We’ve seen a recent surge of concern about sextortion emails over the last few days.
A sextortion or porn scam email is where cybercriminals email you out of the blue to claim that they’ve implanted malware on your computer, and have therefore been able to keep tabs on your online activity.
The crooks go on to claim that they’ve taken screenshots of you looking at a porn site – along with video recorded from your webcam.
They say they’ve put the screenshots and the webcam footage side-by-side to create an embarrassing video that they’re going to send to your friends and family…
…unless you pay them blackmail money, usually somewhere from $1,500 to $4,000, paid in bitcoins to a BTC address that the crooks provide in the email.
The latest one doing the rounds looks like this (the actual content varies considerably from scam to scam but the basic idea is the same):
I’m aware, [REDACTED] is your password. You may not know me, and you are most likely wondering why you’re getting this mail, right?
Overview:
I installed a malware on the adult vids (sex sites) site, and there’s more, you visited this site to have fun (you know what I mean). Once you were there on the website, my malware took control of your browser.
It started operating as a keylogger and remote desktop protocol which gave me access to your webcam. Immediately after that my software collected your complete contacts from your Messenger, FB, and email. I created a double-screen video. First part shows the video you were watching (you have a good taste lol…), and the second part displays the recording of your webcam.
Precisely what should you do?
Well, I believe, $1900 is a fair price for your little secret. You will make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
In reality, the video doesn’t exist and the whole thing is a scam to prey on your fears.
Why would you believe the crooks?
As many Naked Security readers have pointed out, if the crooks really wanted to convince you they had such a video, they’d put a still frame or a short clip from it in the sextortion email.
But they don’t have a video so they have to invent some “proof” that they have access to your computer.
In the example above, the crooks have included a password of yours (it may actually have been a password you used, but it probably dates back many years); in other sextortion samples, we’ve seen the crooks including phone numbers instead.
Usually, the crooks get this “evidence” from information that’s already circulating in the cybercriminal underworld as the result of a data breach, so the “proof” they have didn’t come from your computer at all, and doesn’t “prove” anything.
What to do
These emails are scams, and are just a pack of lies to frighten you into sending money.
Our advice is simply to delete the offending emails and move on, but you may have friends or family who have received one of these emails and are afraid of ignoring it.
Even if they never watch porn and don’t have a webcam, they may feel scared and confronted by the claims of malware implanted on their computer.
To help set your mind at rest, we made this video:
Latest Naked Security podcast
LISTEN NOW
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.
Mahhn
Sharing is caring right, so here, I care.
I found if you use their bitcoin addresses as a filter, they never even get to our exchange servers! Eat that lazy hackers!!!!
Scumbag was spamming us nonstop with sextortion at work LOL, nobody has porn at work in a bank.
BC regex rule and Bye bye :)
Teresa Stokes
I got one of these just now, and they had my correct password … sort of … it was one I used eight years ago and changed many times since then! How did they get it, I wonder? I can see how that would worry some people.
Paul Ducklin
We cover the issue of “how did they get your password” in the video… as summarised in the article above:
Usually, the crooks get this âevidenceâ from information thatâs already circulating in the cybercriminal underworld as the result of a data breach, so the âproofâ they have didnât come from your computer at all, and doesnât âproveâ anything.
Typically, breached data is only dumped publicly after the crooks have milked it privately for a while, which explains why the personal data in these emails (addresses, passwords, phone numbers) are often rather old.
Brad
Great article Paul. I just got the same email this morning and it had my correct email and password. Lazy me for not changing regularly. Changed my password and ran a malware scan which was clear.
Mandy
I received two letters in the last two days. With the same information as you describe. But From two different people. I reported to my internet device provider. Freaking scum bags, need to get caught and spend some time in jail for extortion. My husbands told me to respond and cuss them out but I feel that would create more unwanted emails.
Rusty
They usually get email addresses and passwords from data leak dumps found on the Internet. So they did not get into your account at all. There’re leaks all over the Internet…
Jack
Thanks for the heads up. Got one my self this week.They even claimed to have browsing history for the last 143 days even though I haven’t used my laptop in 3 months. Found this and was instantly relieved.
Paul Ducklin
Very weirdly specific length – 143 days?!?
Shelly
Paul….what a great video. I have received two of these. The second one I dumped immediately as I had watched your video. The first one said they have been watching my every move for 171 days. Seemed really too specific. AND I do know they got my âpasswordâ from the app âMy fitness palâ…..so anyone and everyone that has that app….be careful. CAREFUL….I deleted the app as they have been breached a few times. BOTH passwords on the emails were passwords I used for the app. THANKS again Paul…I was telling my friends about the email…many of them said they received same type over the last year. I directed them to your video.
kerr dinally
me too 171 days got one mail a week and one today .
yf
Yes! I got the â143 days Browser history â one today with a correct old password. This article and comments are such a help and relief!!Thank you
Anonymous
I got one today that said 196 days but I donât go on those type of websites
Anonymous
i know the feeling on that one, but when they said they had my contact list on my phone i had to laugh. I just got a phone (card one) and only used it a month, without a contact list.
Albert
Got one of these, too, although I knew I didn’t go into those websites.
A reply to him didn’t even go through.
These should be reported – to the email domain and authorities – as they should go to jail for extortion.
This one came from an address ending in [REDACTED]
Charmaine
I got one earlier today and they had an old password of mine from around the same time.
Charles
I just got one today with a old password I was like I dont use that password anymore but it does worry me tho because I use online banking
Paul Ducklin
Does your banking site support two-factor authentication (2FA)? That’s where you generate a 6-digit code with a phone app (or receive a text message with a code in it, or otherwise generate a one-off code) for every transaction?
If so, I recommend using it because it means that your username and password alone are no longer enough for the crooks. Think of it as 2% harder for you but 98% hsrder for the crooks.
Your Father
Your mom supports two-factor authentication.
Paul Ducklin
Actually, my mother died not so very long ago, so even if she had, which she didn’t, she doesn’t now.
Ayman Henry
In the old days, when internet was new to people.
I used one username with the same password for all sites. đ„Ž
They get DB from one site, and assumed you use the same user/pass from your mail and FB. đ
Me, I’ve got two mails from two peoples, I have not a cam in my PC, and non working cam in my laptop.
Peter
Linkedin probably they had a breach a while back.
Ginny
Yes the showed an old linkedin password on both my emails!
Szilard Kovacs
A website that you used to use, got taken down and the SQl library was sold, including your details. It’s illegal but it happens far too often.
Tracy
I had one of these emails this today, but like an idiot I replied asking who they were. The email address looks real enough outlook.com and the persons name. Must admit a bit freaked out by this. I have since deleted and blocked them. They addressed it dear my email name but the password they put was 15 digits nothing like I use. Please put my mind at rest!!!
Paul Ducklin
To put your mind at rest, I suggest you watch the video…
Someone
I got one yesterday and it said 2000 bitcoin which (i looked up to see how much) just a bit over 15 million, and realized it was a scam. they had a pin that i think i used on my old kindle when i was like 7 (im not that old right now tbh).
Anonymous
Up until today, I have never covered my iPhone camera. Today I covered it, and a few hours later I receive an email with many things you mentioned in the video, plus direct mention of ânext time you cover your cameras, somebody may watch it!â At the end of the extortion email.
Is that just a coincidence? I understand how some things could be, but this specific instance has me worried..
Paul Ducklin
Yes. Itâs a coincidence.
FWIW the scammers say they used your webcam, not your phone, so there isnât really a connection with your phone anyway…
EK
Should I be worried if I receive a text message threat? Everyone in here is talking about emails, but mine came as a text, and I worry the video could be real.
Paul Ducklin
No, the SMS-based version is just a variant of the same scam.
Anonymous
Received an email today (11-April-2020) on my email account with the password I was using 3 yrs ago. Went through this article and realized the format of the message is exactly same as above. Thanks for the article.
Paul Ducklin
As long as you arenât still using that password anywhere! These crooks got that password from a public (or at least easy-to-find) source, so theyâre not the only ones who know it…
SB
got this today and responded saying shame
Bell
I got one today . At first you get worried but with little thinking and analysing you find out that :
1. You didnât watched porn ( at least not last months)
2.The password is probably old one
3.Too much ultimate sentences like â Îf yÎżu αre wοηderÎčηg αbÎżuÏ gÎżÎčηg ÏÎż Ïhe lαw, well, ÏhÎčs mαÎčl cÎ±Î·Î·ÎżÏ be Ïrαced bαcÎș ÏÎż me. Î hαΜe ÏαÎșeη cαre Îżf my sÏeÏs. Παm jusÏ Î·ÎżÏ lοοÎșÎčηg ÏÎż chαrge α fee Îœery much, Î wÎ±Î·Ï ÏÎż be cÎżmÏeηsαÏed. â ….
My advice : always check in google the sender ,then dig a bit about the story line and you will find out you are not alone and thatâs a real scam . Do not open links or files .
âMy scammerâ wrote -âÎÏ’s α ηοηηegÎżÏÎčαble Îżffer, αηd Ïhus dοη’Ï wαsÏe mÎčηe ÏÎčme αηd yÎżurs by reÏlyÎčηg ÏÎż ÏhÎčs mαÎčl. Îf yÎżu ηeed Ïrοοf, reÏly Yes αηd Î defÎčηÎčÏely wÎčll seηd yÎżur ÎœÎčdeÎż recÎżrdÎčηg ÏÎż yÎżur 14 cοηÏαcÏs.â …God knows,who are those 14 contacts of mine ,because I defiantly have more than that .
[comment edited for length]
Idiots , I hope karma gets them !
In these difficult times for all humanity to harass and blackmail people is truly worthy of God’s punishment.
Andrew
I got one of these today with an old password from several years ago. I read the article, watched the video but I have to say i’m still a little on edge about this. I’ve deleted the email, I didn’t respond to it or clink on any links. Intelligently I know its BS and a phishing scam but the very idea of someone doing this has my skin crawling. Thanks for this article and the comments though, looks like these assholes sent out a new wave this weekend or something.
Naveen
I got one of them today , and got disturb for 5-minutes. Because the password is like 7-8 years ago. But then google it and came to this page, and saw some of the language is exactly same. now that asshole can go to hell.
Advice like from video, always keep changing your password and don’t use the same password everywhere, which is what I had been doing but today I am going to change this behavior.
Anonymous
I got this email just this afternoon, and in addition to changing all the passwords, I reported this to the FBI cyber crimes website. It might be overkill, but people who make their money like this are garbage.
Anonymous
I did the same thing, reported it to the FBI’s IC3 site. Here is a link to the complaint form.
https://complaint.ic3.gov/
Juan ed MĂ©xico
I received, this kind of email 3 day ago, with password from linkedin probaly, well the RATS, don’t have rest, in this contongency for covid.
Raffles
There was a LinkedIn breach in 2016
AJ
Oh! I forgot my LinkedIn password a long time ago. Maybe they just helped me recover my account. Finally, a scammer that has done something helpful. LOL I never really used LinkedIn in the first place though. They were worse about unwanted email than spammers for a while.
maria
I also suspect the source of the leak was from the LinkedIn problem from years ago.
Daniel
Boeno, creo que mĂĄs del 80% del trafico en internet es porno asĂ que a casi cualquiera que reciba este correo le viene el saco. y estos atacantes aprovechan eso.
En mi caso es un password real que usaba hace un tiempo.
Saludos desde MĂ©xico tambien
Rusty
Yup, got mine today. I literally was laughing reading the thing and showing my wife. If I didn’t know any better where they weren’t looking for validation of a live email address to spam the heck out of, I wanted to answer something similar to this, “Hello strange person. Congratulations for finding me engaged in these sexual acts and doing me the favor of recording it through my webcam. Yes, by all means, please share the video of my enjoyment and share with all my contacts as I’d like them to also enjoy these sites. You are doing me the favor of posting for everyone to see. I hope you enjoyed the show as well, because I sure did. Hope you find someone real for yourself, so you don’t have to peep people enjoying pornography. Have a nice day! :)” I know it’s a stupid response but seriously, in this day and age, is anyone really impacted by this nonsense? I’d rather worry about when this Coronavirus will end. Don’t really care about wanna be hackers trying to get money out of me. For all I know, they’ll get the virus and it will end there.
Anonymous
hahaha great answer !
Chase
Lmao.. got mine today did the same thing..
Have fun send me a copy so I can share them too.
Yainoris Marino
HAHAHA same here I was about to replay … my family , friends and co workers will understand why I’m always happy tho… please share with them !
Cobain
Yep, got one of these today, old, old password included. The thing is people still fall for this type of thing, I know of someone personally who shelled out ÂŁ2000, then went to the police, the police arenât interested and neither are the banks so beware.
anonymous
Paul, thanks so much for your article and video. I received one such e mail this morning. Really glad to have found your blog! The so called password quoted in the email is an old LinkedIn password which I have changed a long time ago. Anyway, I have my e mail password changed straightaway.
Caro
Got one of these with correct email but weird and wrong password. Opening it did foul up my email so I had to delete and reinstall with new passwords.
Brad Bushong
Please use this form to file all complaints with the FBI:
https://complaint.ic3.gov/default.aspx?#
Thank you!
Paul Ducklin
Just a thought: I recommend starting here:
https://www.ic3.gov
This gives a good overview of what IC3 is (and is not) and explains what sort of complaints you can make,and how.
In case youâre wondering, IC3 is short for ICCC which is short for âInternet Crime Complaint Centerâ. As the OP says, the website is run by the FBI.
Anonymous
Great video. Been freaking out about it. They didnât even have a password in mine but the body of the email was all the same. We have you looking. Side by side video. Pay 500 or else. Looked up bitcoin. There was four reports of spam and one post was identical to mine. Thank you.
Paul Ducklin
Thanks. Glad we could set your mind at rest.
Eric
Had the same thing. My fifty hours were up an hour ago. No signs of anything. Freaked me out for three days even with all the articles. Very invasive but now Iâm signed up to follow. Great article. Clear and concise on what the issue is.
Becca
They only gave me 24 hours, lol. I got mine this morning. The password they used was one I stopped using a little over 3 years ago. And I don’t watch porn. I wasn’t sure if my hubby or son had tapped my laptop so I checked my history and it was clean. That clinched it for me, I had a jerk that was yanking my chain and I only wished there was a way to capture and hang them by their thumbs!
I always check things out, but I worry about the people that panic can pay these people!!
Anonymous
I got to same email and it did freak me for a while and then I thought if they the video they would had sent part of it to to show me they really had. Never got any thing.
Anonymous
I received one today as well without password and they want $500. Thank you for the video.
Anonymous
I got the same yesterday and honestly freaked out little bit, but once I started researching about this I got an idea that they are scammers. I got almost the same but they did not mentioned any password in it but mentioned that if I will not pay $500 BTC they will send it to my social media contacts. I want to report it to authorities but I think I shouldn’t bother them as they are busy with COVID 19.
Paul Ducklin
If you want to report it, I suggest you do so – you can report online and it’s likely the report will just be “consumed” automatically by the authorities.
To be honest, reporting it probably won’t do much, and given the sheer volume of this crime, if you don’t report it then you aren’t really letting anyone down.
But if you do report it I can’t see how it could do any harm. After all, if no one reported any crimes then law enforcement would have no statistics to go on. In the unlikely but not at all impossible event that someone ends up in court in your country for sextortion crimes, then reliable reports from victims of the crimes – notably the when and the where – that can establish how much it affected people is one way to ensure fair and proportionate punishment if the suspect is found guilty.
John
I understand that the crooks got my password through a data breach. Is changing our password enough to keep our confidential data secure? Do we need to deactivate our email? I hope that I can still keep using our email without worries.
Paul Ducklin
If the sextortion email has a password in it that you are still using (or anything even close to it), change it at once! If these crooks “know” your password simply by downloading publicly available data dumps of old and stolen stuff…
…then you can be sure they aren’t the only ones who know.
Peter
Passwords leaked by webhost or linkedin are common. If at all possible I report the bitcoin address on something like https://www.bitcoinabuse.com/reports or even Google the bitcoin address to see how many reports there are already. The last one I got had the spaces filled with rubbish characters that you saw only if you tried to copy the text – not sure if it was to prevent copying or to confuse spam filters.
Paul Ducklin
Yes, our sample was the same. I presume the messed-up text was for a bit of both: hard to copy-and-paste into a search engine for help, and hard for a naive spam filter that relies only on word searching to spot badness…
Raffles
It’s a pity the chance of these low lifers getting caught is low. They could be in countries that don’t care. I’ve read about extortionists that have been caught and sent to jail. It should happen more often.
I received the same email, which I knew at once was a scam. I read Paul’s previous article and watched his video so I knew at once. Since the email address was a microsoft (.live) email address, I reported it to them as phishing. Many other clues that it was someone taking a long shot were present. My webcam is always face-down on the desk unless I am doing a video call which is not often. I run Linux on all my machines and Sophos Linux anti virus on the laptop, it has a low incidence of being hacked in this way. They also mentioned they put a pixel in the email to detect if I had read the email. I use Thunderbird, and no external content was noted so this is a lie too.
The Cat
I received one on Saturday night sent from my work (not home) email. I have no webcam and if I did surf porn, I sure would not do it from work. No password in the email – just a demand that I send $950 in Bitcoin, go to Google to look up how to do it, and also they have a timer set on the email and will monitor my reading of it. If no payment is made in 48 hours, they will release the “video.” Where’s Liam Neeson when we need him?
Anonymous
I received the exact same mail word to word i have deleted the mail just curious did anything happen after 48 hours?
david 0rme
on youtube, there is a person who hacks the hackers and in one case tracked him down through a site on the web giving him his address where he lived and his real name cannot the same thing be done with these sextortion emails? and if so why is this not happening when I have time will look again at this youtube video and find out
the name of the website that can track these people with address and real name –would love to give these people a shock!! in video man put the scammer’s address on his computer and he freaked out he then deleted all his files to the scammer was NOT happy.Surely in this day and age can stop this sort of thing and get them a LONG PRISON SENTENCE??!!
David C.
I got one of them as well. I’m pretty sure it was the one stolen via the 2012 LinkedIn data breach. Unfortunately, I can’t be sure because I don’t have any system backups going all the way back to 2012 and LinkedIn forced me to change my password at the time.
John Francis
While attending a security briefing some years ago, a FBI Cyber Agent who was presenting said scammers still use these old scams because they still work. âFool me once, shame on you, fool me twice ….â
Bob K
Well, nakedsecurity.sophos.com, your email example has better usage of English grammar than the 2 or 3 of these emails I got in the last few months.
.
C
I got one of these with an email and password combo that I never used together. The password was really old and one I havenât used since 2005.
It scared me for a minute until I read the whole thing. I think people just see the first part and skim in a panic, which means they miss the signals that itâs fake.
Steve Pomfret
Great video. Informative, concise and in plain English, and very reassuring. Thank you
Paul Ducklin
Thanks, and glad we could help! We appreciate your kind words.
Anonymous
This all makes for reassuring reading..
Although I got one of these Friday morning, when I did look at a’site’ Thursday evening, just a complete coincidence? or did the scammer actually pick up that I was on this site?!
At the end of the day it was plain old fashioned porn, I guess you could say a bit boring, it’s the embarrassment and concern over malware implanted on my iphone for me, as i’m not particularly tech savvy!
Just to note the iphone was running the previous version of IOS, but has since been updated to the latest version.
Paul Ducklin
Coincidence. These guys send out multi-millions of these emails every time they do a “scam run”. You might just as well blame the news site, sports site, online shopping site or whateveritwas you visited just before the email arrived.
Simon
Ha ha I just received one of these! Old password from 8 years ago. I was going to write a reply back scolding this hacker for trying to take advantage of innocent people, but then thought probably better not to engage with a criminal. Decided to look up this scam instead. Thanks for the great video and everyone’s comments. There must be a wave of these right now.
John
I got similar mail 10 minutes ago and immediately went to Google to find article like this. Thank you so much.
The password which they have is the one I used back in the days on several websites (not related to porn), but for some reason, I chose the same password few days ago when PornHub gave access to Premium content for free :D so I was a bit worried for a minute, even though I don’t think that watching porn is something which you should be ashamed of.
Btw. thanks again for the article!
omar
thanks for this. I have just got one
?
Its creepy when you get this types of email just got one too. Good thing its only a scam
Anonymous
i received an email at midnight last night with my email and password from around 3 years ago. He said he had a digital video of me watching a pornographic website and i âshould know which one ha!â He demanded ÂŁ2000 and to not waste any of his time and i had 24 hours or he would send it to all my facebook friends and contacts . It scared me a lot at first until i found this so thankyou so much for the help and putting my mind at rest.
Paul Ducklin
Glad we could help.
Luis Petrizzo
I just received one email like that today and contained the part that revealed an identical password I once had in an account I don’t exactly remember. The content was more or less as described in the email source you presented, including the contacts and webcam and malware parts, and yes, the part saying that if I reply for proof, they’ll send the video to a determined amount of contacts. I searched for the Internet looking for reports if this is a first or a common occurrence and finding this website has calmed me down to a 70% in what to expect. While I’m currently running a virus scan and may need to change some of my passwords, I’m glad I read this to know that this is a common trick.
Paul Ducklin
You may calm down to somewhere near 0% if you have sorted out your passwords and are checking for *real* malware – in that sense, this bogus email warning has sort-of done you a favour because you might not have done those handy things otherwise!
ghm
They said they took screen shots from my webcam… news flash, I DON’T HAVE A WEBCAM!
Marc
Just got such an email as well. Thanks for the good clarification.
Was initially very spooked until i realised the pasword was very old and did not contain any numbers (thus defenitely very old indeed, expect from neopets or something some 10 years ago?) and was nowhere close to the paswords ive been using for that email adres for quite some time.
And realising that i never have my webcam on during that kind of activity so they would never actually have anything.
I am running all the anti-virus and anti-spyware scans again just to be safe though.
An interesting part they added in my email that i havent seen before is the if you want proof respond with “proof” and we send the video to 3 random contacts of yours (quite a good scare tactic to prevent people from realising if they had anything they would have made it obviously clear)
And thanks a lot to Peter for his coment above. Looked up the bitcoin adres and was apparently never used before so got the honour to be the first to report it as a scam. And of course reported the email as phishing.
Paul Ducklin
Bitcoin addresses are quick to generate so the crooks could use a different one for every email (or batch of emails) if they want…
Youâre right that the idea that you can get proof but only by risking exposing some friends is an interesting âcall your bluffâ strategy!
Lars Erik Vestergaard
Actually one of these fools (cileiahuvd@outlook.com) uses the same bitcoin string on every scam he sends out or at least some of them: [REDACTED]
he also tried it on me..lol
Lucas
First of all, sorry for my english. I’m from Brazil.
Well, ive just received one of these emails. They had my old password (like 8 years ago) and put it in the title of e-mail.
I searched for the text, but cant find the exact one that i received. Maybe its a brand new lead of sextortion scam. The email also talks about things like “you’ve been watched for 117 days”.
Interesting to find this content and see that it didn’t happen only for me. Thanks and cheers
Paul Ducklin
Glad we could help. There are many variations of this sort of scam – the text changes all the time but the idea stays the same: âPay me money or ELSEâ. Fortunately, in this case, there is no “or else”!
kel
I got one today. I was pretty freaked out. The password was one I use but I couldn’t remember what site or if I was still using it. I stupidly replied, “wrong person” then to be on the safe side changed my email and facebook password since they referenced facebook. After that, I searched if it was a scam and found your message. Your video definitely made me feel better. I just wish I didn’t reply! Thank you!
Paul Ducklin
Glad you found this useful.
As far as replying goes… we recommend not replying to crooks because, hey, they’re crooks. But in this case I wouldn’t worry too much about it. I don’t think you are likely to receive more of these messages just because you replied this time. Sadly, I suspect you are going to receive more of these messages *anyway*. These scammers work by sending spams in vast and unrelenting waves – and you’re on their list already.
Mike Sealy
Thank you so much Paul.
I got this email first last Friday and I immediately tried to change my password even though what was stated was close but still incorrect. I have subsequently concluded this had to be leaked from LinkedIn.
Nevertheless even though I am quite sharp on these scams it was not of a format I had ever seen so I did have a few minutes of panic about its validity. Nevertheless I got another threatening one today which I promptly deleted and thought I would do some research about this scam.
Mike
Optimus
I got the same email …. However, I have multiple laptops/computers and the one I use for most of my “adult” content does not have a camera >:D
I did trace the bitcoin address with special software and soon will find out who these scammers are.
thanks for this article, I just wanted to know how many people are affected. there is a site where you can put the bitcoin address and add it to the research queue. if you are interested you can find it.. if you can’t don’t worry just list it anywhere on the web and we will find it.
thanks!
Sarah Timer
I got one today as well. I was perplexed to say the least, still a bit freaked out. it used an old password but i know i have accounts from back in the day that i no longer use or remember how to access but never “deleted” those accounts that may have my contacts. I’ve been home and well PornHub has been a friend from time to time. so i was definitely scared — but i only use my phone when i do.
Have there been cases of these crooks actually going through with it? ease my freak out please
Paul Ducklin
They canât send anyone a video they donât have…
harry tanner
Always helping somebody!!!!!! Good on you!!!!!!
LD
I received two of these emails today within a few hours of each other. One says they have 125 days of my internet usage and the other says 135. Other than that they are almost identical. I will say, seeing my password on it scared me. FB is the only place I still used that old pw so it is changed now. I was really scared because I am working from home now I am using my webcam a lot. It made me afraid they did get a picture of me from my webcam but I use a Chromebook and it showed no malware. Reading all of your comments calmed me down. I am trying to share this information with my friends because it is jarring for sure.
Sonia
Thank you so much for such an informative video!!! Youâve gained another subscriber!!!
Cris
Just had one of these today 15th April. Of course freaked me out and got me thinking.
The password sent to me was one I still use on some older sites not the regular ones like my Facebook and Linkedin. Same thing they said they had my videos and would send them out to contacts.
After a few minutes I get a call from my mum so imagine my shock. Luckily it was just a social call and the timing got me worried.
I went in all my apps and websites I use and changed those passwords too.
Also send the information of the mail to Cyber Security.
Came across this forum and seems like they are doing the Scam rounds at the moment, thanks for the help.
Lars Erik Vestergaard
Yeah, I just got one too, today. They sure are busy. The wording is slightly different, but the intent, method and composition is largely the same as anyone else. Lets hope karma burns!
JC
Wow, I got one of these emails yesterday. I froze when I saw my email and password which was correct. However, I haven’t used this password for a long time, that’s when I suspected that whoever sent it to me had absolutely no secret data about me or if they did, that was for many years ago. These people need to be caught and sent to jail.
Chris
Got one of these today. Contacted the Royal Canadian Mounted Police immediately.
Marcel
Got 2 as well one 11 April one 16 April, asking for 2000 us in bitcoins. Changed the name between the emails but used the same outlook adres.
But must admit I flinched at first as I recognised the password but that was from years ago on a site that does not exists anymore, but did have a data breach.
I Did not respond but was very much tempted to spam the shit out of this guy, mate get a job, these people are the scum of the earth. But my wife (the sensible one) convinced me no to. Not worth the oxygen.
Cara
I replied, please share with everyone you know. Maybe I will go viral and get my 15 minutes of fame….get a reality show?
Anonymous
Hi Paul!! Thank you for posting this!! I received my email April 14th from a Jenna @ outlook email address. The email made it to my inbox and not my spam . The only reason I opened it was because an old password was in the subject name by name. That will catch anyoneâs attention to open the email! These f*****s claimed to have a video of me visiting porn sites master-baiting and if I didnât send the $4000 in Bi coins they would email the video they made of me to random people In my contact list and FB messenger they were able to download due to spyware they had on the website disgusting!!!! They also claimed I had 24 hours to pay them & they would be notified as soon as the email was opened . I deleted and trashed it right away but I kept wondering how they got my old password I use for actual accounts when I donât visit or watch porn. After much research on this I I found Poshmark and Nordstrom rack had huge security breaches. Emails and passwords were exposed thatIâm sure are now on the black market.after much research and export said to go to HaveIbeenpwned. This site shows you of all security breaches associated with your email and password exposure. Glad I found this out !!I have an iPhone is there any way they can download a virus on my iPhone from me opening the email ? I didnât click on the links they said I needed to to pay them before I deleted it. Is there anything you recommend for your iPhone or iPad to keep them safe ? Thank you for educating everyone on this so sad these people are resorting to this in the middle of a world pandemic. Hopefully they get caught soon
Paul Ducklin
We have a 100% free security app for iPhone and iPad that you can try if you like… just go to the App Store and search “Sophos Intercept X for Mobile”.
More information about our various free tools is here:
https://sophos.com/freetools
HtH
AN
I got one of these today. The password was a weak one that I used to use when I was signing up to websites and didn’t care if someone knew the password. I did a search and found this article just because I was curious to see if I could find out what site it had come from. It has to be pretty old because I set up an email account years ago when I didn’t want to give out my good one. I guess it wasn’t soon enough though.
I keep my webcam covered but if they have a sexy tape of me I’d love to see it. We might need to go into business together.
Abdul Baky
Hi, I just got this kind of e-mail. they said they put it in my “Laptop or Computer” by this word I become sure that this is false. as I don’t use any of them, I use mobile & Tab only. However, thanks for your article & it helped me to understand the actual scenario. A very informative video as well!
Paul Ducklin
Thanks for your kind words. Glad you found the video useful.
JA
did anything happen to anyone for not sending money?
Paul Ducklin
Yes… they saved as much money as they would have sent :-)
chester
I take it as a friendly reminder that it is time to update my password.
Robert Patching
I have had two of these in a week, is that unusal?
Paul Ducklin
No. I didn’t get any in this wave of spam, but in general I receive this sort of email in a fashion best descrined as “irregularly but frequently”. Like buses (or, at least, like buses in the pre-coronavirus days), you can sometimes get none for a while, then three come along at once.
Yvonne
I must be extremely naive because I spent most of the day in a panic – called the police, put a report on the ACCC website, rang the bank and changed passwords on everything. What a nuisance. It really ruined my day and I have been wracking my brains trying to remember if I have done anything incriminating. I let my contacts know I might have been hacked. This afternoon I googled it and have since been reading lots of accounts of the same thing. I must admit I’m still not completely over the worry – I think my 24 hours is almost up!
Paul Ducklin
Fear not. It’s all hot air. Offensive, disruptive, criminal hot air, but hot air nevertheless.
AJ
This is what i got today and my laptop camera is always closed so..
Send $1000 in btc to the below address (remove***from it):
[REDACTED]
You could be questioning why the hell would you do that? Very well, prepare yourself due to the fact I am going to move your entire world at this moment. I had a hazardous malware infect your own laptop or computer as well as record video of YOU (using your web camera) when you looked at ‘adult’ websites.
This is one of your password
Nevertheless don’t believe me? Reply 7 and I will be randomly share your video with 7 people you’re friends with (Yes, I have got access to your contact list as well).
Today, what can I want to make this entire thing vanish? Well, I have already described the particular offer in starting of the e mail. If you do not fulfill it within 24 hours, I’ll create your life horrible by delivering that video to Everyone you know. Your time frame begins right now.
abcd
yes I got the same. They hacked my outlook and FB account.
MrRee
Got this yesterday – first type of this kind in 22 years of internet use … so, initially, shocked me – the Malware part and listing an old password.
It’s made me reassess all my passwords – so excellent warning.
I worry for those for whom this will worry them so much that they pay the money – the scum who do this don’t care what anyone thinks of them ….. they need to have something painful done to them, all their wealth removed and then their liberty.
Joy
Hey Paul ,
Thank you for this article,i received one this Morning and they attached afew pictures of me and also my passport , should i be worried. This was the email:
It’s time you faced your past. We are back after 2+ years. Pay $500 in bitcoin to the bitcoin wallet below or all of the pictures will be released to your address book and online. You have 24 hours on reading this to send the bitcoins.
By now you know that your local authorities, friends and family can not help you. Last time you were warned and you did not listen! Because you reported there are consequences.If you do not comply there will be more consequences.
Once you pay we will never contact to you. We’ll delete all of this data for good. All will be well so don’t worry.
Failure to pay in 24 hours or if you report again, then you will be all over the internet, social media, your email contacts and your phone contacts.
We know your every communication. Last chance, don’t fuckup!
Bitcoin Wallet Address
[REDACTED]
Bitcoin Service to use for transaction
[REDACTED]
Capture 2.PNG
Paul Ducklin
In every case I’ve seen, the “evidence” used by the crooks in these scams has been data *that was already leaked somehow*, often long ago (sometimes years). So anything they claim they might “expose” is already exposed, and therefore there is no point in engaging with the crooks at all.
As we said in the video, I think the best thing is: delete, and move on.
HtH.
MsR
My email @ 7:10pm yesterday:
Pay $1000 in bitcoin to the following address (remove***from it):
[REDACTED]
You could be questioning why the heck would you do that? Well, prepare yourself due to the fact I am going to shake your entire world now. I had a dangerous spyware infect your own laptop and also record movie of YOU (using your cam) when you browsed ‘adult’ websites.
Here is one of your code
Nonetheless don’t believe me? Reply 7 and I’ll be randomly share your video with 7 people you’re friends with (Yes, I have got access to your address book as well).
Currently, what do I want to make this entire thing disappear? Well, I have already talked about the particular offer in beginning of the e mail. If you do not fulfill it within Twenty-four hours, I will create your life horrible by sending that video to Everyone you know. Your time frame starts now.
Alex
Got one of these emails myself yesterday and it had one my old passwords in the subject line to make it sound real. Right of the bat i knew this was a scam but something inside was still fearful. But two things got me thinking eventually that this was a scam. Firstly it said that we will send these web cam footage to three people you know you reply saying provide proof, well why would you send proof to someone else and not myself if you have something on me? The second thing was that it said that if you dont pay up in 24 hours we will send this to all your coworkers family mom dad and so on…. didnt mention sister or brother, husband or wife, girlfriend or boyfriends, exactly because they dont know. They claim they know everything about you but they dont know your siblings or your partner. Crooks are at it again, dont let them steal your hard earned monty
zach
i just got one of these this morning. it as others have stated a really old password. theres a site that checks your email to a database of of data leaks and i had 3 show up and 2 of wich i would have used my not so good password the one that was given to me in the email.
Natalie
Thank you so much for sharing it. I got one of these emails on Friday and another one today that went straight to my inbox. Todayâs one had an old password I had used. The email said it would send footage to my boss and people close to me. Also said that he knew my actions for the last 199 days. Asked me to pay $2000 in bitcoin. I sort of panicked when I got another email today.
Victim
I received the email thrice already. Once 2 years ago, one 3 days ago and one today. I think they really like me, lol. The funny part is that I haven’t watched a porn in last 3 years. The text is exactly same as above. I really feel like replying and swearing at the scumbag but I don’t want to provoke him. No need to send a single penny guys. Just ignore the sh#thole, that’s going to offend him/her more
Bryan
I got one of these emails today. They did have an old password. I checked the “Have I Been Pwned” and my email address did show up. However, the funny thing is, I do not have a webcam and will never own one!
I did the following:
1. Changed passwords
2. Ran Malwarebytes after changing PW (nothing came up)
3. I, (lol) always have my VPN turned on.
I also copied and pasted the email address and put it on the block list and then deleted the email.
Bryan
@Bryan
Returning to this article three months later, I see there are now two of us.â
Glad you came through unscathed.
Gave you an upvote–we Brys gotta stick together.
â Like Mogwai in the water, my evil plan is nearly complete
Lulu
I’ve received it twice. One last week and one today. The first one scared me because it’s an old password of mine (and of course, the worrying thoughts are more about online banking, PayPal and that stuff). I guess there are gullible people who fall for it, but really, when the world is so convulsed over the coronavirus crisis, do these d*ckheads really think that someone is going to die with embarrassment because of some sexy footage that leaked? B*tch, please! That’s the least of people’s concerns right now. We’re all rather trying not to get infected and die with the virus, and wanting to go back to normal life… Speaking of life… these scammers should go and get one!
Tj
Got one today and freaked out thinking someone had all my passwords and info, wasn’t til I read further down about the porn I realized it was BS. Haven’t used the password mentioned for anything important in years and only used recently for stuff like zillow/coupon clipping apps that are not connected professionally or financially to me or the email i got the threat at. After some google searches on a completely unconnected secure network it seems it is a scam that frequently targets government workers such as military, fire, police, local government. They target these groups as their income is stable and the people have a lot to loose. I checked all my devices and have no issues/security flags. Guess its time to change all my passwords again.
Paul Ducklin
I suspect the target group of these scammers is wider than public sector workers… I think their target group is âanyone with an email addressâ, judging by how prevalent the emails are.
RK
Received one of these today. It didn’t have a password, just that I had been hacked and that they had placed “placed some firmware in my router” and that every device that connected to it was compromised. The weird thing is, with the body of the email, if you try to copy it, there is a number that appears between every word.
Paul Ducklin
The characters between the words are there, one assumes, to make word-matching harder for spam filters and to make copy-and-pasting harder if you want to search for the text online. Theyâre made invisible in the HTML of the email by setting the foreground and background colour of those characters to be the same.
George Robinson
Paul should I just delete the scam email and get off my computer. Thank you so very much for your advice. They really made me feel my life was over.G
Paul Ducklin
Delete, shrug, and move on.
Dm
Instead of malware on my dads computer, they said they injected some coding into out router and They also stated they had everyoneâs contacts list and out devices Cameras hacked, I obviously knew this was bogus since Iâm currently studying cyber security.
John
Ok I’m embarassed now, I fell for this one. I usually don’t maybe the Co-Vid stuff got in my head too much.
So I spent pretty much the whole day trying to purchase a $2000 bitcoin. I finally did purchase it (but I think it’s still pending) so it went past their ‘deadline’.then maybe an hour later I get the same message again from another name with slightly modified message text. long story short, does anyone know if you can get your money back after purchasing a bitcoin? is there a way?
Paul Ducklin
If you bought bitcoins (and didnât pay them on to someone else) then you can sell them or use them to buy things… whether you will lose out, get your money back or make a profit depends on whether the value of Bitcoin goes up or down in the meantime (it can fluctuate quite wildly at times). If you cash out your bitcoins you will also end up losing two lots of transaction fees, one for converting your cash to BTC and the other for converting it back.
Flavie
I got that email 5 days ago then different versions of it everyday since. Got me worried because I did you that password not that long ago.
Thank you so much for your blog. I was starting to get really worried.
Rickey Harris
i just replied ‘post it then ill jerk it to that too’ lol no response yet
MJ
Received my glorious email from Hort Aras zavdagnyqe@outlook.com
———-
Same layout… one of my old passwords as the subject line. They have all of my current contacts and activity on my computer from previous 122 days. They have a “video” that they will send to 8 people I know if I respond requesting proof …..yada yada. 2000 bitcoin and I have 24 hours to do so and they have a unique code that will let them know when I read the email so “don’t attempt to act smart.”
————
I got a little nervous considering they did have an actual password from years ago. I reported it the the FBI and I thankfully found this website. I still can’t believe there are people out there that do this… and I thought spam phone calls were annoying.
Alpesh
I am also latest victim to these mails and for me, i received the same mail from two different address in two consecutive days. Hate to open mail now but it appears more like a pysch test. For me, i am receiving these mails on my outlook email id which is a free account. My observation is that if i mark that as “phishing”, mail still goes in trash folder and i am not sure if there is any action taken on backend. Does Microsoft offer better security with Premium / paid service? I can keep on ignoring mails but good to have some solution which can help block at the server level. Paul’s video gives some relief but need a permanent solution to these mails.
Paul Ducklin
These emails will often be blocked, but the crooks pump out so many, from different servers and senders and with ever-changing content, that reliably shielding yourself from all of them is as good as impossible. As we say in the video, for this sort of criminality, delete, shrug, try not to be too offended, and move on is about the only “permanent” solution.
Alpesh
I am also a victim of similar mails. I received the second mail in two consecutive days but from different email ID. I am using the free outlook email account which has almost no security. I was wondering if i should upgrade to premium service if they can offer better security features and block these mails. I realized that when you delete or mark “phishing” mail, it goes in the trash folder and not sure if any action is taken. Does Sophos have any product for individuals/ home users, which can help prevent or block these mails?
Paul Ducklin
We have a whole raft of free tools (see the bar “Free Tools” at the end of the article), but it’s hard for us to do much about your webmail account because they’re handled elsewhere and just show up in your browser. Empty your email trash regularly if you want to see the back of these… but once they’re in your Trash they won’t show up or “do” anything unless you choose to revisit the deleted items.
Tiny
I also received this email a little after midnight, supposedly from a Harriot Giovannini.
I knew it was a scam as it isn’t true that Iâve visited any porn sites but it is still quite alarming when you first read it. Worst thing is that the password they quoted is an old one of mine but one I do occasionally use and one that I use variations of quite a lot. Iâve now gone through and changed the majority of these passwords all to something unique, and will keep going with the others shortly.
Does anyone know, regarding malware, how can you protect against that on an iPad (I donât have a computer/laptop)?
And also, my iPad remembers all my passwords for me to either automatically sign me into things or to show me the actual password as a reminder. Is that safe? It requires my fingerprint to see what the passwords are.
Paul Ducklin
Letting your browser invent and remember passwords is better than making up a poor-quality password of your own (like “secret99”) and then using it everywhere!
I actually prefer a password manager that makes it slightly annoying to put passwords into sites (i.e. doesn’t do it automatically) in order to make me Stop. Think. Connect.
A little inconvenience can go an awful long way. (Same reason I never save my credit card number. It protects me from data theft, but it also protects me from me – I have to go and get my card, and that gives me a few seconds to have buyer’s remorse proactively :-)
Charlie
They seem to have become more frequent recently. I’ve received 3 in the last week, all originating from Outlook servers (based on the headers). Microsoft does flag them as junk, and you can report them as a threat, but that really will only block the sender being used. I noticed the last two were identical, with the exception of the sender and name in the email. My guess is that someone is mass creating free accounts and spamming while sitting at home with nothing to do. Hopefully, Microsoft will get enough reports/complaints and do something about it. Based on the password being sent, it’s from an account I created about 15 years ago, probably to get something free.
Snapper
I received several of these emails this month (April 2020). I emailed them back and told them I live in LA and that I am a full-time porn star. You can find many videos of me on pornhub.com
sarah
i got one of these on Wednesday night, was so upset and frightened I went to the police, didn’t sleep Wednesday night at all had the police round most of yesterday morning and then rushed of to bank to change everything even though im supposed to be in isolation then got another 1 early hours this morning and ended up been up again all night….. feel much more at ease now, only difference is that is still causing the worry is that my paypal was also hacked march :(
John
Great, thanks for the info. Purchased the Bitcoin through Jubiter. I’ve sent them a message but got another msg today saying Happy Easter and they will be short-staffed until the 20th. Kinda thought Easter was last Sunday ha but I guess they’re time off is at a different time. I’m a professional musician so can probably order some gear online and pay with that. I do need another harmonica for livestreaming ;)
Anonymous
I am from Argentina. And I recieved 2 emails like these in a 15 days . I just made a legal complaint. I donÂŽt know if this itÂŽs going to do something help finish with it. But I did it.
With your page and the video you helped me to let me easy.
Thank you very much!
victim
I just got exact same email, and I use their email address to registered some porn website for the scammer, hope they enjoy it.
Paul Ducklin
Please don’t do that. You have no idea if there’s a real user behind that email address….
…butif there is one, it’s not likely to be one of the crooks themselves! (Generally, these crooks don’t need to receive email from you – in fact, it makes the threat more aggressive if you can’t email them back. After all, they can menace you at will because they know *your* address, while your method of “talking” to them is via a Bitcoin address. Your only way to communicate with them is to pay in the money.)
Another Victim
Just got this today.
Is this an example of what everyone is getting? I don’t see any pwd on here that Ive used,….
4Hi4!5
9I3will2be3direct.3You3watch9adult2content8often,9and7I6caught9you4masturbating.1We4all6do4it7from1time5to8time.5
3How6I1did1this?3Your7router9was9vulnerable.5
6I7was6able4to6inject2some5code7into1the1firmware,9and5every2device5connected6on1the8network,6including1phones,4was6compromised.8
2Then7I5set1every3device8available8to5record6with9the8camera5only3when7you9watch4adult1content.8
1I2also7got9your6contact8lists,5phone1numbers,8emails,7social6media9contacts,4and6here4is3the8deal.8
1If1you5don`t9pay8me97009dollars2worth2in6BTC,9I3will4send5your3masturbation4video1and3search8history2to2all6your9contacts.4
Paul Ducklin
This is the sort of thing. The digits between the words are made invisible when you view the email by means of HTML tags to change their colour to match the background. This one is claiming to have hacked your router instead of including a password. The crooks seem to have left out the Bitcoin address here so perhaps their âspamming softwareâ has a bug?
Anonymous
Thank God I have searched this.
Today 18 April 2020 I got a mail in my outlook account from someone called Immanuel Han , same as above he said he is aware of my password (which was a old one ,still made me worried a bit) .He told me ,he knew my fb contacts,mobile phone contacts blah blah blah..And he has recorded one of of masturbation video (lol I have no idea,still I was tensed) .He told me â well the previous time you went to the porno website,my spyware ended up being activated in your personal computer which ended up logging a loving video clip of your self pleasure play simply by activating your webcam.â
Dude Firstly I use my mobile phone to watch anything and in life I have never ever used webcam.
Although from the begging I knew this was a scam ,but this made me think twice .whether have I ever used webcam and does he really have any of my video or what .Then I thought âis he my Ex đâ
So Out of fear and stupidity I have replied him â LOL I donât have a fb account đ đ đ And I donât do all those stuffsđ And about that 2000 bitcoin ,dude I am job less if you can donate me some amount then please do .Further on Donât try to make me foolâ
Like seriously What did he think ?Am I a billionaire or what ?
Well I have learnt one thing ,I wonât visit porno site again .No No No
Victim2
What can we do to reverse hack these guys, identify the location from which they are operating and take them out – in whatever context that implies?
Paul Ducklin
The short answer is: âYou canât.â Vigilantism on the Internet has a terrible habit of blaming the wrong person and persecuting someone innocent…
Victim
I actually watched porn for the first time in years on my phone and then a day later, I received an email similar to above. Should I be concerned ? Iâve deleted the email and followed other advice to clear my phone of âvirusesâ. I am feeling worried.
Paul Ducklin
Coincidence. Seems that almost everyone is getting this wave of porn scam emails, so there must be 1,000,000 different things that people âdid for the first timeâ just before receiving the emails. (Anyway, these emails almost all refer to âusing your webcamâ, which is not a word I have ever heard applied to a phone, only to desktop/laptop computers.)
Lars Erik Vestergaard
nope, pure coincidence…so many got this, me too..past the deadline..nothing happened.
Anonymous
I’ve had one last night giving me 24hrs too, its really awful and a old password close to what I use thankfully my email account and Facebook are not that any way…this is the email address mine came from its horrible to feel someone has tried to invade your personal and private details.
[REDACTED]@outlook.com
Above the email it came from wanting $200 Bic Coin what ever that even is. I have since deleted the email and had nothing further so far today.
Anonymous
Received one of these emails a few days ago as well. I knew it was a scam but I’ve never received one containing an old password of mine. This got me a little worried and thankfully I came across this post as I was trying to find some insight. All the posts here are definitely giving me some much needed reassurance. I can sleep well tonight! Also, thanks to these scumbags, I’ll be bolstering up my old passwords and applying two-factor authentication where I don’t already have one in place. I guess I should be thanking these scumbags for helping me protect my personal info!
George Robinson
Paul I cannot thank you enough for taking all the worry out of my life, at first I thought my life was over but thanks to you all my fears are gone, May GOD bless you and keep you safe.
George Robinson
Paul what so bad about this is that we have not nothing wrong yet we could be damage and we have no way to defend ourselves. I want to thank you for letting us know its only a scam.
Anonymous
Thank you so much for this post, itâs put my mind at ease
B
Paul I’m curious have there been any reports of videos being leaked from this round? Aim past my “time frame” and nothing has happened. I think I’ve done all the appropriate safety stuff after getting one of these emails including blocking the user. Should I be concerned that my information from my computer is going out to all of my contacts without my knowledge?
Paul Ducklin
In every single case I know of in this scam…
…there is no video, no malware, and no password except one from a long-ago breach.
OTOH there is no harm in reviewing what’s going where – not merely from a malware point of view (see the Free Tools section for our free anti-virus protection), but also for the settings you’re using for apps where you’re happy to share. Make sure you aren’t oversharing. (And get rid of software, apps, breowser plugins and accounts you aren’t using any more. Because you can.)
Anonymous
That’s helpful thank you. What do you recommend for instances like this on an iPad or iPhone? I did your sophos intercept x on my iPhone. Is that sufficient or should I add additional protection? This situation has made me strongly reevaluate cyber hygiene.
Paul Ducklin
There’s a limit to how much Apple will let anti-virus apps do, which is why Sophos Intercept X for Mobile doesn’t have all the features that the Android version has. For example, automatically scanning new apps for malware just before they’re used (a so-called realtime or on-access malware blocker) is essentially impossible on iDevices. That’s because all apps are strictly limited in their access to other apps’ data. Of course, Apple argues that makes an anti-virus correspondingly less necessary, so that restriction is unlikely ever to change.
Artay
Got mine today. Freaked me out cuz I had been âlookingâ within the past month! Lol. During this covid-19 time, Iâm stressed out enough and didnât need to think about my mom or someone from work getting an email from me in all my glory… thinking and hoping it was a scam, googled it and breathed a sigh of relief after finding this video and other information. I was not on a computer, but my iPhone.
Needless to say, cameras will be covered for piece of mind the next time! Lol. Have a great day everyone, be safe, wash your hands! (Cuz of the virus of course!)
Anononymous
I just raced one that had the wording
An old password was in subject line which got me to read it. It stated.
âHey, you donât know me personally yet I know everything regarding you. Your entire Facebook list, smartphone contacts and virtual activity in your computer for previous 173 daysâ
I goes on to say that spyware was triggered In y computer system documenting a masturbation video that was to be sent out if I did not send but coin in24 hours. Anyone else get one that looks like this?
Thanks
Paul Ducklin
That’s a familiar variant – the number of “previous days” must be randomly chosen by the spamming software they use because that part varies and is therefore often some weirdly specific period, like your “173 days”. (A few commenters who are right now using new laptops acquired and freshly intalled for coronavirus lockdown have expressed surprise that the crooks seem to have a time machine, too :-)
Anonymous
I got one the same as you.
Anonymous
I received an email at midnight last night with my correct email and password from around 3 years ago. He said he had a digital video of me watching a pornographic website, not true! He demanded ÂŁ2000 and to not waste any of his time and I had 24 hours, or he would send it to all my Facebook friends and contacts. I read the email on my phone & couldnât block the sender so 1st thing this morning I tried to do that on my laptop, but the email wasnât there any longer??? I checked the junk/spam folder & every folder that I have, it wasnât there, checked with my husband & didnât know anything about it. I didnât click on the links they said I needed to open to pay them but just to be safe, I immediately run a virus scan but wondering how is this possible if itâs just a scam? Anyone else having the same issue? Paul Ducklin please help putting my mind at rest! Thanks.
Paul Ducklin
There’s no video because there’s no malware (well, you could have malware from somewhere else, I can’t tell from here, but if so it’s not malware that these crooks can control), and this sextortion/password thing is all scaremongering.
Steve
It looks like the LinkedIn hack may be the source of passwords and old email address.
Star
Hello Paul, I just got one of these emails today and I am very scared. The facebook password is an old one. I have changed several times and decided to change again today. But I am still worried because I have looked at a porn site recently. How do they know that? How do I know they don’t have a video of me thru the computer camera? What should I do now? I am very upset and afraid. I do have Malware on my computer, I ran it today and they did detect 9 threats which they quarantined. What else do I need to do?
Paul Ducklin
They don’t “know” anything. It’s all guesswork. Lots of internet users have watched porn at some point. Lots of users have found one of these emails in their inbox. Therefore there will also be lots of people who have done both. You are one of them. Chance. That’s all it is.
If there was malware on your computer, then these crooks didn’t put it there. So there is a silver lining in this: these crooks got you motivated to do a malware check that you wouldn’t have bothered with otherwise, and now you are lighter by 9 malware files. Sounds like a good result to me…
Anonymous
I just got a second email a couple days after the first. Is that normal? It was exactly the same as the earlier one accept said it went back 177 days rather than 173 and that it would send the verification video to 8 people rather than 6. I ignored the first and will this as one as well. Nothing occurred from the first one. will they continue to come in? Wouldnât something have already happened based on the first one by now? Kind of keeps you on edge
Paul Ducklin
Some commenters are reporting getting as many as 5 of these things in the past few days. SophosLabs did some research into the volume of spam these crooks produce and it is huge – so the bad news is you may get plenty more of these, but the good news is that theyâre not targeting you.
Anonymous
So the entire thing is a scam? Has anyone reported that a video actually ever went out from all this?
Anonymous
I received one of these and immediately deleted but then I received another 24 hours later. Should I worry. I didn’t open it, just trashed it. But I am worried because I received 2 emails.
Paul Ducklin
Some people have had more than that – itâs annoying but there is no reason to worry just because a second one shows up.
David
Paul,
Many thanks! I have gotten two of these emails in the past week. Logically I knew it was a scam, but it does set you on edge a bit (at least for me). Your video and your comments have gotten me back into the world of logic again. Very much appreciated!
Mark
Paul you are doing God’s work. Thank you for being one of the good guys. Carry on!
Bob of budget computers
I think we should get 100 volunteers to sign up using assumed names and agree to reply to the message by forwarding “So whats my name?”100 times each at an agreed set time , this would jam up there site and they would get complaints from there email company that would probably start an investigation .
Bob retired owner Budget Computers
Paul Ducklin
Problem with spamming back is that most of the emails seem to come from computers infected with spam-sending malware so you wouldnât affect the crooks at all.
Carol
I just got this email. I know exactly how they got my information. I normally do not sign up for anything on the internet but with Covid I am trying to apply for gov loans. Last week my husband and I checked our credit on experian to see if SBA ran a credit check. The next day they had all their information hacked. I never go to those sites for that reason, damn Covid.
Paul Ducklin
The crooks behind this scam almost certainly did not get your personal data from the credit check you just did. The fact that you received this email the day after doing a credit chack doesn’t prove that the credit check “caused” the email to arrive. It is simply a coincidence. All the evidence so far suggests that the passwords used by the crooks were from data stolen several *years* ago, not one that happened recently.
Tens or hundreds of millions of people receive these porn scam emails every time a batch goes out. Every one of those people will have a “last website they visited” or an “app they installed most recently” before the offending email arrived – ubt none of those websites or apps are to blame in this case.
Cobra
The email I received said that there was code in the email message that would notify them when I read it, but I viewed the source code of the email, and there isn’t any code that calls back to a server. In fact, the HTML code of the email is very basic and simple, like written by somebody that doesn’t really know what they’re doing, and likely isn’t sophisticated enough to actually create something as elaborate as a malware app that reads your private info and takes over your web cam.
Anonymous
Me too :)
MICHELLE ANGELINA
I just wanna express my gratitude for this article. I literally just received one minutes ago – it wasn’t even my password. This is the email address of the scammer: [REDACTED]. By the way, like one of the readers said – my email also stated that I should wire them in BTC worth 2000.
Be safe out there everyone, physically & technologically.
Anonymous
I have received three in the last week all with an old password. My wife just go one this AM and it said that they were aware of her password but the reference was actually her social security number. This has her very concerned as it is not like a password that can be changed. Any ideas on this? Have any others received them with SS numbers referred to as passwords. Not many places have SS numbers, only banks and credit cards etc. we had gotten a notice 2-3 years ago that info from Experion had been compromised do you think it could be from that? Should we now be concerned about identity fraud? Since it was referred to as a password I am thinking a person is not actually making the connection. Please share your thoughts and thanks again for your advice and insight into all this. We have had freezes on all our credit reports for many years. This is my third time writing as anonymous. Thanks
Paul Ducklin
I’ve had many of these in the past where my password was an unusual words that was one part of an alternative email address I used for a while (imagine the word ‘weirdlettercombo’ extracted from, say, ‘duck@email.weirdlettercombo.example’). At least that’s where I guessed it was derived. I assumed that there had been a data breach years ago where my regular email address was somehow “lined up” with that text by crooks who assumed it was the password field in the database they had stolen, and who sold their breach data on with that incorrect assumption embedded in it.
I can’t say where these crooks got the nearly-but-not-quite-the-password data in your case – you can do little but guess at this stage – and given that I don’t live in the USA I don’t know what you can do about compromised SSNs, if anything. (My understanding is that it’s hard to get a new one issued.)
A credit freeze and regular scrutiny of your statements seems like a good precaution to me.
Greg
I’ve been getting them for months after I think it was Facebook who got attacked because that’s when they started coming in. I admit the first time I got it freaked me out but then started to process it and remembered, I don’t have a webcam or at least cover the built in cameras on the computers Ive used and then started learning about this scam since that was the first time I’ve heard of it even though it was going around years prior. I was getting at least 5 if not more a week from different senders and variety of $$ amounts and such and then slowed to 1 every 3 weeks. They’ve always ended up in my spam folder from the start. I will say this, it has made me really think and overhaul all my passwords.
I got one yesterday that seemed like the rest but then got one today with the supposed “final” warning with x amount of hours + minutes to pay. This person really has a vulgar personality throwing F bombs throughout the message.
I saw your video above and the section of malware scans, I know there’s LOTs of services and security tools out there so how do I know which would be the best service for me to get? Whats the best way to compare them other than user reviews which honestly today I can’t tell if they’re real or fake reviews.
Paul Tavener
I use Sophos on my MAC laptop and it did a great job ridding some malware since then no problems whatsoever.
Paul Ducklin
Thanks for the feedback! Much appreciated.
James
The email I received mentions 169 days. It also mentioned a WebCam which I donât have.
The second email claimed they had sent a video to three adult porn websites.
Of course they werenât mentioned. And I donât watch porn. But this is very annoying.
Cheryl
My threatening emails come from Outlook.com address. I have been deleting them, but I would like to stop them completely and would like the persons responsible to be brought to book for invading my peace of mind. Idiots!
blane
I never cover up my iphone camera. today, i decided to do so, for the first time, just because. a few hours later I received this email. Mine is similar to all these mentioned, but mine said “the next time you cover your cameras, someone may watch it”. that seems like too big a coincidence since this was the first time i ever covered my camera. I am a bit worried.
Paul Ducklin
Everyone’s covering their cameras these days! Seriously, if you cover your camera how are they going to “watch it” – doesn’t even make sense to me. (And it’s still a scam anyway.)
Anonymous
You’re right Paul. Thanks.
Paul Tavener
I had two of these with a password I have used for too long stupidly but all changed now. Because I blocked them I had a very threatening third email using very colourful language, it said they were mad at me and I would be f***ed over and a few more insults. I blocked that too so waiting for the next delightful email from these scum. I don’t trust webcams anyway and have a sticker over mine.
Anonymous
Hello,
i would like to share my experience and ask for some advices about this annoying issue.
I’ve got two of this kind of emails at least two weeks ago; honestly, I was scared at first because the object of the email mentioned my very first password of my hotmail/outlook account, that became also my Microsoft account during these recent years. I changed this password lot of time ago, but I was shocked about the fact that they knew it, until I came into a web article about the various database breaches of the last 10 years.
Then I felt a little bit relieved but I was still worried by the threating tone of the mail and the fear that my webmail could have been violated and my contacts stolen, even if that happened in the past. Also, but really I can’t say if it was real or just an impression due to the mail provocation, on these days in which i re-installed skype and used other conference call apps, such as zoom, I sometimes noticed that the webcam light had an unusual working, being active also when I was far from the pc. It really could be that someone has infected my computer with a TROJAN and then has the control of my webcam and some of my private informations such as contacts, data, passwords? How can I prevent and remedy to this annoying issue?
After reporting the emails to the webmail manager as pishing ad extortion attempt, I also check the security settings of my account and i found some login attempts ( luckily failed) from various parts of the world, such as Brazil, Indonesia, Thailandia, etc; they can be related with this issue? Do you think that if I report my case to the authorities it could be a further and useful detail? Thank you for your eventual answer and for the video, it calms me down a lot :)
Paul Ducklin
These emails are scams. I suggest you ignore them.
If you are worried that there might be malware on your computer anyway (if there is, it didn’t come from these crooks) then you could try one or more of the programs we’re offering in the section that say “Free Tools” above. (You can use our Virus Removal Tool without having to remove your existing anti-virus first. That might be a good start.)
Cam
Paul I have gotten 3 of these in the last six days, They all had the same old password but were from what looks like 3 different sender names. The first one I opened because I didn’t know what it was. The next two I just deleted and installed the AV that you recommended. I ran the Malware scan which took about 12 hours and it said I was clean. Still I am unnerved by this and wonder if I should change my e-mail address with Comcast, Thank You Paul for this website believe its the only reason that I have slept the last week.
Paul Ducklin
The problem with changing email addresses is that there are probably a lot of people (and online services) who know you at your current address…
…and your new address will probably get on spammers’ lists soon enough anyway. So it’s a huge inconvenience for you for what will probably be a very short “advantage”. I’d just live with the annoyance and delete these emails whenever they show up. (I find they come in waves. Last year I had loads of them. This year I’ve hardly had any while everyone else seems to be swimming in them. Luck of the draw, there’s not much more to it than that.)
Mike
I got one of these this morning, and knew it was a scam from the get-go. Know how I knew?
I have no webcam on my PC. Never had one. Never WILL get one. And the password was one I stopped using 10 years ago.
And I’ll say this right now: Never in my life have I been so tempted to reply to the scammer that they have been reported to the FBI’s Cybercrimes Division, and that they should be expecting a visit from the feds any moment now.
They don’t realize this scam could end up blowing back at them, in the form of a 30-year federal prison sentence and a hefty fine, they won’t leave prison UNTIL they pay off.
Some folks never learn. Right, “Mollie”?
Paul Ducklin
Problem with replying is that the reply – if it can be delivered at all – may end up in some innocent person’s inbox. The one place it won’t end up is with the crooks, so you would just be adding to the total amount of FUD going around. Best plan: delete and move on.
Mark
I got one yesterday, and ignored it. Well, not quite, two things:
1. I have several friends in Law Enforcement, and was advised to send a copy of the sextortion e-mail to them, and they’ll take it from there.
2. My “Deadline” just passed moments ago. I have no webcam, and I have several security programs that would’ve caught, quarantined and deleted any malware or spyware.
Oh, and one other thing: I plan on responding to my blackmailer with a message that should scare the living piss outa them.
Paul Ducklin
Don’t do that. Firstly, any reply you send won’t be going to the crooks and could end up with someone whose email address was “borrowed” to make the email look legitimate. (The sender gets to choose what to put as a reply address.) Secondly, depending on what you say, you may fall foul of the law yourself, because if the recipient who gets your tirade happens to be in the same jurisdiction and reports you, then you could be in serious trouble. Thirdly, as the old adage says, “If you lie down with dogs, you get up with fleas.” In other words, you don’t stand taller by sinking down to the level of the crooks. My advice is: delete, move on.
Anonymous
back on may 5th i got the same email ,but I just opened it today, claiming that I have been to porn sites even tho iâve never visited one, they told me they have proof of my contact list i just have to reply with a ,,YESâ and that they have a video of me. They didnât mention any passwords but obviously they somehow managed to get in which to me is weird because I havenât used the email for ages (tho there was this one time I logged in through a school computer and because I accidentally saved my password on the computer I had to change it and so I changed it to the password I use for ALL of my accounts i donât know if that has to do anything with it) but i had to log in for school reasons. Iâm shaken up a little bit like any teen would feel when they first get the email tho youâve relieved me to some point. As far as Iâm concerned the people that mess with these type of stuff can go to jail for a very long time.
Anonymous
I got one of these today but it had no password just stated that it caught me watching adult videos and doing sinful acts. It also wanted 700 dollars in BTC. It said it would release the information to my contacts but again offered no mention of a password. I assume this is the same thing?
Paul Ducklin
Yes.
Bubbles
same happened to me this morning
Jim
Hi – I received one of these sextortion scams 3 weeks ago, password was unfamiliar and certainly not one I use currently, – responded ( probably unwisely) by saying ‘send proof’ – since then ‘nothing’ and now having seen your video have deleted.
Immediately following the scam I ran Malware Byte Premium & McAfee scans they didn’t really highlight anything untoward.
But today I received an unsolicited telephone call from a person who was able to recite my name and address on the pretext that the maintenance insurance on my washing m/c is about to expire ( it isn’t !) I challenged him where upon he rang off very abruptly his final words being ‘you know nothing’. I tried the call-back facility on my phone but the number was ‘unrecognised’ Do you think this could in someway be connected and if so what should I think about doing ?
Paul Ducklin
I get sextortion emails intermittently throughout the year, no particular rhyme or rhythm, they just show up every now and then. Until recently I received those broadband/virus tech support scam phone calls all the time. (Not sure what changed but I am not complaining – they’ve dried up in the last few months.) Therefore it was surprisingly common that I would get a scam email almost immediately followed by a scam call, or vice versa. There was never any connection – just a bunch of unpredictable yet unavoidable co-incidences.
Callback numbers for rogue callers are usually pretty worthless, at least if the scammers are overseas, because it will look like a local number but probably just be the local end of an internet telephony connection. In fact, if you call back without suppressing your own number you pretty much end up telling the crooks that you called back shortly after they called you (for what that’s worth to them), yet getting nothing about them in return.
Anonymous
Thanks Paul – your site & video have proved most enlightening and have bought about considerable relief.
Robert Hopo
It just looks like too much of this goes on without law enforcement being clearly active in the look. Does this never happened to law enforcement? To elected officials. To high end business leaders?
redjack7
Paul, I got four of these emails in the last ten days. All came from outlook.com and had the names: [REDACTED] Sappho, Wilfred [REDACTED], [REDACTED] and Hildegarde [REDACTED] (wow there’s a name for you!). Some how they got my password (which I have since changed). I opened two. They basically contained the same script: We’ll ruin your life, you’ll live in shame, you’ll never be able to look anyone in the eye, we’ll contact your boss and coworkers, etc., etc. I don’t have a boss or coworkers, I’ve been retired for over 20 years.
The price for their silence was 0.3 BTC, about $2,650. I had 24 hours to pay. That’s already long gone.
I must admit I was shaken at first, but after visiting your website I felt much better.
I reasoned that since these creeps are only after money, why would they invest time and energy to track down my contacts and send them a video (if they even had one) without getting paid?
I hope these insects will disappear and get real jobs.
Paul, many thanks for your great website. It certainly helped remove the anxiety from this nonsense.
Mel
Can I just reply telling them where they can shove their threats?
Paul Ducklin
It’s not going to be their email address – at best you would be shouting into the wind; at worst you might be freaking out someone who got caught in a crossfire.
Mel
Wouldn’t it be wonderful to find/track their IP address and gain enough information to give to authorities and have them arrested for communicating threats, blackmail and extortion?
Fight fire with fire…..
I suffer with severe anxiety and this email is causing me undue stress which is affecting my mental stability. How about that?!
Paul Ducklin
They might never get caught, though you can be sure that there are any number of cybercops in any number of countries who are hoping they will. But, hey, when it comes to cybersecurity and hacking, never say never!
Redzuan
Hi guys. I’m received same extortion email today.
” Iï»ż’mï»żï»żï»ż awï»żï»żï»żaï»żï»żï»żï»żrï»żï»żï»żï»żeï»żï»ż,ï»ż ï»żï»ż********ï»żï»żï»ż,ï»żï»żï»żï»żï»żï»ż ï»żï»żï»żï»żisï»żï»ż ï»żï»żï»żï»żï»żï»żyï»żï»żï»żï»żoï»żï»żï»żuï»żï»żï»żï»żï»żï»żrï»żï»żï»ż ï»żï»żpï»żï»żaï»żï»żï»żsï»żï»żï»żï»żsï»żï»żwï»żï»żï»żï»żoï»żï»żrï»żdï»żï»ż.
I nï»żï»żeeï»żd yoï»żur ï»żcï»żoï»żï»żmï»żplï»żeï»żï»żte atï»żteï»żntï»żï»żiï»żï»żon for tï»żheï»ż ï»żneï»żxï»żï»żt Tweï»żnty-fouï»żr hï»żourï»żs,ï»ż or Iï»ż wilï»żlï»ż cerï»żtainlï»ży ï»żmakï»żeï»ż suï»żrï»że yï»żou tï»żï»żhï»żatï»ż ï»żyou ï»żlï»żive ouï»żtï»żï»ż ofï»ż embarï»żrï»żï»żasï»żsmenï»żt ï»żfï»żï»żoï»żr ï»żtï»żhe rï»żestï»ż ofï»żï»ż your liï»żfetiï»żmï»że.ï»ż
Hï»żï»żeï»żlï»żloï»ż,ï»ż ï»żyï»żouï»ż dï»żoï»żnï»żï»ż’tï»ż ï»żï»żkï»żnow mï»że. Yeï»żt ï»żIï»ż ï»żknï»żoï»żwï»żï»ż ï»żï»żjï»żï»żï»żuï»żst aboï»żuï»żt ï»żeveï»żrythiï»żnï»żg ï»żconcerniï»żï»żnï»żg yï»żou. ï»żYouï»żr facï»żï»żeï»żboï»żok coï»żntact ï»żï»żlï»żistï»żï»ż, mobï»żile ï»żphï»żonï»że cï»żï»żontaï»żcts alonï»żgï»ż ï»żwitï»żï»żh allï»żï»ż thï»żï»żeï»ż diï»żgitalï»ż acï»żtï»żiviï»żtyï»ż iï»żn ï»żyï»żoï»żur compï»żutï»żeï»żr fï»żrï»żom ï»żpï»żaï»żstï»ż 1ï»ż14 ï»żdaï»żyï»żs.ï»ż
Wï»żï»żhiï»żcï»żh ï»żinclï»żudes, ï»żyï»żoï»żur masï»żtï»żuï»żrbaï»żtï»żioï»żnï»ż ï»żvidï»żeo cliï»żps, ï»żï»żwï»żhï»żichï»ż brï»żï»żinï»żï»żï»żgï»żsï»ż me toï»ż theï»ż primaryï»ż ï»żrï»żeasonï»ż ï»żwhy ï»żI ï»żï»żaï»żmï»ż cï»żï»żompï»żoï»żsï»żiï»żng ï»żtï»żhiï»żs e-ï»żmail to you.ï»ż
Weï»żlï»żï»żlï»ż the pï»żreï»żviousï»ż timï»żeï»ż yoï»żï»żu vï»żisï»żitï»żeï»żd theï»ż pï»żï»żornï»żo weï»żbpagï»żesï»ż, mï»żyï»ż ï»żmï»żï»żaï»żlwaï»żï»żï»żre endï»żï»żï»żed up bï»żeinï»żg tï»żriï»żggï»żï»żeï»żred iï»żn ï»żyour persï»żonalï»ż coï»żï»żmï»żputï»żï»żeï»żr ï»żwhich eï»żnded uï»żp shooï»żtiï»żï»żng a loï»żvely ï»żvideo clï»żï»żip ï»żof your mï»żï»żaï»żï»żstï»żï»żurbï»żaï»żtioï»żn actï»żï»ż ï»żsimpï»żï»żly byï»ż ï»żï»żaï»żctivï»żaï»żtï»żï»żiï»żngï»ż yoï»żuï»żr caï»żm.
(yï»żï»żoï»żuï»ż ï»żgï»żoï»żtï»ż ï»żï»żï»żaï»żï»ż ï»żï»żeï»żxï»żï»żï»żcï»żeï»żï»żpï»żï»żtï»żï»żï»żï»żiï»żoï»żnï»żaï»żllï»żï»żï»żyï»ż ï»żï»żsï»żï»żï»żtï»żï»żraï»żngeï»żï»żï»ż ï»żï»żï»żï»żprï»żeï»żï»żï»żï»żfï»żerï»żï»żeï»żnï»żï»żï»żï»żcï»żï»żï»żeï»ż ï»żï»żbï»żtwï»ż ï»żlï»żmï»żaï»żï»żï»żo)ï»ż
I ï»żoï»żwn ï»żï»żtï»żï»żheï»ż ï»żcï»żï»żoï»żmpï»żï»żlete recoï»żrdinï»żgï»ż.ï»żï»żï»ż ï»żï»żIn ï»żthe cï»żase ï»żyou ï»żfï»żeeï»żl Iï»ż ‘ï»żm ï»żï»żfï»żoolï»żingï»ż aï»żround, jï»żustï»ż reï»żpï»żï»żly ï»żproï»żofï»ż ï»żanï»żd Iï»żï»ż wiï»żlï»żlï»żï»żï»ż ï»żbe ï»żfoï»żrï»żwï»żaï»żrï»żdï»żiï»żngï»żï»ż ï»żtheï»ż ï»żpï»żarï»żticï»żulï»żar ï»żreï»żcoï»żrï»żdiï»żï»żng raï»żnï»żdoï»żmly ï»żtï»żo 12ï»ż peï»żï»żoplï»żeï»żï»ż ï»żyoï»żuï»ż ï»żreï»żcoï»żgnize.
It coulï»żdï»ż enï»żd upï»ż being ï»żyoï»żur ï»żfrï»żï»żiï»żenï»żï»żdï»żs, co wï»żï»żoï»żï»żrkeï»żï»żrs, boss,ï»ż paï»żï»żrï»żentï»żsï»ż (Iï»ż ï»żdoï»żnï»ż’t kï»żnowï»żï»ż! Myï»ż softï»żwï»żaï»żre pï»żrogï»żï»żrï»żaï»żï»żm ï»żwï»żilï»żl ranï»żdoï»żï»żï»żmly cï»żhoosï»żï»że ï»żtï»żhe conï»żtacts)ï»ż.
Wï»żiï»żlï»żï»żlï»żï»ż yoï»żuï»ż ï»żï»żbeï»żï»ż ï»żï»żcï»żaï»żï»żpaï»żï»żbï»żï»żï»żlï»żeï»ż toï»ż ï»żgï»żaï»żzï»żï»żeï»żï»ż ï»żï»żiï»żnï»żtoï»żï»żï»żï»ż aï»żnyoï»żnï»żï»żeï»ż’ï»żsï»ż ï»żeï»żyï»żï»żï»żï»żeï»żsï»żï»ż ï»żaï»żï»żgaï»żiï»żï»żï»żï»żnï»żï»ż ï»żaï»żftï»żerï»żï»ż ï»żï»żiï»żtï»żï»żï»ż? ï»żï»żI qï»żï»żï»żueï»żstï»żï»żiï»żï»żon ï»żï»żtï»żhï»żaï»żtï»ż.ï»ż..
Hï»żï»żowï»żï»żeï»żvï»żeï»żrï»żï»żï»ż,ï»żï»ż ï»żï»żitï»żï»żï»żï»ż ï»żï»żdï»żï»żoï»żesï»ż ï»żnï»żoï»żï»żï»żï»żï»żtï»ż ï»żï»żï»żï»żï»żnï»żï»żeï»żï»żï»żï»żï»żï»żeï»żï»żdï»żï»żï»ż ï»żï»żtoï»żï»żï»żï»ż ï»żï»żï»żï»żï»żbï»żeï»ż ï»żï»żï»żtï»żhï»żatï»ż ï»żï»żï»żï»żwaï»żï»żï»żyï»ż.
Iï»ż ï»żwï»żaï»żï»żntï»ż tï»żoï»żï»ż mï»żaï»żï»żkï»żeï»żï»ż ï»żï»żyï»żoï»żuï»ż ï»żaï»ż oï»żï»żï»żnï»żeï»ż ï»żtï»żï»żiï»żï»żmï»żeï»żï»żï»ż, ï»żï»żnï»żï»żon ï»żï»żï»żï»żnï»żï»żeï»żgï»żoï»żï»żï»żtï»żiï»żï»żï»żaï»żï»żï»żbï»żlï»że ï»żoï»żï»żffï»żï»żeï»żr.ï»żï»ż
Getï»ż $ ï»ż2ï»żï»ż000ï»żï»żï»ż ï»żiï»żnï»ż ï»żbï»żiï»żtcoiï»żï»żï»żn ï»żï»żï»żï»żï»żandï»żï»ż ï»żï»żsï»żeï»żï»żnï»żd ï»żiï»żï»żtï»żï»żï»żï»ż tï»żï»żo ï»żï»żtï»żhï»że ï»żï»żbï»żï»żï»żï»żeï»żlï»żï»żï»żoï»żwï»ż ï»żï»żaï»żdï»żï»żï»żdï»żï»żrï»żï»żï»żeï»żsï»żsï»ż:ï»żï»ż
[REDACTED]
[ï»żCï»żï»żAï»żï»żSï»żï»żEï»żï»żï»żï»ż ï»żï»żsï»żï»żeï»żï»żnï»żï»żsitï»żiï»żvï»żï»żï»żï»żeï»ż cï»żï»żoï»żpyï»żï»ż aï»żï»żï»żnï»żdï»żï»ż pï»żï»żasï»żï»żï»żtï»żï»żeï»żï»ż ï»żiï»żï»żï»żtï»żï»żï»żï»ż,ï»żï»ż aï»żnï»żï»żï»żï»żdï»żï»żï»ż rï»żï»żï»żemï»żoï»żvï»żï»żeï»żï»żï»ż *ï»żï»ż ï»żï»żï»żfï»żï»żï»żroï»żmï»ż ï»żiï»żï»żtï»żï»ż]
(Iï»żï»żï»żf ï»żyï»żï»żoï»żuï»żï»ż ï»żdï»żoï»żï»żnï»ż’tï»ż ï»żkï»żï»żnoï»żï»żw how, gï»żï»żoï»żoï»żgï»żï»żï»żle ï»żï»żï»żhowï»żï»ż ï»żtï»żï»żï»żoï»ż pï»żuï»żï»żrï»żcï»żï»żhï»żï»żï»żaï»żsï»żï»żï»żeï»ż ï»żï»żbï»żiï»żtï»żcoï»żï»żiï»żn. ï»żDoï»ż ï»żnï»żot ï»żwï»żaï»żsï»żï»żï»żtï»żeï»ż my ï»żvï»żaï»żlï»żï»żuï»żaï»żbï»żlï»żï»żeï»żï»żï»ż tï»żimï»że)
Ifï»ż yï»żouï»żï»ż ï»żsend ï»żtï»żhï»żï»żis ï»ż’ï»żdï»żoï»żnï»żation’ (ï»żleï»żt’s call ï»żit that?). Afteï»żrï»żï»ż thï»żaï»żï»żt,ï»żï»ż Iï»ż ï»żwill go away andï»ż uï»żnder ï»żno circumstancï»żeï»żï»żs get ï»żï»żin ï»żï»żï»żtï»żï»żoï»żucï»żhï»ż wï»żï»żith yï»żouï»ż agï»żaiï»żï»żn. ï»żI ï»żwiï»żllï»ż ï»żï»żelï»żiï»żmiï»żnï»żateï»ż everï»żything I’veï»ż got ï»żconï»żceï»żrningï»ż yoï»żu. You ï»żmayï»ż ï»żkeep onï»ż living your orï»żdï»żinarï»ży ï»żdï»żay to ï»żday lifestylï»że with ï»żabsoï»żluï»żï»żtely ï»żno coï»żï»żncï»żernï»ż.
Yoï»żuï»ż have gï»żotï»ż 1ï»ż dï»żay inï»ż oï»żrderï»ż tï»żoï»ż do ï»żso. Yoï»żurï»żï»ż time ï»żbeï»żgï»żï»żinsï»żï»ż as sï»żoon yoï»żu go ï»żtï»żhrï»żoï»żugh thï»żiï»żï»żs eï»ż ï»żï»żmail. Iï»żï»ż ï»żhï»żave goï»żt ï»żanï»żï»ż ï»żï»żspecï»żï»żï»żiï»żaï»żl prï»żogram cï»żode tï»żï»żhat wilï»żl ï»żnï»żotify me oï»żncï»że yï»żï»żï»żou seeï»ż ï»żthis mail ï»żï»żï»żso dï»żo not attï»żeï»żmï»żpï»żtï»żï»ż ï»żto ï»żaï»żctï»ż smï»żartï»ż.”
Aslu
@Redzuan, the email you got is almost identical to the one I received, word-for-word, except the number of contacts and number of digital activity days are different.
Anonymous
Received a similar email today. They have found a password I had used years ago…Thanks for all the information and video.
Extortion_Terminator
Got exact same email today..
RB
Just got one. So I started to explore the email a bit. Comes back to a [REDACTED] site and [REDACTED] as a user. Really wondering how much work it would take to make him a pen pal and start sending him really messed up stuff!
Paul Ducklin
Don’t do that – the server and username you have there are not going to belong to the crooks, so if such a user exists you will just be hassling them in turn…
Anonymous
Got the email, googled the verbiage, found this page and your video. Thank you so much for the information.
Rob
I just received one of these scam-mails demanding $2000 in bitcoin….whatever. I don’t watch porn all that often, but on a rare occasion….Well, I’m only human, y’know. Don’t recall masturbating to any porn but it isn’t something I keep tabs on so who knows. The way I figured, if something got posted to the world it got posted to the world. Besides I could use that cash from winning America’s Funniest Home movies…for the next time I am scammed. Anyway, found this video and it looks like my 15 minutes (or 15 seconds) of fame will have to wait.
jojo
i just got one today! so i was thinking how can the authorities catch this crooks? because for sure, out of the thousands who received this email scam/sextortion, a few may fall for them.
Jez
Iâve had the same one too. Worrying, but also educating with regards to protecting devices ultimately. Weirdly lots of coincidence as mentioned in other messages above. Looks like I will have another one later. ! Thanks Paul, you are very patient and helpful.
Orlando Lumba
I received 3 similar emails today and they have the password i use for my banking.
I have also reported it to the FTC
MG
Got one today worded identical to the one Redzuan posted above. Usually, I am very wise to scam mail and do not even open; however, the email indicated it was from Brian (who is a contact of mine, which I found creepy on how they would know it was a name of one of my contacts? ), so I opened it and found this disgusting crap. I find it strange they claim to know everything about you, but don’t even address you by name,…they addressed me by my email address and then indicated they know my password is ___________, which was an old password of mine. It also said if I doubted the threat, to email them back the word “proof” and they would send to 8 random contacts of mine. I knew in my heart it was a scam, but it caused me to start deleting contact info on my phone, etc. just in case! I was going to start on my Facebook list next, but thankfully I found this site and know I don’t have to worry! Thank you for all of your help! Even if it scared me a bit, I was never going to send the money!
Katterkat
Yes I received one of these sexscams on May 3rd 2020. They had one of my old passwords from about 8 years ago. We had our internet turned off 2 years ago. I never watched porn. I also had a business card clipped to the camera just in case a hacker tried to video us. Its also a laptop. Also I don’t leave it on if I am not in front of it.
They said they were recoding my activity since 133 days ago. I laughed showed the email to my husband and then deleted it.
But it was kinda strange because I had received an email from yahoo saying someone from Mexico was trying to hack my email 2 days before that.
Someone tried to hack my email about a year ago and trying to send email from my email address. I kept getting these failure to send from my email address to some email address I didn’t know. I finally wrote a report to yahoo and it stopped.
Marc
Help out a friend here. I got the exact same message but it was texted to my phone with my entire name and my home street address in the letter. Any advice?
Paul Ducklin
We’ve seen sextortion crooks and other scammers using a range of different “proof” data, most of which seems to come from old breaches where the data was dumped for anyone to try, including:
* Passwords
* Phone numbers. (I’ve only ever seen partial ones, e.g. a UK number given as 07xxx-xxx-342, which suggests they got them from an already-partly-redacted list).
* Addresses.
* Emails sent from your own address. (These “From” addresses are trivially spoofed in the email headers just for show – the email didn’t come from your *account*).
Advice for your chum? Same as if it were a password as “proof” – report if you wish, delete, maybe use a rude word or three, move on.
Sean
I received two text message in the last day from a weird number requesting payment of $3K to delete a video performing illicit acts. It referenced my dads name but misspelled and also had an old password that may have been used by someone a while back (wasnât exactly accurate). Feeling very violated about it but nothing to truly worry about right?
Paul Ducklin
No, don’t worry.
Aircastle
I got this one.. never had one of those so freaked me out:
Hi! I will be direct. You watch adult content often and i caught you masturbating. We all do it from time to time. How i did this? Your router was vulnerable. I was able to inject some code into firmware, and every device connected on the network, including phones, was compromised. Then I set every device available to record with the camera only when you watch adult content. I also got your contact lists, phone numbers, emails, social media contacts, and here is the deal. If you don’t pay me 900 dollars worth of BTC, I will send your masturbation video and search history to all your contacts.
And then it goes on a little longer… No need to worry then?
Paul Ducklin
No need to worry.
Avettladyfan
So I got a text message from an actual phone number (as in, a normal number of digits so it wasn’t shortened or anything out of the ordinary) with this same crap. Just said that they had my entire facebook contact list, smartphone contacts and all my digital activity from the past 121 days and that their malware ended up being activated in my device, which ended up recording video footage of me masturbating (false) by activating my camera. Then went on to ask me to go to pay $1000 by way of BTC and an address of a bunch of letters & numbers to copy & paste into my browser. I’ve always gotten dumb stuff like this as an email. It bothered me that it came as a text message and from a normal looking number. Thoughts?
Paul Ducklin
SMS scams and spams – at least here in the UK – have always been much less common than their email-borne cousins, but nevertheless common enough that we get enough of them to be annoying. As we wrote in a recent article that analysed a PayPal text message scam, “SMS messages havenât died out completely, not least because theyâre a lowest common denominator that pretty much every mobile phone in the world can receive.”
Sadly, I’m not surprised that the sextortion crooks have tried a bit of variety.
In phishing attacks such as non=delivery or refund scams, there are even advantages for the crooks in using SMS: it’s much easier to avoid spellos and grammatical mistakes; and it’s not unusual to expect a shortened link.
A couple of examples from the past two years:
https://nakedsecurity.sophos.com/2019/01/08/sms-phishing-is-alive-and-well-and-simply-believable/
https://nakedsecurity.sophos.com/2020/02/05/paypal-sms-scams-dont-fall-for-them/
Marvin
I’ve received these for a while now, but today was different. Today I’m getting spammed with the same threat but from multiple email addresses, all similar but different. [REDACTED], [REDACTED], [REDACTED] and a few hundred others. Coming at me about every 2-4 minutes all morning and then a break but now starting again this afternoon. I’ve done multiple scans for malware and the alleged “RAT” but nothing is found. I have now used the idea of blocking the Bitcoin wallet address. At least that’s getting them our of the inbox and into the junk folder. For those interested, the text copy is below.
Hey, I know one of your password is: xxxxxxx
I’m a hacker and programmer, your computer was infected with my private software, RAT (Remote Administration Tool).
Your browser wasn’t updated, so it was enough to just visit the website where the iframe to my exploit pack was placed.
My software gave me full access to your computer, your files, contacts, accounts and it was possible to spy on you over your webcam.
I WAS SPYING ON YOU FOR SOME TIME.
I KNOW ALL ABOUT YOU, YOUR SECRETS, ALL YOUR ACTIVITIES.
I CAN LET EVERYONE KNOW ABOUT AND I’M SURE YOUR LIFE WON’T BE THE SAME AFTER THAT.
To stop me, send 1400$ with the cryptocurrency Bitcoin (BTC), I think it’s a very good price compared to the result if you don’t pay.
You can buy Bitcoin (BTC) here: [REDACTED]
My Bitcoin (BTC) wallet is: [REDACTED]
Simply copy and paste it, it’s (cASe-SenSitiVE).
I give you 3 days to send the Bitcoin (BTC), send it directly to my wallet, or create your own wallet first here: [REDACTED] and then send to mine.
Next time update your browser before browsing the web, so you won’t get infected again!
Paul Ducklin
I wonder if the crooks’ spambot broke and you got hit by a large part of one spam run that was supposed to go a list of 100s or 1000s of different people, except you are getting (or going to get) the lot?
I’ve had spam blasts in the past of the sort where I got 100s of identical messages in a giant sequuence that were obviously supposed to go to 100s of different people, as well as individual spams with 100 or so different spam samples all jammed together where the spam “engine” was obviously supposed to pick one at random. Oh, and I sometimes get emails in which the spammers forgot to include any message at all, or where the spam says “Dear” and ends at that point.
Cesar
Whereas all information and suggestions on the video are sound and helpful, I wonder why no specialist explains the fundamental fallacy on a sextortion scam:
1) It is possible to record a person via a remote operation of the computer’s camera;
2) It is also possible to make a side-by-side “movie” or “proof” of this recording and a non related video, be it which one could be shameful to the recipient;
3) Ergo, a video of a person captured on camera shown together which whatever movie does not entail automatically that the person was viewing that content when recorded, so the “proof” is weak from any standpoint.
The only way such thing could be used (proviso it can be shown the capture had not been tampered with) would be a video of camera showing simultaneously the person and the movie, this per se a very difficult filming angle to start with!
Almost
I know foryou is one of your password on day of hack..
Lets get directly to the point. Not one person has paid me to check about you. You do not know me and you’re probably thinking why you are getting this email?
in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean).
When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam.
immediately after that, my software obtained every one of your contacts from your Messenger, FB, as well as email account.
after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you.
Best solution would be to pay me $1127 . We are going to refer to it as a donation. in this situation, i most certainly will without delay remove your video.
My BTC address to send to: [REDACTED]
[case SeNSiTiVe, copy and paste it]
You could go on your life like this never happened and you will not ever hear back again from me. You’ll make the payment via Bitcoin (if you do not know this, search ‘how to buy bitcoin’ in Google).
if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it’s hacked too. I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid. if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on. Nevertheless, if i do get paid, i will destroy the recording immediately. If you need proof, reply with Yeah then i will send out your video recording to your 8 friends. it’s a nonnegotiable offer and thus please don’t waste mine time & yours by replying to this message.
Anonymous
Go this same exact email in my spam mail back at the end of July hopefully this is a scam….
I only use my phone and i dont have a fb, messenger..
Pretty nerve wrecking…..
TheWeridMedium
So this happened with me today, I didn’t even checked my spam folder until 11 days, It was sent eleven days ago it was same as many users have reported it writing style and sentences were identical , Unless they haven’t got any payment ( I checked their Bitcoin address ) and what i did was simply deleted the email and move on, Because the password that I was sent I used that on online forums ( ages ago ) I and I looked at some breached databases and found it was right there by doing all this research I got peace of mind, The only reason why i did this all is because i am a regular user of (adult sites you know what i am talking about) I got scared and I was losing my mind, But having some idea how these things work and getting into someone’s computer or mobile isn’t easy if the person being attacked is a dump ( usually people who click everything and really trust pop-ups they are usually java script written to get you screwed by creating a backdoor to see what you do or enable your webcam ) so I really say this article helped to get things right, Thank you so much.
Santino Corleone
Sucker said he’s going to send the supposed video to 8 of my friends, Little did he know that i have NO friends HAHAHAHA Jokes on you
Nick
So two of the last three commenters have exactly the same number of friends as I do? What an amazing coincidence!
Seriously, though, the supposed list of contacts they got is another claim that would be easy to substantiate (if it were true): it is literally a list of plain text items (names, emails, whatever) that doesn’t need much formatting, if any, so why not throw it in for good measure? Instead, they are relying on some shot in the dark with the alleged number of friends, not even bothering to randomize it (I think I’m actually kind of disappointed in this particular implementation of the scam).
But this part cracks me up: “i am not looking to ask you for a lot, i simply want to be paid.”
But of course, by all means you should get paid for your efforts! It’s only fair (though some may say that there’s nothing fair in demanding someone else’s money when you’ve done nothing to deserve it). And who can say no when you are being so modest – not asking for a lot, indeed (a mere pittance, really). And “not one person has paid [you] to check about [me].” Poor guy! You did this all on your own initiative, out of the goodness of you heart! God forbid such kindness should go unrewarded…
zetje01
Yeah!
I finally received my first sextortion email!
A few days ago in my gmail spam folder.
Oh, the password “they have” is correct.
But I have known for a few years now that that password has been compromized.
About your video:
I don’t think it is a good idea to mention what hackers can do if they have access to your computer.
Since the sextortion mails dont come from hackers, let alone they don’t have access to your computer.
It may confuse people. IMHO.
Still, thanks for explaining sextortion mails on your site. Greetings!
Paul Ducklin
On the other hand, there are people who assume that, because sextortion emails are false, all the claims made in the email for what malware can do are false too. In other words, it’s important to know that malware can control your webcam, take screenshots, read keystrokes, steal your files and much more – that *is* possible and it is imoprtant, even though it is not what happened here.
Anonymous
I rarely go through my spam and I found a similar email dated August 2nd and opened yesterday (don’t remember the exact content minus the Bitcoin and ‘I know when you’ve read this’ part etc. etc since I deleted the email shortly after). I am currently so ill and panicky about this, and probably will remain this way until the 50 hours expires. Is the date a complete coincidence or is this intentional after happening upon content? This is such a bizarre thing and which I have never encountered (or at least haven’t seen because I rarely view the spam folder) I sent a brief blurb to the FTC but this is insane and twisted. The McAfee mobile scan seems to show good news but good God.
Anon
My e-mail was sent 8 days ago. My heart sank until I kept reading. But then, so much of it doesn’t apply and the e-mail I received was poorly formatted.
Anonymous
thanks for the info ///
I did receive one from [REDACTED]
i have not visited any of the websites
Anonymous
Today i got this email, at the beggining i was so scared even tought i don’t watch or have any porn, or even a webcam! I’m very glad that sophos did this topic, it was so useful and very informative. Thank you and keep the great work!
Anonymous
Receive the same mail on 12th august. Saw it today :p
Anonymous
received two of these today —- this should also be reported to the FTC .as a complaint.- make the government stop this waste of time ( search for “FTC complaint on sextortion” )
Anonymous
I received an email july 27th with the same one as the guys above me , i ignored it and deleted it. Then downloaded sophos for my android and got a password manager….
I wasn’t think much about it until i saw someone post on the ftc page in the month of april about the same scam, the person was hacked and their bank account was compramised…..Paul any advice?!
Paul Ducklin
Everyone I know has received one of these sextortion scam emails. So itâs not surprising if some people who received them also got hacked – but that doesnât prove that the sextortion email caused the hack. I received one of these sextortion emails and very shortly afterwards had a puncture while riding my bicycle – but the two events were not related…
Anonymous
Hi Paul i found an email like this from july but i barely saw it yesterday but the hacker didn’t use a password or provide proof they gave me 50 hours and i have been freaking out any advice
Paul Ducklin
Delete the email and move on…
Anonymous
i just got one of this what did they do?
Trevor Poole
I just got one with a password that is so old, I don’t even remember which website I used it on.
I would be very impressed if they actually had an embarrassing webcam video of me considering I have duct tape over the webcam on this laptop and also considering that the webcam is attached to the screen which I have at a comfortable viewing angle, meaning, even if they could magically see through the duct tape, all they’d see is part of my head and the ceiling in a room that’s pretty dark anyway.
Ben
A friend just received an email stating that I was on a porn website – also with the whole shebang of the old password. How did they get my friends email address?
Paul Ducklin
Once youâre on one spammerâs list youâre likely to end up on dozens of them. And because spammers donât much care about âunsubscribeâ you tend to stay on those lists forever. Sadly, there isnât much you can do to get off them…
Mr Bradley J Reynolds
Guys I replied to one of these emails and said something like “go ahead and send the video cause I know you don’t have one” etc etc.
These criminals have gone to great lengths to make me suffer ever since. I’ve been absolutely traumitized and so have people close to me because of this.
More emails come from anonymous emails and messages are sent to loved once from fake Facebook accounts.
Do not engage with these people. They have the time to really try and hurt you, it’s their job and they will protect their business just like a drug cartel.
mihalych
Don’t worry guys
Prajwal Desai
Hi Paul, a very good article. Just want you to add more info to the article. The email that we get contains the correct password and that is probably coming from one of the hacked databases. There is a way to check if you have an account that has been compromised in a data breach by going to haveibeenpwned dot com. If you enter the email address, it show if the email address is pwned or not. I hope this helps other readers.
Bubbles
1Hello!8
2I2am3a5hacker4who1has6access9to5your2operating7system.1
9I6also6have7full3access6to2your5account.7
7I8made5a8video2showing6how6you9satisfy8yourself5in3the1left6half8of3the6screen,7
2and7in9the4right9half1you5see5the7video2that1you4watched.8
6With2one2click9of8the4mouse,5I4can9send6this2video1to7
3all8your2emails1and5contacts5on1social3networks.3
4If7you3want1to7prevent2this,9transfer4the3amount2of9$7008to8my4BTC9address.4
1
4You3do1not8know8how8to7buy?6Search7to4Google8:6Buy9BTC7
2My2BTC1address4(BTC8Wallet)6is:4
[REDACTED]
7After2receiving2the9payment,3I8will1delete3the7video5and8you9will4never8
6hear4me3again.5
9I3give2you6506hours9(more6than428days)4to4pay.
5I8have9a5notice8reading2this8letter,5and2the5timer5will2work8when
2you4see5this6letter.1
4Don’t5try2to1respond9because6this3email3address4is5generated.9
7Filing2a5complaint8somewhere3does7not6make1sense7because2this2email2
2cannot7be7tracked4like4my5BTC9address.3
2I8do7not6make5any8mistakes.1
2Bye7!7
6
uh wth yh what is wrong with these people
Paul Ducklin
If you view these emails as HTML you usually find that the numbers between the words are set to an invisible or nearly-invisible colour, such as white on white, very light grey on light grey or soft lilac on mild purple. So they act as space characters when you view the message but hope to mess it up when you (or a spam filter) looks at it as text.
Bubbles
so it’s garbage?
Paul Ducklin
Yes, in both how it looks and what it says.
Alex
Hi Paul. I got one of these sextortion emails, ran a virus scan, and it came up with a OSX.Trojan.Gen. I’m worried that this means they actually were able to access my computer and webcam. Do you have any recommendations of what to do? Thanks.
Paul Ducklin
I canât advise you what OSX.Trojan.Gen means (or how accurate that detection might be) – you will probably need to ask Symantec about that (I think that itâs a âNorton nameâ). Gen is for âgenericâ so it means that the program that detected that virus it doesnât really know for sure anyway what it does, just that it probably does something bad under some circumstances.
Having said that, I donât think that your virus detection and your sextortion email are connected in any way at all. I think that you would have received the sextportion email whether you had a virus on your computer or not – the crooks are just trying it on.
Hundreds of millions of people get sextortion scams emails like this every year, with or without viruses. And hundreds of millions get some sort of computer virus infection, with or without sextortion emails.
I suggest that you delete the offending (and offensive) email, ask Symantec about the virus (they might ask you to send it in to add to their collection, I have no idea), and then remove it.
Although there are Mac malware samples that can access your webcam, I have not heard of one that has been connected in any way with these porn scam messages – the crooks are just trying to scare you into thinking there might be a connection.
Anonymous
I received one of these last Wednesday. It scared me so much and has been a real traumatic experience!
I had 90 hours to respond according to the email. Even though Iâve read everything I can online I canât stop thinking about it.
Iâve learned a lot in the past several days of my research and that part of this experience has been valuable.
Both my wife and I have changed all our passwords, I deleted Facebook, and checked our email accounts to see if they were pawnd.
Anonymous
I wrote the post above. My 90 hours are up.
Iâm pretty worried still!
Even though Iâve read a lot online itâs very frightening to think your life might be ruined by something like this.
Paul, will I hear back from these thieves?
I liked the video and it did make me feel better and have more understanding.
I also went online and reported this to the fraud dept/police in my town.
Paul Ducklin
If they really had a video of you, then why would they waste their time trying to convince you that the video exists by telling you your own phone number (or email address, or an ancient password)? None of those âdetailsâ proves anything.
As for âwill these crooks be backâ, the answer is that itâs likely. They tried to scam you once and sadly it costs them nothing to try again once your email address is on their list, in the same way that once you start getting investment scams from a new gang of crooks, they typically donât let up and they just try the same made-up garbage over and over again. (There was a period of about a year when I was getting these emails at a rate of one a week or more – I assume my email provider has started filtering them more aggressively as I am not seeing them any more.)
Sometimes the sextortion crooks refer to a previous email to increase the fear factor. Sometimes itâs just the same scam all over again from the beginning, but the âproofâ will still be nonsense.
John Doe
My mother received this message yesterday:
“Whoa [first name], youâre a real monster of wanking!
Merciless abuser of ur hand.
If ur hand could leave you, it would have necessarily done this already.
At the moment u read this msg and donât have any idea what itâs about, but itâs really simple.
Browsing porn websites, u should not be amazed at a spectator who infected your device and switched on ur camera, and has accessed to ur contacts and social networking websites.
I have your personally owned video with your sexual stimulation which I can share with ur relatives and upload it on the web.
My requisitions are as simple as that.
U pay me, and in return I will destroy ur sad video tape and leave u in peace.
Elsewise, I will be made to share it with the entire world.
And I advise you â find a date.
48 h is a fair time to solve the financial issue.
Donât send msg to me, the address will be deleted on security grounds.
Donât forget, 48 h from the moment of opening the notification, Iâll see this.”
It came from an AOL account that I assume was stolen (though, it doesn’t appear on HaveIBeenPwned’s list). It did not get flagged by her mail carrier’s spam protection. Despite me assuring her multiple times that it’s an extortion scam, she’s convinced there’s at least some truth to the threat. She expects them to respond tomorrow with demands …
I am disappointed that she believes any of it. She’s usually better than this. I doubt she’s watching porn, so part of me suspects she believes I’m the actual target of this (the email is clearly aimed at a man) and is too cowardly to outright say it. The problem is that I’ve never used her email address, don’t watch porn on my phone and don’t have a webcam for my desktop. I’ve gotten similar emails on my own accounts in the past (one actually using an old password as leverage) which I’ve promptly deleted and faced zero repercussions. It’s hard to blackmail a person with something that is guaranteed to not exist.
My mom is subscribed to a bunch of newsletters from retailers and politicians. Her account isn’t on HaveIBeenPwned, but I wouldn’t be surprised if her email address info was either sold or leaked.
Paul Ducklin
This isn’t aimed at her (or you) specifically… these crooks spam anyone and everyone whose email address they can find, with no rhyme or reason other than “send as many as possible”.
John Doe
I’m aware of that. She believed it was a genuine targeted threat (“How did they get my name?”) and not garbage sent en masse. I explained that to her, showed her other examples of people receiving similar spam messages but sometimes rationality goes out the door. Of course, nothing happened after the scammer’s grace period so she’s finally stopped telling me about it.
John Doe
The 48 hours have long passed … and nothing happened. Shocking.
Darryl Hannah
Hello. I rec’d almost exactly the same email from an aol account on July 19. Had a txt attachment that I did not open.
Sam pillar
Hello, I received similar email from AOL account. The only reason I opened it because they had my name in the email Subject line. Was wondering how these buggers know my name. Anyone had emails addressed to your name.
Paul Ducklin
Even so-called âminorâ data breaches, where only basic personal information such as full name+email+phone# gets stolen, is useful to crooks like this because means they can draw you in more believably than just saying âDear Sir/Madamâ.
This sort of criminal will variously use details such as your real name, your actual phone number or even one of your old account passwords as âevidenceâ that their claim to have hacked your account must be true.
But there are, sadly, many public (and not-so-public) sources where the crooks can acquire that sort of data from other crooks who got it via a hacking attack against a company you shared the data with, possibly even long ago.
So, although the presence of your personal data in the email *might* mean the crooks had hacked your computer directly, it probably means that they got it somewhere else to scare you into thinking they got it straight from you.
Grant
Hi Paul
Thanks the video was good! I got an email saying roughly the same thing, so I went to change my password in gmail I only ever use my iPhone so no laptop or computer just I phone for internet,email,WhatsApp, yes and of course porn, now I inflow itâs a scam but what iam worried about was when I went to change my email password I do the fingerprint check in to get into passwords then I went to change only to find the password was not what I last put or remember putting it was quiet short and had just random letters!!!! So Alarm bells rang, apart from some scam emails I get, I am just worried now I may have been spied on? I got the wifeâs computer and went and changed my password on there and then got codes sent to my iPhone!! Am really worried or should I just calm down!!!! I donât have any weird apps on my iPhone and donât have too many anyway!
Thanks
Paul Ducklin
If you think that someone else has had access to your email, then they could, indeed, have read your incoming emails, sent email in your name, and deleted emails to prevent you seeing them. There isn’t much you can do about that now, if it happened. What you can do is: check that you can still get into all your other online accounts (in case someone did a password reset via your mail account) and change those passwords just in case (seems as though you have done that), and check your email profile carefully for any added filtering or forwarding rules that an interloper might have added.
Crooks who break into email accounts often add mail filtering rules to influence what you see and when you see it, and add forwarding rules so they get copies of your email automatically even after you change your password. Here’s a court case about a former criminal (his conviction was overturned on appeal) who used the “forwarding” trick to snoop on his boss:
https://nakedsecurity.sophos.com/2021/07/02/us-email-hacker-gets-his-computer-trespass-conviction-reversed/
So, take a look through your entire email configuration for any options which ought not to be set. While you are about it, take the opportunity to look for security options you haven’t turned on, or perhaps didn’t even know about, and consider whether you want to start using them!
Anonymous
Paul you are a real gentleman ,Thanks so much for your reply! I have looked through my emails, sent,recieved,stored and all looks good! Have just changed my Apple ID for iCloud which is registered to another email address! So far I think things look normal? What about my Bank App on my iPhone I need to put a code on that to enter is it safe to do it? As I have been going on for ages so think itâs too late now? Any thing else besides my email I should check? You think I need to get my iPhone checked for spyware? I have installed the latest IOS today 14.7.1 is there anything else I should do? If he does have a spyware then anything I change he will see so it looks like iam in sinking sand?
Paul Ducklin
If someone were reading your email, then it feels unlikely they’d be able to read out (say) your phone lock code or the password on your banking app unless you pasted those codes into an email at some time, which I suspect you didn’t.
Of course, if your iPhone has spyware on it, the crooks could pretty much snoop on everything anyway… if we assume that any intrusion (if indeed there was one) happened via your laptop, then you probably don’t need to worry too much about your iPhone. You could install some extra security software if you like (Sophos Intercept X for Mobile is free in the App Store, for example), but keeping your apps and iOS version up-to-date is a good starting point.
Grant
Thank you so much Paul I have been through my emails and everything looks to be fine⊠no sent emails that shouldnât be there and the inbox is getting my normal mails coming in so I think all good!!! Just wonder how the password changed though? Anyway have changed my Apple ID but that is off a different email address,I have installed your Sophos intercept app on my iPhone so hopefully itâs a extra security! Just worry if I was spied on would they have screen shots of my banking details or codes and stuff? Or if it was just my email that was hacked and not my phone it should be ok? Any way I looked on youve been pywned and yes my email is there with 4 cases so not surprised I get hackers annoying me!! Sorry not so clued up on this stuff like you!! Thanks so much Paul
Anon
I really need some help/advice.
I have received two of these emails, The first time was just an email threatening me and telling me about my webcam activity etc. I ignored it. The second one was a lot more serious. The hacker has sent me personal videos/pictures of myself, details of people in my email contacts threatening to expose me if I don’t pay the Bitcoin fee.
Please can somebody reassure me that they won’t expose me. I really don’t want to get doxxed. I’m feeling suicidal over this…
Anonymous
I haven’t received any follow up emails (hopefully never again) but if I did I would start reporting with the company your emails are associated with. I think talking to someone directly would make things move along faster and someone can reassure you. The main thing is that it is made aware that your privacy has been compromised and you can get some direction on what to do about it.
AJB
I just got one yesterday, I skimmed the email (came in my spam folder) but didn’t really pay much attention. They said the same thing about the porn, and sending to contacts, and to pay them like 1.5 bitcoin (had to look and see what that even was lol)! I did check my email and seen it was in like 18 hacks over different sites on the dark web. I deleted that email, scanned my back up email (it was clear), and redid all my passwords to my apps and sites. I was only given 5 days though lol…….. Loved at the end when they gave me a “tip” to change my passwords.