Fake blackmail sextortion scams are increasingly common. Typically, sextortion scammers send out thousands or even millions of identical emails claiming that they have captured video of the recipient visiting a porn site.
The scammers threaten to send the compromising video to all of the recipient’s contacts if they do not receive a “keep quiet” payment via Bitcoin.
But, the scammers have not created a compromising video. Nor have they hijacked the recipient’s contact list. The whole thing is a bluff. However, the scammers know that at least a few recipients will be panicked into sending the requested money.
To increase their chances of success, the scammers use a variety of dirty tricks to convince potential victims that the claims in their fake blackmail messages are true.
Email Spoofing Trick
One such trick is to make it appear that the email was sent from your OWN account thereby supposedly proving that they have indeed compromised your device as claimed.
Here’s an example from a typical scam email:
Your account has been hacked by me in the summer of this year. I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.
– Password from account [email address removed]: [password removed] (on moment of hack).
If you look at the sender address of the email, it will display YOUR email address. So, it may seem that the sender has indeed broken into your account to send the email.
But the scammer has simply forged the header of the email so that your email address appears as the sender. This is a technique known as “spoofing’ and is not difficult to do.
In other words, the email did not come from your account at all. It just looks that way because of the forged email headers.
Other Dirty Tricks
As I discuss in more detail in another report, the scammers often include user passwords in their scam emails as a way of making their false claim seem more plausible. And, in another variation, the scammers include the recipient’s phone number along with the password.
The scammers are extracting passwords and phone numbers from old data breaches and automatically matching them to the corresponding email address. They can then distribute vast numbers of emails that are identical except for the password and phone number that matches each email.
Don’t Respond — Just Hit “Delete”
If you receive one of these scam emails, don’t be fooled.
By including real passwords and real phone numbers, and making it appear that the recipient’s account sent the message, the scammers significantly increase the likelihood that their claims will be taken seriously. More people will fall for the ruse and send their money to the criminals.
But, despite these clever tricks, the emails are still just empty bluffs. To reiterate, the sender has not hacked your computer and has not created a compromising video of you.
Don’t respond. Just hit the “delete” key.
Another example of a scam email that uses this tactic:
As you may have noticed, I sent you an email from your account.
This means that I have full access to your account: At the time of hacking your account (removed) had this password: [removed]
You can say: this is my, but old password!
Or: I can change my password at any time!
Of course! You will be right,
but the fact is that when you change the password, my malicious code every time saved a new one!
I’ve been watching you for a few months now.
But the fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence from e-mail and messangers.
Why your antivirus did not detect my malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this, transfer the amount of $777 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).
My bitcoin address (BTC Wallet) is: [removed]
After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.
Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.
If I find that you have shared this message with someone else, the video will be immediately distributed.