This email claims to be from a spy͏ware software developer who has your secrets and has harvested “a solid dirt” on you.
Supposedly, the “hacker” used a hardware vulnerability to download malicious code to your device. He/she claims that this malware was used to record you when you visited porn websites. The sender claims that the malware took “photos and videos of your most passio͏nate funs with adult content”.
He/she threatens to send the content he recorded to all of your contacts if you do not send $783 in bitcoin.
Just an idle bluff
However, the supposed hacker has not really installed malware on your computer or made any recordings of you. The email is just an idle bluff designed to trick you into sending money to criminals. These scammers randomly distribute thousands of identical emails to people all around the world in the hope of tricking at least a few people into panicking and paying up.
The scam will be profitable even if only a tiny percentage of recipients fall for the ruse and send money.
There are hundreds of variations of these scam emails. If you receive one, don’t reply. Just hit delete and get on with your day.
“I have your password” and “I sent this from your account” versions
In some versions, the scammers try to make their claims seem more believable by including a password associated with one of the recipient’s accounts.
When they see the password, recipients may assume that the scammers really have accessed their computer. However, that assumption is untrue. In reality, the crooks are getting these passwords from old data breaches. Many people report that the passwords in the emails are old and no longer in use.
That said, if the email includes a password that you are still using, you should change the password immediately. You can check if an account has been compromised in a data breach by entering the associated email address into Troy Hunt’s “have i been pwned” service.
I discuss the password versions in more detail in a separate report here.
Other versions claim that the email was sent from your own account. The scammers present this as supposed proof that your device really has been hacked. And, if you look at the sender field in the message, it will indeed show your own email address.
However, the email was not really sent from your account. In fact, the scammers are using a simple spoofing technique to make your email address show in the “sender” field.
Note: Scroll down past the example for links to a series of Hoax-Slayer reports about these scams.
Here’s the text of the scam email:
Subject: I have your secrets!
I am a spy͏ware software developer.
18/12/2019 – On this day I hacke͏d your OS and got full acce͏ss to your account [Email Address Removed]
I sent this message from your ac͏count
The hacking was carried out using a hardware vulnera͏bility through which you went online.
I went around the security system in the router, insta͏lled an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
Why your anti͏virus did not detect malware? My malware uses the driver, I update its signatures every 3 hours so that your antivirus is silent.
Since then I have been following you (I can connect to your device via the VNC prot͏ocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I perio͏dically take photos and videos with you.
At the moment, I have harvested a solid dirt… on you…
I saved all your email and chats from your messangers. I also saved the entire history of the si͏tes you visit.
I know what you like adult sites.
Oh, yes… I’m know your secret life, which you are hiding from everyone.
I took photos and videos of your most passio͏nate funs with adult content, and synchronized them in real time with the ima͏ge of your camera.
Believe it turned out very high quality!
I’m sure you don’t want to show these files and vis͏iting history to all your contacts.
Tran͏sfer $783 to my Bitcoin cryptocurrency wallet: 1EusKBngvc4DQZ6xoRJihrQL8NR7y1TRhw
Just copy and paste the wallet number when transf͏erring.
If you do not know how to do this – ask Google.
My system automa͏tically recognizes the transfer.
As soon as the specified amount is received, all your data will be destr͏oyed from my server, and the rootkit will be automatically remo͏ved from your system.