Skip to content
Naked Security Naked Security

“FINAL WARNING” email – have they really hacked your webcam?

In the last 24 hours, SophosLabs received 1,700 samples of just one new sextortion campaign. Good news? It's all a pack of lies. Don't reply. Don't engage.

Sextortion is back!

In fact, it never went away.

Some of us get dozens of sextortion scam emails every month to our work and personal accounts, demanding us to PAY MONEY OR ELSE!!

In the crime of sextortion, the “OR ELSE” part is a threat to release a video of a sexual nature in which you are visible.

For example:

FINAL WARNING. You have the last chance to save your social life. I am not kidding. I give you the last 72 hours to make the payment before I send the video to all your friends and associates.

How did the crooks obtain this X-rated film in which you’re the star?

They typically claim to have filmed you using malware planted on your computer in some way, for example:

I’ve been watching you for a while because I hacked you through a trojan virus in an ad on a porn website. If you are not familiar with this, I will explain this. A trojan virus gives you full access and control over a computer, or any other device. This means that I can see everything on your screen and switch on your camera and microphone without you being aware of it.

The good news is that it’s all a pack of lies, so you can relax.

But the bad news is that this sort of cybercrime is nevertheless confronting and scary, because of how the crooks claim to have spied on you.

Even if you don’t watch porn, what else might they know about you if they have spyware on your laptop?

Is it technically possible?

If you’ve ever heard of RATs, short for Remote Access Trojans, you’ll know that malware does exist that makes it possible for a crook to turn on your webcam remotely.

Indeed, in a high-profile criminal case back in 2014, US youngster Jared James Abrahams, a college student in California who was studying computer science, was sentenced to 18 months in federal prison for spying on women via their webcams.

Abrahams pleaded guilty to hacking and extortion charges relating to 150 women, including Miss Teen USA, Cassidy Wolf, who went public about the threats made against her.

(As an aside, Wolf also said that she had risky habit of using the same password everywhere, which may well have been how she got attacked and infected in the first place – so if you aren’t smart about passwords, change yours now!)

Do the sextortionists have anything on you?

No.

If you receive a sextortion email like the one we showed above, without any stills from the video as proof or a link to view the file, then it’s just bluff and bluster.

The crooks are just trying to scare you into paying them something.

Remember, they send out these sextortions by the million – in the last 24 hours, SophosLabs received 1700 samples of just one new sextortion spam campaign in its spamtraps.

So even if only a few recipients get scared enough to pay, the crooks end up making thousands of dollars with almost no outlay.

Our simple advice is: DON’T PAY, DON’T REPLY.

Delete the offending emails, and don’t engage with the crooks at all.

But they seem to know all about me!

We’ve had numerous emails from readers who never watch porn, don’t even have a webcam, and yet get scared by some of the claims made in these emails.

That’s because the crooks often try to convince you that they really do have “insider knowledge” about you.

They include personal details in the email that allegedly “prove” that there must be some sort of active spyware infection on your computer.

For example:

  • The crooks include one of your passwords. Often, it’s an old password, but usually it is (or was) genuinely yours. That’s scary, but don’t panic – these stolen passwords come from data breaches, where your data was lost by someone else. The crooks didn’t steal the password directly from you.
  • The crooks include your phone number. Same again – the crooks use phone numbers, paired up with email addresses, acquired through a data breach. The data wasn’t lifted directly from your computer.
  • The crooks send the email from your own account. Except that they don’t – the name that shows up in the From: field in an email is actually part of the email itself. Crooks can put anything they like in there, in just the same way that they could send you a snail-mail and sign off the “Yours sincerely” part in your name.

What to do?

Nothing!

OK, delete the email – but don’t panic, don’t reply to the crooks, and certainly don’t pay up.

If the crooks really wanted to prove they had a “sex tape” of you, they’d send you a still image, or a link where you could preview the file they claim to have.

But they don’t – they just threaten you and present vague and unconvincing evidence that they know something about you.

So, don’t panic, delete the email, and don’t let the crooks trick you into contacting them at all.

For further information


(No video visible above? Watch on YouTube.)

Sextortion scams are nothing new. Learn how these crooks spoof your own email address to make you think they have access to your computer. And then read about more about recent sextortion emails.

52 Comments

I’ve seen sextortion emails that do include a link or attachment as “proof”. Example would be a PDF attachment, when opened silently runs powershell to drop all kinds of goodies. I’ve also seen criminals show their convenient side and offer to be paid via PayPal instead of Bitcoin (URL provided). URL=credential harvest.

While I agree that most of the time these emails are vague and have no weight behind it. Criminals are attempting to find other clever avenues then simply sending a note. Further advice is to not panic, and don’t click things even if they are providing “proof”.

I have similar kind of email and which has come from a proper Gmail account and i just opened the link at the bottom and this kind of email appeared demanding for paying amount elsewise he will expose me all around. He was talking about some porn site and whenever i view any link assuming it to be some womens details he will get an intimation They also claim to have access to my other devices and going to spoil of social reputation.They talk about photos ON ALL MY DEVICES, they say they know my IP address and other devices that i am using. I am almost done with my time. What next to expect. They even say that they have designed a Malware that was installed with email and that will open the moment i opened this email that contains all my contacts from other devices too which they have access now. He has furnished Bitcoin, Dash Litecoin, Zcash , Monero with some codes opposite each one of them. I beleive this is where i need to pay
Do i have list as spam in my Gmail and then deleted it.
I highly appreciate your help and suggestions.

I get those emails and laugh. No camera.

Same here, got one today with an old password I changed ages ago..and guess what…my laptop has no camera…LOLOLOLOLOLOLLOLLL and I have never even visited sex sites. So funny…

Same here hahaha!! I got kind of this email today but my office’s PC has no camera LOL. And I was changed those password abut 2years ago, little scared but when I got this article it’s helps me to open my mind. THANK YOU AND GOD BLESS

Me too. I got one this week and emailed right back saying ‘you go for it pal, I’m a porn star so everyone’s seen my tonsils. I’m just pissed off that you got it for nothing. Everyone else has to pay for it’. I’m not a porn star but thought it would be fun to play with them.

I’m getting lots of these. They say they have sent it from the account but it’s actually a forwarded email address not a real account. My current strategy is to “always” submit the Bitcoin address to bitcoinabuse.com (there may be other places) in the hope that they might give up in time and others might be warned. In any case I keep a post-it over the camera!

It is always a good practice to mark the bitcoin “address” as scammer owned. personally I also like to try and shutdown the origin email just to make it a little more inconvenient for the scammer. It’s just a few emails to ISP’s. Of course if it originates in a country that hates the west you will not have much luck on the email shutdown. In which case it might be nice to register that address for some free daily inspiration messages from God.

I just got three of these (all the same) from my own email account. He said he hacked in via:
“The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).”
Shocked me at first but then realized you are correct that they can put anything in the “From:” field.and that I do not own any Cisco equipment.
Looked more like Phishing to me…
Just deleted, no reply deserved or given.

How do you send an email to the ISP? What address?

Uhh, Bill T., you use the function in your Mail User Agent which displays full headers. Then you read the hop-by-hop path that the email took from sender to receiver. Look at the sender’s IP address. When you look up that IP address on any of several nslookup (or network lookup) servers you can find on the internet, the returned information includes an email address of the form abuse@example.com. Send the offending email to that address INCLUDING the full headers. They will cancel the spammer’s account.

If we all did that, they would give up some of these schemes that rely on receiving responses.

The IP and email addresses are probably “spoofed” so it would probably be a waste of time.
Using the email headers (different for every client and webmail, you’ll have to read up) you can then search for a “whois” service and then plug in the domain name. If it is in Europe you may get nothing as per the new regulations but for anywhere else you should at least be able to find an an address like “abuse@example.com”.
Whether or not you’ll get a response is another matter.

ISP-internet service providers usually have a special adresse for those scam reports. If you don’t want to bother looking for it from their homepage, just forward it to their general e-mail address and they’ll know what to do with it.

Great article. You are spot on Paul – never reply

I like the hell out of you guys. I will take your advice on “don’t respond”, even if it’s in bad taste and maybe/ should take up their time; the as&@(s may snag something to use, if not my jit it may convince some other horny victims, like Paul. I know about your piercings and will show them to the Royals. Call me –
Dickspecible… but please Call…I am so uh Lonely!

I too received this email about a couple of months back. Was terrified initially as the mail mentioned one of my earlier passwords. The crook gave me just 24 hours. Wanted me to buy Bitcoins buy giving a Link.
However, on doing a Google search after couple of scary hours, I came to know that this a spam. Was greatly relieved and just deleted the mail.

I recommend not deleting these emails if you are willing to do a bit of digging. For one, the last email I received revealed the person sent it from an SMTP server ran by treslagoas.ms.gov.br. It also revealed the person used an authorized account on that smto server: [username removed]. Despite saying they were using my email and that I could not reply so don’t bother. They didn’t know what they are doing despite claiming as much. I sent an email back to the account used on the outgoing smto server but of course did not get a response. It is possible the legitimate account that sent the email was used by an unauthorized user who had access. The abuse contact for the outgoing smto server was misconfigured so that bounced back. I did also contact the company which issued ip address of the user who connected to the smtp server. I have also forwarded a copy of this message to the Internet Crime Complaint Center (https://complaint.ic3.gov)
The Bitcoin wallet listed had 0 transactions

Odd thing… The ip was out of Iraq… All this from the email headers

My two favorite parts about these scams are:
1) many of them send the body as a graphic, and then tell the sucker to copy & paste the bitcoin wallet address.
2) their target demographic is NOT going to know what to do with a bitcoin wallet address anyway!

Got me to change my passwords (meaning to do it for ever!!), so some good came from the crap.

I went into my REALLY old emails today and had one of these which was sent this month. He said something “i know your password is djsnfi737dhes” and all i can think is ‘huh… Couldnt come up with a more believeable realistic password, mr. A-hole?’ like, who types at random on the keyboard to make a memorable password?

Someone using a password manager that generates random passwords. OTOH, that person won’t recognize that as a password, since (s)he never types it!

My favorite aspect of those email scams is that most of them send the body as a graphic to avoid anti-spam measures, which means that the BTC wallet address they want you to send to cannot be copied&pasted. Plus their target demo won’t know what a BTC wallet is, or how to access one.

I just got a similar email but it doesn’t mention an email or phone number. I have 50 hours to pay up LOL

Recieved one of this, i googled the email adress and it led me to a family owned bussiness, the “hacker” has his photo, full name, email adress( from where i recieved the scam email) names of his kids, wife’s mame and email adress. Adress and phone of the bussiness as well.
So, a hacker so dumb that a quick Google search gave me his life history and family contacts? Do i foward the email to the lister coworkers and wife and ley then deal with this?

My mother received that email it was so funny I am there 90% of the time and its not private access it where any one can see and has no camera – proof positive its impossible.

1.) Blackmail or extortion is illegal they have no way of knowing you told the police. 2.) How are friends and love one willing to trust strangers over the people they know. 3.) Some friends and love one may already know and may be also upset their computer was invaded. 4.) There are many more reason to delete it.

Therefore its very much true delete it.
its Nothing!

“OK, delete the email – but don’t panic, don’t reply to the crooks, and certainly don’t pay up.

If the crooks really wanted to prove they had a “sex tape” of you, they’d send you a still image, or a link where you could preview the file they claim to have.

But they don’t – they just threaten you and present vague and unconvincing evidence that they know something about you.

So, don’t panic, delete the email, and don’t let the crooks trick you into contacting them at all.

I just got one of these today. At first I was startled, but then after reading and thinking about it, I noticed some things. One, I don’t have a webcam. Two, they didn’t list anything sensitive like a password, or the like. Three, realistically, how would they know if I talked to the police? And four, the “hacker’s” e-mail is a business e-mail from a Japanese elevator and escalator construction company. What the hell?

Hi Guys,

Please suggest and let me know in my present scenario. Also want to know is it possible that someone can take control of all your acounts and personal details and use them as per their comfort.

ITS A Final WARNING IN DEED TO ME… i AM HIGHLY TENSED PEOPLE DOSNT UNDERSTAND WHAT TO DO. PLEASE HELPME WITH YOUR SUGGESTIONS

I received an email from someone who claims that he knows everything about me and states that i have responded to his adv. on some social media site. It has come from a proper email doenst look to be spam email. He also states that my repuattion is totally in his hands and says that my emailand other data is relayed thorugh the header. They says that he has automated setup that runs a script to reverse and relay relevant M3TA-D4TA pretending to be the websites address. He says nothing in this world can stop him in reaching to any technical area/VPN. He says he not any normal/random guy who we come across and can expose me fully in a wrong way. He said he had aceess to my email service and he got to know my IP Address. Then he went his way of working on thinsg and ran a some script that my made my email account email itself without notification but automatically open as soon as i logged where logged in. It all can happen in a minimum time.

He says that the email was automatically send and opened by me so did the backdoor just opened my reputation and social status. He says he has ccss to all my accounts that my devices are connected to. like emails, photos etc., and he will screw happiness if i dont pay him money. And if i pay him he will delete all my data that he has. He gives me 3 days time to pay elsewise he will spoil my repuatation without any hesitation.

Underneath i see Bitcoin, Dash Litecoin, Zcash , Monero with some codes opposite ot each one of them.

Also this email of his cannot be copied nor could be forwarded.

he has is aware of everywhere in a wrong way

I strongly suggest you watch the video that’s at the end of the article…

This video was helpful after I received an email with an old password in the subject line asking for $8k bitcoin or all my info/video of me would be released to the “darknet” and I got so freaked out I filed a report with the nonemergency police number, ha! This has eased my mind that I’m sure it’s nothing to really worry about. But I did go ahead and change a few important passwords and got that double security on them now. ;)

I got one of these today for the first time today. I’ve been in IT for 30 years and even though I was fairly sure it was scam it still shook me up more than I care to admit..
That’s why its 1am in the morning and I am going through and changing passwords on all the sites where I have used the same password. Something I have been meaning to do for a while now!

Since January I have been receiving the emails from two different email addresses stating they used malware and activated my computer camera and watched me masturbate watching teen porn. Ha! Im in my late 60’s and never use my lap top except for taxes and financial transactions. I donuse a tablet for reading news and general browsing and checking emails. I have been deleting the emails but the last two are now threatening me with the release of a video of me next to the teen porn videos and posting them on different forums. One email listed four mp4 links but I don’t click on anything in the emails. They are demanding 5,000 bitcoin to stop the release. I figured that if the last 8 months of emails demanding payment and receiving nothing they would have released the video or stop the emails. I just delete the emails.

I laugh at these. Suppose someone was recording me watch porn on my laptop. Wouldn’t they just see my face? that’s where the webcam would have to be pointed if I was watching the screen. So… they’d have a video of, what? me making weird faces? lol.

The scarier scam email I got said, in very very very broken English that took a while to piece together to figure out the jist: someone had called a hit on me and the emailer was to perform the hit. They were commissioned to throw acid on my face because I scorned their romantic advances. The emailer so kindly offered NOT to seriously injure me and hurt my appearance in exchange for money, of course, and to reveal the identity of my would be attacker for additional money. I wasn’t worried about that one either since I have no suitors or romantic rivals, etc, been happily married 5 years. They also suggested it could be a coworker who was jealous of my success… I work for my parents. Jeez dad, if you’re mad at me, have the decency to throw acid in my face yourself!

I get these every other day at my business. When we took over we inherited old passwords which were changed approx 5 yrs ago. The crims supply this password as proof though are missing the last 3 digits, also the email is old and just forwarded to our current email address. Firstly the computer is at a reception desk of a motel and I surely am not wanking whilst checking in guests nor do I have a camera.They now send me you are running out of time warnings saying I know what you were up to last Saturday and that is a nice car in your social media profile and I wonder how it would look with pedo written accross it. Umm I dont have a car nor do I post car pics but for sure most have a car so nice try. Last Saturday I was away for the weekend being all porn free and stuff so I guess their telephoto lens was a bit fogged up. I wonder if anyone actually pays these amateurs. Have a nice days folks.

I understand they don’t have the access they claim to have, nevertheless, its tedious to log onto my emails and spend sometime deleting through those, even worst i dont want to put my own email in my spam box, so my question is other than ignoring how how does one actually get rid of it, which i dont think was dealt with in this article.

You either have to delete them, create a rule to delete them or put them in your junk folder so your spam filter can adapt and try to block them.

Obviously the scammers change their emails regularly to prevent rules from working effectively, which is why spam filters use more advanced techniques.

I had one of these threatening emails. The problem was, I couldn’t delete it (at first) from Outlook (it “froze Outlook). Also, a warning from Kaspersky Total Security saying there was a malicious object that couldn’t be disinfected. I did manage to transfer the email to the delete box. Does anyone know why I couldn’t delete the email, or why Kaspersky couldn’t handle it? A computer savvy friend deleted the entire contents of the delete box and that seemed to remove it. Comments welcome please

Not sure – you’re probably best off asking Kaspersky support for advice.

Would Sophos Home or another product help with this? Could the virus reinstall itself, from the trash as long it still resided there?,

Can’t speak for other products, but Sophos Home handles Trash like any other folder – if there’s a virus in the Trash we will deal with it just the same as anywhere else. Technically, the trash is just a directory that is generally invisible to regular users, where files hang around for a sort of safety period until they finally do get deleted. If we find a virus in the trash and you have set the product to clean up automatically, we’ll delete it right away – we won’t give it ‘extra time’ just because it’s in the trash directory.

Hello, I would like to subscribe for this weblog to get newest updates, so where can i do it please assist.

At the top of every article is a blue box to sign up for our newsletter. If you put your email address in there we’ll send you a list of new articles once a day.

those [REDACTED] got our password by using data breach. You can check if your email is pwned here
https://haveibeenpwned.com/

Got one of these today, initially my heart was thumping and I felt sick because they showed a password I used to use a lot, or a variant of it. I deleted the, um, research I had recently been doing online and checked all my passwords, logged out and in on a few key places with stronger passwords and then found this wonderful site. It was only an hour after opening the email that I decided to laugh it off and go about my self isolating business. Thank you so, so much inc all the contributions above.

Thanks Paul, got one myself a couple of days ago, I was quite certain that a person I had issues with recently, who happens to be trying to extort money from me, had now gone completely off the hinge. I was just about to engage my lawyer and file serious charges with the police. I had absolutely no doubt in my mind, so coincidental were some details, that I was all but prepared for an ugly fight this time. Luckily I came across this article, saved myself huge embarrassment, and money. Wait a minute, or could it be this person after all just trying this trick? Must admit this business is quite rattling.

I just received this email….

Hey, I infected your computer, one of your passwords is: [REDACTED] right?! ;-D

Read the attachment for more information, but please don’t flip out, you still got the chance to save your ass.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?