplied during the phone call) and then dial it yourself to see if there’s any truth to it. (If it’s an extortion thing, as discussed here, you just have to exercise some common sense. People who fall for these scams are more than not the victims of self-inflicted wounds. That said, DO secure your PC via all the appropriate means, KEEP it secured, practice reasonably safe browsing with security software installed including credible real-time protection, and you’ll be that much less tempted to fall for this stuff. (People running pirated copies of Windows can’t be quite so self-confident I guess…)
Steven
I wish they would make it easy for me and block email that claim to be from me its like getting a phone call and look at caller id and it shows my phone number therefore proof its impossible.
Fly
What if the email included a photo of myself that came from my photo’s? How would they get into my pics??? I am on a Mac and photo’s are on iCloud.
Paul Ducklin
Maybe you shared the photo at some point and it was leaked or downloaded from there…
I’ve never heard of a sextortion email that included data about the recipient that hadn’t already been leaked, stolen or published somewhere else – never heard of a scam of this sort that really started with data recorded directly on the victim’s device.
But even if they did steal the photo from your iCloud account, that isn’t the same as having implanted malware on your Mac that’s been spying on everything you did…
…and even if they had, why would you pay them when they obviously already have the data and you’ll never know if they’ve deleted it…
…and what would make you trust them to delete it anyway given the way they’ve behaved so far?
The most likely explanation is that whatever they have now is already out there, and even if you pay them and they genuinely delete *their* copy, anyone else who tries hard enough will still be able to find it anyway, so you are paying for nothing.
If you’re worried about malware, try installing Sophos Home (it’s free) and doing a full scan of all your files…
Kim
Thank you for this. I get these emails quite often to my small business email and usually just delate them….seeing as I am a female so not at risk of being caught wanking to teenage girls as many of them claim I have! This one had me spooked though coming from my address. I can now stop worrying and go ahead and delete as usual…
imsoconfused
So I got one like this, but its sent from my email address and its also in my drafts but only one of them and also I had recently been having some popups so i dont know if its real and I’m really freaking out please help
Paul Ducklin
The sender can put any address they like in the From: line, so an email apparently from yourself is trivial to fake.
Anonymous
Yes it is like a letter from the post you can put whatever from: on the back. Unfortunately when they designed the mail server they kept this freaky thing and is now misused by others… never reply just delete immediately, open nothing included. I will disappear automatically and nothing happens.
And just in case you don’t trust it… change your password to something more clever
cheers
Tezza
Me and my solicitor have just been scammed. I had to sign an Authority to deposit the money into my account. So she sent the blank form via my gmail which I downloaded then printed, then signed, scanned and emailed back to her the day before settlement. I was looking at the balance of my account the next day – and nothing so I rang my solicitor to find that she received 2 emails asking if she received the forms and a 2nd email with the 2 attachments with my & my sons’ banking details. It took 2 minutes into the conversation to learn that the information on the form was not mine. What happened is they hacked my gmail email downloaded the form, changed the banking details to their […] account and the solicitor thinking it was mine transferred the funds from the sale of the property into this bogus fraudulent account. I have no money and no course for redress as the bank will take no responsibility – even though the names and the BSB and account number did not match.
Zuli
I got a email yesterday from a hacker saying that he have a HRPD that he obtained my password for one of the websites I went through and he intercepted. He want bitcoin money or he will show all my files and everything to everyone.
Anonymous
Don’t react. It is all bluffing. They can sent easily emails with your email-adres.
Just delete! don’t react and if you don’t trust it. Just change the password of your emailbox.
Anonymous
Thanks for your thread, even though I am pretty aware of that kind of things, when I have noticed such a mail in my box I freaked out a bit, because sure it seemed weird… But what if it was the case? And even if I’m not ashamed to admit that I watch porn sometimes, I certainly don’t want my family or my friends to learn about it or for private photos to leak out x’)
It was nice to have it so clearly explained, so I’m not worried anymore!
Stefan Voykov
I also started receiving these kind of emails I also was interested that they can put my email address as a sender, I don’t know exactly how this works and when I answer the email I receive it back in my inbox. May be the email system needs to be updated or something I mean it is old I don’t know. Or email supplier needs to protect you better from this and other phishing emails I guess.
Anonymous
I’ve been getting variants of this email three or four times a month for about two years now, usually in a clusters of three or four at a time and the most interesting part of them is the price of the extortion amount demanded. At first they were asking for thousands of dollars like $10, 000 to $20,000. they then dropped down to a few hundred. I guess they figured the average guy didn’t have much.
Just know they are all scammers but there is little you can do about them. Law enforcement puts them at the bottom of their list on cyber security issues UNLESS you actually get say a still shot of yourself as they describe it. That means they actually got into your system but that is very rare.
Keep an eye out and keep your security upgrades current.
John
I had one of those emails where it claimed to have video of me doing all sorts of things.
I knew immediately that it was fake, without needing to do ANY investigating.
When I’ not doing a Zoom call (which I rarely do anyway) I have a strip of electrical insulating tape covering the web cam!
Anyone ‘seeing’ through that must have an extraordinary camera!
Anon
Yep, just got one, and just in case changed my password on all linked accounts and turned 2FA on some social sites that I didn´t bother with. Also fully scanned my computer and mobile phone(its not like there can´t be some stuff there but uhh who cares).
Its kind of interesting form of an attack though, as even though the attacker has very limited information(just email and old password), he still words in such a way that it actually makes you think, and change passwords and stuff. We should actually think these people for improving our account´s security.
Jess
Oh my god I received an email very much like that in my SPAM folder. I normally don’t read spam but the first sentence got me curious.
It seemed so legit. And yes I do occasionally watch porn but I have never uploaded anything of myself there lol. It didn’t mention any passwords that have been breached.
The email they used is actually one that doesn’t even have an inbox (from my website hosting), but I can send mail to it, and it just gets sent to gmail and I can send from Gmail. Checked sent folder and nothing of course. I was just a tad freaked out (I am normally not bothered by obvious scam emails) but glad I googled this anyway for peace of mind!!
GE
I have received many dozens of these, and finally got curious if I could send an insultingly small amount of bitcoin (like one US cent). Haven’t determined that yet, but I can imagine the scum bag being enraged by it.
I don’t watch porn, and in fact have had a sticker over my laptop’s camera lens since the first day I owned it. So aside from not viewing porn (and thereby logically not wanking to it) I knew it was a scam from the outset. But I would very much like to send every one of them the tiniest amount of bitcoin possible. Since they would receive a notification from their BC Wallet that someone sent money to them, their excitement at receiving it would make the disappointment crash even greater.