This message claims to be from a hacker who cracked your email and device a few months back.
Supposedly, the hacker created screenshots of you while you were “having fun on web-sites of personal content” (porn sites) and also installed malware that harvested all of your contacts.
The “hacker” threatens to send these compromising screenshots to all of your contacts unless you send him $900 in bitcoin within 48 hours. He also claims that the malware that he installed will lock up your computer’s files if you don’t pay up.
In an effort to prove that he has really hacked your system, the sender has included a password that he claims is associated with your email address.
If you send the money as instructed, he promises to delete the compromising photographs and remove the malware from your computer.
However, the sender has not really captured compromising images of you nor has he harvested all of your contacts as claimed.
Instead, the email is just one version of an increasingly common scam designed to panic recipients into sending their money to online criminals.
The scammers send out thousands of identical emails in the hope that they will trick at least a few recipients into paying the fee demanded.
So, what about the password the scammers have included in the email? As I discuss in more detail in a separate report, the scammers are collecting the passwords and the associated email addresses from old data breaches. Many commentators have indicated that the passwords in the emails are very old and no longer being used.
The scammers are most likely using an automated system that checks the breached data and inserts the password associated with a particular email address into each scam message at the time of sending.
Do not reply or respond to these messages if you receive one. Just hit the delete key.
However, if the email includes a valid password that you currently use, you should change the password immediately. You can check if an account has been compromised in a data breach by entering the associated email address into Troy Hunt’s excellent “have i been pwned” service.
An example of the scam email:
I am the hacker who cracked your email and device a few months ago.You entered your password on one of the websites you visited, and I intercepted this.
Here’s your password from [email address removed] on time of hack:[password removed]
Obviously you can will change it, or perhaps already changed it.
Still this would not matter much, my malware updated it every time. Do not consider to get in touch with me personally or find me, it is impossible, since I sent this mail from your email account.
By way of your own e mail, I uploaded malicious program code to your Operation System.
I saved all your contacts with friends, co-workers, loved ones plus the total record of visits to the World wide web resources.
Furthermore I set up a Malware on your device.
You’re not my only victim, I usually lock persoanl computers and ask for a ransom.
However I was hit by the web-sites of persoanl content that you normally stop by.
I am in surprise of your own fantasies! I have never noticed anything like this!
Therefore, when you had fun on piquant sites (you know what I am talking about!) I created screenshot with utilising my program through your camera of yours system.
After that, I combined them to the content of the currently seen site.
Now there will certainly be giggling when I send these photos to your friends!
Nevertheless I believe you would not like it.
For that reason, I expect payment from you with regard to my silence.
I feel $900 is an adequate price regarding this!
Pay with Bitcoins.
My BTC wallet: [Removed]
If you do not know how to do this – type into Google ‘how to send money to a bitcoin wallet’. It is easy.
Following getting the given amount, all your files will be instantly eliminated automatically. My computer virus will also clear away itself from your computer.
My Trojan viruses have auto alert, so I know when this email is opened.
I give you two days (forty eight hrs) to make the payment.
If this does not happen – all your friends will certainly get outrageous photos from your darkish secret life and your system will be blocked as well after 48 hours.
Don’t be foolish!
Cops or friends won’t aid you for certain …
P.S I can present you with recommendation with regard to the future. Never enter your security passwords on risky internet sites.
I hope for your discretion.