Sextortion, yes that is correct, is a new twist on an old email scam in which the scammer has indicated that they have compromised your computer via malware and recorded you or your family members watching porn. The attacker then threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist is that the scam email references a real password previously tied to your email address.
The basic elements of this sextortion scam email have been around for some time, and usually, the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this new scam begins with an unusual opening:
I’m aware that <substitute password formerly used by recipient here> is your password
The rest is from a standard template:
You don’t know me and you’re thinking why you received this email, right?
Well, I actually placed a malware on the porn website and guess what, you visited this website to have fun (you know what I mean). While you were watching the video, your web browser acted as an RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
Typically, the password referenced in the scam email was associated with your email account (or another online account) that was ascertained by the scammer via databases of credentials that have been part of a data breach.
The FBI suspects that as this scam gets refined perpetrators will begin using more recent and relevant passwords to convince people that the hacking threat is real.
Sextortion, even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand, is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.
According to the FBI, here are some things you can do to avoid becoming a victim:
- Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
- Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
- Turn off [and/or cover] any web cameras when you are not using them.
The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).