What would you do if you received an email from someone claiming to have hacked your computer and recorded you via your webcam while you were engaged in watching porn, then threatening to send the video to everyone in your email and social media contact lists if you don’t pay a $260 ransom? Would you pay the ransom? Even if you’ve never viewed porn, what if they made the same threat to reveal the private details of all your emails?
This is exactly the situation some of our readers found themselves in recently, and they contacted us for help on how to proceed.
Here is an example of one the emails [grammatical errors left intact]:
Good Morning my friend. I represent the group of web criminals in Iran. I use this mail address because we think that you will check it. Few times ago my team put the virus on web-site with porn and as far as you clicked on a play button your system started shooting your screen and activating camera to capture you self-abusing. Eventually I mean you understand what compromising evidence Ive earned. Moreover, this software made your device act as dedicated server with plenty of functions like keylogger, parser etc. To sum up, my software picked all data, especially all your contacts from messengers, e-mails, social networks. If you wanna make me silent you must make a transaction of 260 dollars with bitcoin. 1K2auXQEKz7Ro8cRa2xr3bAPV2n6KT5vi1 You must use it as usual credit card number. If you send bitcoins nobody will see your shame. Watch youtube manuals about methods of buing BTC... I can offer you this exchanger: localbitoins.com. If you have a problem with this, you can search comfortable ATM for bitcoin at coin atm radar. I give you no more than twenty four hours since you read our message to pay. You can complain cops, but they can not find us I use bot network, and of course we live abroad. If you want us to show proofs we will share it to seven mates from your data after that you will be given their contacts. So you will ask them if something strange was received about you. For some questions just reply. Dont be fullish, AmAZinGcRackeR$.
Scary, right? And there have been instances where victims’ computers were hacked, they were filmed in various states of undress (or worse) and then blackmailed that may make this threat seem all too real. But there are several indications that this is nothing more than a phishing scam, hoping to rope in active porn watchers with false threats (an easy demographic to target via mass email given that the world’s largest porn site, Pornhub.com, gets 75 million visitors PER DAY).
First, there is nothing in the email that demonstrates they know anything personally about you: it’s not addressed to you by name and there’s no detail about what site you supposedly visited and when. Nor did they supply a screenshot of the “self-abusing” they allege to have captured. In fact, they are explicitly discouraging you from asking for proof, by threatening to share said “proofs” with your “mates” if you ask. That is completely contrary to how we would expect a real hacker/blackmailer to act – if I wanted to scare the bejesus out of you to get you to pay, the first thing I would do is show you a compromising screen capture to prove that this is very, very real.
Another red flag is that when our readers ran scans using antimalware tools, no malware was detected. Antimalware tools aren’t perfect, but the better ones should have picked up the type of remote administration tool (RAT) described in the email.
Searching the web, there are reports of people receiving similar email scams, going back at least to last fall. The wording of the email varies, including where the scammers claim they’re from, the nature of their threat and the amount of money being demanded. Some people are falling for them, but fortunately not many. I researched a selection of the bitcoin accounts used in these scams and none of the emails had duped more than a handful of victims.
Unfortunately, these scams will likely continue and morph into new threats as the ubiquity of bitcoin makes it easier for scammers to hide behind these accounts and for victims to pay. In fact, while this article was originally written in March of 2018, Sophos security recently released a new study, based on millions of porn blackmail emails that were sent between September 2019 and March 2020, demonstrating this to be the case. During that period, sextortion emails made up 4.23% of all spam observed by Sophos. The study also showed scammers are using new methods for obfuscating email content to evade spam filters, enabling them to collect nearly a half million dollars in payments from victims during the same period. Fortunately, despite some payouts, potential victims seem to be becoming wise to the scam, as only half a percent of the Bitcoin addresses used in the spam messages received any payment, according to Sophos.
So, if you get one of these emails, should you pay the ransom before all your friends find out what you’ve been up to?
The answer is no, don’t be “fullish”.
[EDITOR'S NOTE REGARDING PASSWORD APPEARING IN THE EMAIL SCAM 7/12/18: A number of people have posted in the comments that they received a version of the email which includes a real password they've used in the past. Does this mean that they should be concerned? The answer is No and Yes. No, you shouldn't be concerned that your computer was hacked and you were actually filmed watching porn - it's still a scam. But, yes, you should be concerned that your password has been leaked through a data breach. Security researcher Troy Hunt has uncovered more than 500 million passwords leaked through these breaches. That password in the email was likely one of them.
If it is still an active password for you, the scam email should be a big wake up call that you need to ensure you are using unique and secure passwords for every one of your accounts. We strongly recommend a password manager like Dashlane or 1Password , which will automatically check your passwords to see if they have been revealed in a breach and help you create unique, secure ones for every site.]
[EDITOR'S NOTE WARNING ABOUT ATTACHMENTS 7/20/18: One reader reported receiving an attachment titled "Invoice" with the porn scam email. If you get an attachment, DO NOT OPEN IT. Email attachments are one of the primary ways hackers use to install malware on your computer, which could turn this fake malware scam into a very real one.]
[EDITOR'S NOTE ABOUT EMAIL SPOOFING 10/19/18: Many readers are commenting that the porn blackmail email appears to be sent from their own email address, causing added concern the hacking claims may be real. But don't be fooled. Email spoofing has been around for a long time and is relatively easy to do. Usually the message headers will reveal the true sending email address. Here's how to tell if an email has been spoofed.]
[EDITOR'S NOTE ABOUT WORK VS PERSONAL EMAILS 1/21/19: A number of people are expressing concern in the comments that the blackmail email is coming to their work email, instead of their personal email (or both). It doesn't matter — an email address is a email address as far as this scam goes. Billions of emails have been leaked over the years, many of those from business-focused services such as Dropbox, LinkedIn and Adobe. If I check to see which of my email addresses have been involved in breaches, my work email has been breached many more times than my personal email.
Originally published 3/12/18. Updated 4/22/2020 with new data from Sophos
[Image credit: Man in a dark room at a computer via BigStockPhoto]
Further thoughts on how they get our details.
From Aitch B on July 14, 2018 :: 5:20 am
The scammer gave me 3 clues in the email and 1 more (see the last paragraph).
1 They used a low-level password that I only use for any website that could have no influence on my life if hacked.
2 They used an old email address.
That combination of the PW and Email was only used to sign into Adobe’s forum. Adobe does not have any other personal details. Adobe had 50 to 80 million accounts hacked in 2013.
3 They said, “We placed a pixel in the text that tells us you are reading this”. Put another way. You are now reading these next three words “Extra fabulous ridiculous”
Gosh, how clever I am to know that and it’s not a Pixel, which is just a colored spot on a screen, nothing else. IT is inert.!
I have my own domain name. You can have any number of email addresses and because by default all emails sent to firstname.lastname@example.org go to my Gmail account.
‘x’ is anything like ‘mail’ or ‘sales’ or anything else I care to write before the @ so NOW I will give my email address when I sign up as (say for Adobe) it would be email@example.com or for Washington Post, it might be Wpost@mydomainname.com. Then I know where it came from!!!
As for the passwords, I will be changing them.
The last clue is that they did not reply. They probably sent out thousands, if not hundreds of thousands of emails. They will only bother to reply if they have a response from a victim. They could only send out another huge number of the same emails but could not offer any individual evidence. Of course, if a victim has paid they will not bother to say thank you.
It’s a scam. Be warned to be more vigilant with PWs etc. BUT dump the email. I must say it scared me at first.