According to this email, the sender has infected your computer with malware after you visited a porn website. Supposedly, the malware turned on your computer’s camera and captured your actions during your visit. And, claims the message, it also made a copy of your contact list.
The sender threatens to post the embarrassing video that the malware captured to all of your contacts if you do not pay a fee in Bitcoin within 30 hours.
But, at least in this case, the claim that the sender has infected your computer with malware and captured a video is untrue. In fact, the email is just one example of an increasingly common scam in which online criminals send out thousands of identical fake blackmail messages in the hope of tricking a few people into paying up.
If one of the emails reaches a person who has recently spent time on a porn website, then the person may go ahead and pay the demanded fee rather than risk the shame of being exposed to his or her friends and family.
Of course, criminals can indeed use malware to steal information from your computer and even activate the device’s camera without you realizing. So, the scenario outlined in these scam emails is plausible.
But, randomly emailing these fake blackmail messages to massive lists of email addresses is obviously much quicker and easier for criminals than actually infecting computers and capturing the compromising video footage. Even if only a very small percentage of the many thousands of people who receive the emails actually send money, then the scheme will make a profit for the criminals.
To reiterate, identical copies of the same fake blackmail messages are randomly distributed to a great many recipients. Despite the implications in the emails, they are not specifically targeted to individuals. Thus, the messages tend to be generic and vague on details. They do not address you by name. Nor do they tell you what particular porn site you supposedly visited or when the alleged incident took place.
If criminals really had infected your system with malware, harvested your personal information, and recorded video as claimed, then they would have all of these details and plenty more. And, they would almost certainly use at least some of this information to convince you that their threats were real.
The best way to deal with these scam emails is simply to delete them without replying.
Some later versions of these scam emails increase the chance that the claims will be taken seriously because they include a valid password associated with one of the recipient’s accounts. Because of the included password, even people who have not been to an adult website may believe that the scammer has infiltrated their computer. As I discuss in more detail in a separate report, it appears that they are collecting the passwords and the associated email addresses from old data breaches. Many commentators have pointed out that the passwords in the emails are very old and no longer being used.
An example of the scam email:
Subject: You were stupid __ NaxLMP gJPUD MmA
I text you because you are 1 of those people that downloaded the malware from the visited porn site.
When you went on that site you let a virus collect all your private data and switched on your camera that shoot the act of your masturbation. After that my virus made a copy of your contact list.
I will not share this video and data if I receive 330 Euros in bitcoin.
This is address to pay: [Removed]
I give you 30 hours after you open my message to complete the payment.
It is not necessary to tell me that you have sent money to me. This address is given only to you, my system will delete everything automatically after transaction confirmation.
If you need 48 hours just reply on this letter with +.
You can visit the police station but they cant solve your problem.
I am foreigner. So nobody can trace me even for 6 weeks.
Bye. Dont forget about the disgrace.