Sextortionists are back with some new twists and turns in their odious and confronting scams.
If you haven’t encountered the word before, sextortion is the popular term for cybercrimes that combine sex or sexuality and extortion.
When they arrive by email, sextortion attempts generally involve a blackmail demand along the lines of, “I know you did sexy/naughty/prurient thing X, pay me Y or I will tell Z.”
Most often:
- X is something that the crooks say they have evidence of via screenshots from your browser and your webcam.
- Y is typically about $2,000, payable within a few days.
- Z varies between ‘your closest friends’ and ‘everyone in your contacts’.
The scam version we’re discussing here looks like this:
As you can see, the crooks justify their claim to have both browser screenshots and stolen webcam footage by saying they’ve planted remote control malware on your computer.
That sort of malware does exist, and it’s often referred to by the term RAT, short for Remote Access Trojan.
However, in this case, the crooks don’t have a RAT on your computer – the story about remote control malware is just that: a story to scare you into paying up.
The crooks also claim to have infected your computer with malware by implanting it on the website you supposedly visited.
Again, what they describe is theoretically possible but it’s not what actually happened in this case – it’s just more made-up scare tactics.
The ‘proof’
The last piece of ‘evidence’ the crooks give in this attack is to ‘prove’ that they do have access to your computer by including a password of yours.
Often, the password you’ll see really is (or was) one of yours, but it’s usually very old and you almost certainly changed it years ago.
As many Naked Security readers have pointed out before, the only solid way for the crooks to prove that they had the sneaky evidence they claimed would be to share a clip of the alleged video with you…
…but they never do that, for the very simple reason that they don’t have anything.
That long-breached, widely-known, already-changed (you did change it, right?), no-longer-important password is all they have; the rest is just bluff.
How it works
This particular example has a few novelties:
- The subject line is your old password. Presumably, the crooks want to grab your attention, as well as giving anti-spam filters nothing predictable to look for in the subject.
- The entire body of the email is actually sent across as an inline JPEG image with the text inside it. Presumably, the crooks hope to avoid getting spotted by an anti-spam filter that relies on analysing the textual content of the message.
- The Bitcoin address to which you’re supposed to send the money is a QR code, not the usual text string you’d expect. Presumably, the crooks figure that because you can’t copy-and-paste text from an image, they need to provide it as an image you can scan with your phone.
- Many of the English letters have been replaced with not-quite-right equivalents using accents and other modifiers. We can’t actually think of a good reason for the crooks to do this given that the characters are then converted to an image anyway. Perhaps they thought it looked freakily mysterious and therefore more likely to scare you, or they were trying to make life harder for any optical character recognition software that might be used along the way.
- The crooks say they will send you ‘real proof’ in the form of the actual video, but only by sending it to 11 of your closest friends. Clearly this is an absurd offer given that they’re simultaneously demanding that you to pay up to stop the video reaching anyone.
What to do?
Here’s our advice:
- Delete and move on. This sort of email is scary and confronting. Sadly, however, you can’t control what other people try to send to you. You can only control what you receive (for example by using a spam filter), and how you react to the things that actually reach you.
- Don’t send any money. The Bitcoin (BTC) address in this email has received five incoming payments, but none of them seem to correspond to the amount demanded, given recent BTC exchange rates. Keep it that way!
- Don’t reply. It’s tempting to test the crooks out, either to see what they’ve got out of fear, or to see how they react if provoked out of amusement. But you already know these guys are crooks, and you know they’re bluffing, so don’t play back into their hands by engaging any further.
- Change your exposed password. You probably already have, given that the crooks are using an ancient password that was breached long ago. But if you haven’t, or if you’ve changed it only superficially (e.g.
jimmytojimmy99), revise your attitude to passwords right now. Consider a password manager if you haven’t already. - Never follow instructions in an email just because the message is insistent or because you’re frightened. If you aren’t sure about a link, a demand or an attachment, ask someone you trust for advice. And ask them face-to-face if you can, rather than just reaching out to someone you think you know online.
LEARN MORE ABOUT SEXTORTION
A video from our What to do When… series on the Naked Security YouTube channel.
(Watch directly on YouTube if the video won’t play here.)
Bryan
I was about to pay the ransom, but then I noticed they had a “videotape” of me.
:,)
[Has mad skillz to hack the Internet Explorer on my Linux computer]
[Records evidence of me “punching the clown” on VHS.]
#ScammerFail
It’s a nice new twist, attempting to avoid OCR by using a heavily-accented character set.
Cecilia
These idiots know that watching porn is extremely common. If you never watch porn, you’ll probably just laugh at these people and move on. But they know it’s common enough that if they send this extortion crap to a lot of people, they’ll hit some of them that do watch porn. Some of those will be scared into sending the money.
So, if they send this to 1000 people, and 400 of them view porn, they might scare 300 of them into sending the money. If they ask $2000 out of each of them. That’s 2000 times 300. That equals $600,000. Not a bad haul for a few hours of work.
Just makes sure these people don’t fool you. Don’t be one of the 300 who sends them something.
Paul Ducklin
Even if you don’t watch porn it’s still pretty confronting to be threatened on account of malware alleged to be on your computer…
Bryan
Cecilia,**
Your advice is sound (as is your rationale for arriving at it). I personally laugh at several aspects of these emails, most often how they reference components of Windows, which I seldom use. Duck’s point is undeniable though–even with the porn discrepancy, the thought of malware is unsettling.
** interesting coincidence that my comment a few minutes ago references one of my favorite songwriters…as does your name. Hope you like PS as well.
Anonymous.
I received the same email today. Was a bit worried bc it was one of my password in the past. Reading this post made me feel so much better. Thank you so much guys.
Farid Tahery
Since many spam messages are sent as image, maybe spammers use accented and modified letters to make it more difficult detect in case a spam guard goes as far as using OCR to read the message.
Paul Ducklin
That was my guess… or perhaps they already had that text lying around from an earlier spam campaign, when the wãćkÿ çhàráçtęrš were added to avoid detection by a regular text-scanning spam filter?
Diego
Yes. I received exactly this email. I was scared, but after reading this, not anymore. Thanks.
Barbara Babs Johnson
No cameras, no mics, and no “smart” IoT devices I just laugh at these “threats.”
Billy
I received today a ransonware email re sight visited .freaked out all day then received a call from a friend telling me he had received the same email so don’t think you are alonel
PSA
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1900 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address:
[REDACTED]
(It is cAsE sensitive, so copy and paste it)
Important:
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
Anonymous
you seem worried, its all a load of bollocks, you will be OK
Paul Ducklin
I think that PSA was simply quoting the text of a more recent version of this scam [2020-04-11] to be helpful.
We’ve written this new one up (our sample is very similar but slightly different) here:
https://nakedsecurity.sophos.com/2020/04/10/sextortion-emails-and-porn-scams-are-back-dont-let-them-scare-you/
The scam has remained similar over the years but the actual text varies, as do the BTC addresses, the amounts and the fake “proof” that the crooks have hacked into your computer.
PD
@psa , I received the same e-mail today!
emma
same thing
Will
I got the same email today too. These things have suddenly kicked up – just ignore them all.
The Grump
PSA and PD – Got the same one today also…… should thank this person reminded me about updating my O/S VPN and other things…. Funny thing – used th password years ago on LinkedIn so I’m guessing that was the breach where the password was obtained.
SB
I got this today and responded saying shame.
Alistair
Often get these emails, saying that they’ve turned on my webcam and got images of me doing obscene things. That’s a neat trick considering I don’t have a webcam. Just ignore them, or if you’re quick enough return the email saying you belong to an international group of scam-baiting vigilantes who track down these vile scammers and {fill in this space with whatever you want].. . . .
Silly Sam
Here are the responses I would love to send. However, I have been advised not to respond to any of them. I have received 2 so far. Here is how I view this. I am collecting them and will send them to my local FBI office. I already reported the first one. Perhaps I will get more so I can have a good laugh through these troubling times. Humor is good for the soul.
1. Please Please send everything you have to all my contacts on Facebook, Instagram, and Twitter. Everyone will really enjoy the laugh. Then I would not have to send out Christmas Cards. (PS: I don’t do social media and have no such accounts).
2. I would ask for verification by answering three questions: 1. Am I male or female? 2. Am I white, black, Asian, or Hispanic?
3. What age bracket am I in? If you get them all right I promise not to go to the FBI. Extortion is a felony with a hefty prison sentence.
4. If you don’t get all 3 questions right, just send me $2000 through Western Union and I will not report you to the FBI. By the way, you have 24 hours to comply.
(Of course, my actions are also extortion. Who cares, as I know there will be no reply.)
Anonymous
Thank you so much for explaining… I got this – almost verbatim text – and got worried because — ahem — I may have watched some porn w my husband. I have deleted… appreciate the help!
anonymous
Same email today – and it did remind me to check some really old sites I use for mapping my exercise activities. Does make your heat jump a bit. What I think is funny, if they had that type of access to my computer they would have already tried to empty my 401K, bank and savings account.
Mama S
We got this just today. My blood boiled a moment then I googled it. The password is still in use on some older sites. Good reminder to make sure I update them all today though.
anon-also
My wife and I got one each. Knew what it was immediately but …. how did they get even the old password?
And yes my wife keeps old passwords forever. Why change them?
Paul Ducklin
Well, as to “Why change them?”, I guess you now have the answer. (The crooks almost certainly got the password from an old data breach in which data includig usernames and passwords was stolen from an online service you used back then.)
Nina
Thank you! I received the text today. I changed my password immediately – it is an email address I almost never use. It does make me nervous. Appreciate the advice.
Nick
I received a virtually identical email today. Don’t recognize the password though. Even if they used an old password that’s still pretty disconcerting. I was hit up for $3000 in bit coin. Anyway thanks for your post, I feel better even though I was pretty sure it was a scam.
Anonymous
in last 4 months I get this email once a month.
Andy
wow, thanks guys,
this is the mail that I received, very confused how they mailed my password, but I have been lazy in changing it, maybe that is the best advice (change the password regularly) thank you for the advice
‘m aware, EXXXXXXXX1, is your password.
I require your 100% attention for the up coming Twenty-four hrs, or I may make sure you that you live out of shame for the rest of your life span.
Hello, you don’t know me personally. However I know all the things about you. Your present fb contact list, mobile phone contacts as well as all the online activity in your computer from past 125 days.
Which includes, your self pleasure video, which brings me to the primary motive why I am writing this email to you.
Well the previous time you went to the adult material online sites, my malware ended up being activated inside your pc which ended up recording a eye-catching video of your masturbation act by triggering your webcam.
(you got a exceptionally strange taste btw lmao)
I have the complete recording. If perhaps you feel I am messing around, simply reply proof and I will be forwarding the recording randomly to 10 people you recognize.
It could be your friends, co workers, boss, parents (I’m not sure! My system will randomly choose the contact details).
Will you be capable to look into anyone’s eyes again after it? I doubt it...
However, it doesn’t have to be that way.
I want to make you a 1 time, no negotiable offer.
Get $ 2000 in bitcoin and send them on the below address:
[address redacted]
[case SENSITIVE copy and paste it, and remove * from it]
(If you do not know how, google how to purchase bitcoin. Do not waste my valuable time)
If you send this particular ’donation’ (let’s call it that?). Immediately after that, I will go away and never contact you again. I will get rid of everything I have about you. You may very well keep on living your ordinary day to day lifestyle with absolutely no concerns.
You’ve 24 hours in order to do so. Your time begins as soon you read this e mail. I have got an special program code that will notify me as soon as you read this e mail so don’t try to play smart.
Keet Korin
Never respond. If you don`t respond they will move onto the next potential victim