According to this email, a “spyware software developer” has installed a rootkit on your device that has recorded “photos and videos of your most passionate funs with adult content”.
Supposedly, the sender has also saved the history of your site visits, your email and chats, and your contacts. He or she warns that, if you do not pay $724 in Bitcoin within 48 hours, the compromising photos and videos will be sent to all of your contacts.
However, the email is just one in an ongoing series of very similar fake blackmail sextortion scams. The sender has not really installed malware on your device or captured any compromising photos or videos. The email is just an idle bluff designed to panic people into sending money to criminals.
Despite its claims, the email you received is not specifically targeting you and the sender has no direct contact with you are your devices. In fact, the scammers randomly distribute hundreds of thousands of identical emails in the hope of tricking at least a few people into paying up.
Clever Tricks — Passwords, Jargon, and Email Spoofing
The scammers use a variety of clever tricks to make their claims seem more credible.
Many of the scam emails include a password associated with one of the recipient’s accounts. Because of the included password, even people who have not been to an adult website may believe that the scammer has accessed their device. But, in fact, the scammers are harvesting these passwords from old data breaches and using an automated script to match the password with the associated email addresses. In many cases, the passwords in the emails are very old and no longer being used.
However, if the email includes a valid password that you currently use, you should change the password immediately. You can check if an account has been compromised in a data breach by entering the associated email address into Troy Hunt’s excellent “have i been pwned” service.
I discuss the password versions of these scams in more detail in a separate report.
The scam emails often use technical jargon, much of it nonsensical, to help fool less tech-savvy recipients into taking the threat seriously. This is a very old and well-used social engineering trick. Drowning a scam message in technical terms can lend an underserved gravitas to its claims, at least among those who do not understand the meaning of the terms.
The scammers sometimes use a simple email spoofing trick to make it appear that the scam email was sent from your own account. They achieve this by forging the header of the email. They can then claim in the scam message that they sent the email from your own account, thereby supposedly proving that they have compromised your device.
Why Don’t the Scammers Just Send the Video as Proof?
Of course, if scammers had really infiltrated your systems and created a compromising video, all they would need to do to prove it is send a copy of the video itself. This would immediately indicate that the senders’ claims were true. If the sender had really “harvested a solid dirt on you”, they would likey prove their threat by simply sending you a copy of said solid dirt rather than dance around the issue via old passwords, jargon, and silly spoofing tricks.
Don’t Respond. Just Hit Delete
More and more of these scam emails have been distributed in recent months. The tactic is obviously working well for the scammers, so they will no doubt continue to use it. If you receive one of these messages, do not respond to it. Instead, just hit the “Delete” key and be done with it.
An example of the scam email
Your account has been hacked by me in the summer of this year.I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.
– Password from account [email address removed]: [password removed] (on moment of hack).Notice: That it is useless to change the passwords. My malware update passwords from your accounts every times when you changed it.
The hacking was carried out using a hardware vulnerability of your router.
I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically made photos and videos with you.
At the moment, I have harvested a solid dirt… on you…
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I know what you like hard funs (adult sites).
Oh, yes .. I’m know your secret life, which you are hiding from everyone.
Oh my God, what are your like… I saw THIS … Oh, you dirty naughty person … 🙂
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!
So, to the business!
I’m sure you don’t want to show these files and visiting history to all your contacts.
Transfer $724 to my Bitcoin cryptocurrency wallet: 1BgphddTJvTjxkkk1zkksFKJaXfqfMZE4C
Just copy and paste the wallet number when transferring.
If you do not know how use Bitcoins – ask Google.
My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am ‘working’ with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours (2 days).
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with link on compromising material.
I advise you to remain prudent and not engage in nonsense (on this moment all files with your “dirty laundry” on my server).