A new and rather sinister twist on the old fake blackmail sextortion scam is panicking some recipients into sending their money to criminals.
In a typical fake blackmail scam, the senders claim that they have installed malware on your computer and captured video of you while you visited a porn website. They then threaten to send the compromising video to all of your contacts if you do not send them a “keep quiet” payment via Bitcoin.
Of course, the scammers do not really have the compromising video or access to your contact list as they claim. Instead, they randomly distribute the same email to many thousands of email addresses in the hope of tricking a least a few people into sending the requested payment.
However, some recent versions of the scam emails may appear considerably more credible because they include one of the recipient’s real passwords as “proof” that their claims are true.
The scammers know that if you receive an email that actually includes one of your passwords – even an old one that you no longer use – you may be much more inclined to believe the claims and pay up. At first take, the inclusion of the password suggests that the scammer really does have access to your computer and may have really created the video as claimed.
In fact, even if you have not visited any porn sites, the fact that the scammer has apparently accessed your computer or accounts and harvested your password is naturally quite concerning.
So, how are the criminals getting these passwords? The most likely explanation is that they are collecting the passwords and the associated email addresses from old data breaches. Many commentators have pointed out that the passwords in the emails are very old and no longer being used.
In a report about the tactic, computer security expert Brian Krebs notes:
It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.
So, as with the “normal” versions of the scam that do not include passwords, the emails are basically just a bluff to trick you into paying up. The inclusion of the passwords adds an extra layer of undeserved credibility that panic some recipients into complying with the scammer’s demands.
If you receive one of these emails, do not reply or respond. However, if the email includes a valid password that you currently use, you should change the password immediately. You can check if an account has been compromised in a data breach by entering the associated email address into Troy Hunt’s excellent “have i been pwned” service.
For a more technical analysis of this password sextortion scam, refer to the post on the KrebsOnSecurity website.
Examples of the password sextortion scam emails:
I am aware [removed] is one of your password.
Lets get straight to the point. No one has compensated me to check about
you. You do not know me and you are probably thinking why you’re getting
this e-mail?actually, I installed a software on the X video clips (pornography) site
and you know what, you visited this website to have fun (you know what I
mean). While you were watching videos, your web browser began functioning
as a Remote control Desktop that has a keylogger which provided me
accessibility to your display and also cam. Right after that, my software
program collected every one of your contacts from your Messenger, social
networks, and e-mail .After that I made a video. 1st part displays the
video you were viewing (you’ve got a good taste omg), and second part shows
the view of your webcam, yeah it is u.You got two different choices. We are going to take a look at the
possibilities in details:First solution is to neglect this message. As a result, I will send your
very own video to each one of your contacts and just think concerning the
embarrassment you will definitely get. And as a consequence should you be
in a romance, precisely how it will affect?In the second place option will be to compensate me $1000. I will name it
as a donation. In this situation, I most certainly will right away remove
your videotape. You can continue your daily routine like this never took
place and you will never hear back again from me.You’ll make the payment via Bitcoin (if you don’t know this, search for
“how to buy bitcoin” in Google search engine).BTC Address: [Removed]
[case SENSITIVE so copy & paste it]If you may be planning on going to the cops, well, this email can not be
traced back to me. I have covered my moves. I am also not trying to ask you
for a whole lot, I want to be compensated. You now have one day in order to
make the payment. I’ve a special pixel within this e mail, and at this
moment I know that you have read this email message. If I don’t receive the
BitCoins, I definitely will send your video to all of your contacts
including close relatives, coworkers, etc. Having said that, if I do get
paid, I will erase the recording right away. This is a non-negotiable
offer, therefore please don’t waste my time & yours by replying to this e
mail. If you need proof, reply Yup! & I definitely will send your video
recording to your 10 contacts.
I know, [removed] is your password now I won’t beat around the bush.
You don’t know anything about me but I know you very well and you must be wondering why you are getting this mail, right?I placed malware on adult videos (porn material) & there’s more, you visited this sex web site to experience fun (you know what I mean). And while you were busy watching those videos, your browser started out operating as a RDP (Remote Control Desktop) with a keylogger which gave me access to your display as well as your camera recordings. After that, my software program gathered every one of your contacts from messenger, fb, as well as e-mail.
What have I done?
It is simply your hard luck that I discovered your bad deeds. I then put in more time than I probably should’ve investigating into your life and prepared a split screen sextape. 1st half shows the video you were viewing and next part displays the view of your web cam (it is you doing naughty things). As a family man, I’m ready to destroy everything about you and let you get on with your life. And I will present you a way out that can accomplish your freedom. Those two options are to either disregard this letter (not recommended), or pay me $7000 to end this chapter forever.
Exactly what should you do?
Let us explore these 2 options in depth. Option One is to ignore this email. Let me tell you what is going to happen if you select this option. I definitely will send your sextape to all your contacts including relatives, colleagues, and so on. It does not protect you from the humiliation your self will face when friends discover your sordid sextape. Wise option is to make the payment of $7000. We’ll call this my “keep the secret charges”. Lets see what will happen if you go with this option. Your naughty secret remains your secret. I will keep my mouth shut. After you make the payment, You can freely go on with your lifetime and family as if none of this ever occurred. You will make the transfer through Bitcoin (if you do not know how all you need to do is type “how to buy bitcoins” in google)
BTC ADDRESS IS: [removed]
(It is CASE SENSITIVE, copy and paste it)
Note: You have one day to make the payment. (I have a specific pixel within this e-mail, and now I know that you have read through this e mail). DO NOT TELL anybody what you will be transferring the Bitcoins for or they might not provide it to you. The task to obtain bitcoins usually takes a day or two so do not procrastinate. If I don’t receive the BitCoin, I definitely will send out your sextape to all of your contacts including family members, colleagues, and so on. nonetheless, if I do get paid, I will destroy the sextape immediately. If you really want proof, reply with “yes!” and I will certainly send out your video recording to your 15 contacts. It is a non negotiable offer, so please don’t waste my time and yours by replying to this e mail.
37 comments
I got this myself about a week ago, though my variant lacked the password data. Found it a fascinating change up from the usual set of bank scams from Benin.
Good call on the warning here. Hopefully, it’ll save someone from making a painful and expensive mistake.
I got this and was like, good thing I don’t look at porn or make sex tapes. How stupid.
Thx for info, very usefull,
I was fearing to give 50% credit to this blackmail being half true…most of all bacuse being written plane english and showin reasonable content , even if based of old passw of somewhat i don’t remeber!
tnx again
Alberto
In my case the scam mail include the right amount of contacts of my webmail account address book.
_recording to your 6 contacts._
How it’s possible?! Thus, the attacker would at least have had access to the webmail mailbox to receive this information.
Sebastian, my version of the letter also mentioned 6 contacts, so it’s just a random number. So relieved to read this article, thanks a million!
Thank you so much for this info! I received this email as well. Should we report their bitcoin or email address to anyone?
thanks! I just received this in my Spam folder and I found out that it’s the exact wordings here in your website. Very helpful thank you! Now I need not worry that much! true he gave me my very old password.
I blacked out for one second and than remembered I use GNULinux and don’t visit porn sites and, yet better, I don’t use that password seriously for at least 5 years now.
Nevertheless, I wouldn’t mind having a video of me doing “dirty things” (that’s their language) shared with my contacts. I would find it funny, actually. They got the wrong guy.
Here is the content:
https://pastebin.com/BYZPsZ8Z
Yes, the email is very well written. Can’t we trace them with the address left for bitcoin payment? I asked him to guess the size of my c*** 😉
Thank you for posting this article. Just had an associate receive an almost verbatim version of this hoax. Nice to confirm the suspicion that this is just another of the more sophisticated email hoaxes traveling the Internet.
Got this as well. Here is the fake name/email they used to email me. Just posting here so this can be searched and help others avoid making a mistake. (Logan Ciluaga – vistaceypgf@hotmail.com).
I got the older version a while back and I laughed – haven’t visited any porn websites and never do because they are said to be a haven for worms, trojans, viruses and malware. And my webcam is actually covered over anyway so they could not have any videos of me doing anything at all, let alone being naughty with myself. What a load of nonsense!
Sounds like another scam from the Yahoo boys. They will always come up with something new when their old scams stop paying out. I know they send a lot of what ends up in your spam mail and how you can tell what hook up scam mail is theirs, you find this where you unsubscribe from their mail hook up sites.
UNSUBSCRIBE
58 Emerald Parkway Road, Unit Two ,Greenstone Hill, Johannesburg 1609, South Africa
The key words are (South Africa)
I got the same kind of mail as well:
Name: Harmonie Raymond.
Email:
Funniest thing about this is that the script kiddies who did this write that they have a tracking pixel in that mail when it’s actually just a plain text mail :’)
I have received the same subject and content as most of you I have reported to Mac Keeper Support Team for review especially since all my systems are regularly checked by them. Our IT has block such items internally but they still get through this started around the end of August 2018 and still continuing to date.
I just received this email today and this is really the first time that I’ve ever been concerned about scam emails because it used a password of mine. I’m so glad I researched this and found my way to this site. What a sick society we live in.
I received this today. My first ever phish!! These c***womblers are nasty scum, there is probably a lot of worried people out there who go into total panic mode when they receive rubbish like this. People have actually ended their life over sh*t like this. To the other Wendy, quite right we live in a sick society.
Received today from one Josiah Kokotovic , the same scumbag shtick as above, with an old pw (now defunct) as spice, and sent to a mail address that HAS been compromised in one of the big multi-million-address hacks of some years back. Do check out https://haveibeenpwned.com/ – you may well have been pwned in the same way.
Alarming for a minute or two until finding sites like this one. Thereafter treat it as a healthy reminder to practice a bit more online hygiene – don’t get sloppy with passwords out there!
Hi,
I’ve also got a similar email and the deadline is approaching. Can someone share an experience of what happened when they have not paid or what happened if someone has paid?
In my previous comment forgot to mention that I received that e-mail to my work account but the password was a current one that I very long time used for my private e-mail. Of course, changed now but I wonder if they could have already the list of all or majority of my contacts knowing my name. I am almost (but not 100%) sure they have no video of me…
I too received several of these, including the wording about “48 hours” or “One day to pay”. The funny thing is that there is nothing in the meal that could trigger a timer, regardless of the claim of a “unique pixel within this mail” that triggers the countdown.
I received it yesterday from Alidia Bremer (pvgiannamll@outlook.com) , a simple and not important pass I use to register in some news sites /qawsed/ was in the subject string; reported it to the police immediately- the header details of the email such as IP, authentication etc., and the email content. It `s most probably untraceable, but who knows 🙂
from: hiroishi@osk-shiitake.or.jp
Hi, my victim.
I know your password – xxxxxxxx
This is my last warning.
I write you inasmuch as I put a trojan on the web page with pornography which you have visited.
My malware grabbed all your personal data and switched on your webcam which captured the process of your masturbation. Just after that the trojan saved your contact list.
I will remove the compromising video and data if you pay me 500 USD in bitcoin. This is wallet address for payment : 135qVXXBZb3v2tQcLJRA8UAndiUYNybh3J
(you can google on “how to buy bitcoin”)
I give you 24 hours after you view my message to make the payment.
As soon as you view the message I’ll know it right away.
It is not necessary to tell me that you have sent money to me. This address is connected to you, my system will delete everything automatically after transfer confirmation.
You can visit the police office but no one can’t help you.
If you try to cheat me, I’ll see it immediately!
I don’t live in your country. So nobody can’t track my location even for 9 months.
Don’t forget about the disgrace and to ignore, Your life can be ruined.
Yeah i got the same email as YOMERA mine originated from Crimea
i replied to mine with a picture of myself naked and asked for a date
The scary thing is it looks like they sent email from my email with the correct password
Alan
Been getting these for several weeks. They used an old password that I no longer use anywhere. Wording is so similar to above examples. The email they used was a yahoo.com
I was checking my junk mail as Yahoo does a great job in filtering but can often put non spam in my junk folder. I saw this and recognized my ooooooooooooooooooooooooooooooooooold password minus the whitespace at the end. Upon reading it, I had to hold back from choking on my cup of coffee. First of all, I never like porn in that way. Never signed into 18+ sites. WHEN I did use that password, I had an old desktop that had a USB webcam. My poor old machine was slow so I never plugged it in. It was just something I bought to say I had one. It was not the standard laptop with the cam built in. I ran XP 32 bit that was at that point super slow so there was no way Remote Desktop had been enabled. It was hard enough getting to websites as it was.
The scam group has their lingo correct with the “pixel” as that was something I used to do. IMG SRC= my host.b la /pic.jpg add the query string and all sorts of things can be done. Clearly Yahoo blocks images and informs you the message contains images.
At one point it was easy to do an at home fake email with fake headers until pretty much all ISP’s blocked the port.
This is so silly that I want to print it and frame it.
Silly scammers. I work in IT dealing with all that stuff. Wrong person to try and spook.
Thanks a million for this post, I got a similar email using an old password. Great link to the pwnd website, found it originated from the linkedin data breach. Email for me was cqrgodartva@outlook.com if it helps anyone.
Mine was sent from my own email address. How do they do that? I tried to email myself and it didn’t work well
Just received the same as Bruce, from my own email address, but in French, it being a French email address
Just received one of these e-mails today. Kinda hilarious. I don’t even have a cam, nor do I visit porn sites. I feel bad for anyone that actually falls for crap like this.
Got mine today, seems like sent yesterday. Pretty old pass, I don’t know where it could be in use now.
A friend of mine got it today from “dumd@t.com”
I received one yesterday in english from @uljelemo.com and my email is mainly in spanish, it said:
I know -password- is one of your pass words. Lets get straight to the point. There is no one who has paid me to investigate you. You don’t know me and you’re most likely thinking why you’re getting this email? deoqyeso -my password and email- niyyun -my password and email- euetgueyd… may be it was bugged or something, it made me laugh because i have my cam covered and is an old password.
Received mail yesterday with the exact content. Good thing is I don’t visit those dodgy sites and the password they got is an old password.
The sender sent from r@v.com using my username where I am a bit concern that the hacker will steal my identity.
omg i just received one of those and got SO FUCKING scared lmao……. changed all my passwords and covered my webcam after it!