Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Is the Porn Blackmail Scam Real?

by Josh Kirschner on April 22, 2020

What would you do if you received an email from someone claiming to have hacked your computer and recorded you via your webcam while you were engaged in watching porn, then threatening to send the video to everyone in your email and social media contact lists if you don’t pay a $260 ransom? Would you pay the ransom? Even if you’ve never viewed porn, what if they made the same threat to reveal the private details of all your emails?

This is exactly the situation some of our readers found themselves in recently, and they contacted us for help on how to proceed.

Here is an example of one the emails [grammatical errors left intact]:

Good Morning my friend. I represent the group of web criminals in Iran. I use this mail address because we think that you will check it. Few times ago my team put the virus on web-site with porn and as far as you clicked on a play button your system started shooting your screen and activating camera to capture you self-abusing. Eventually I mean you understand what compromising evidence Ive earned. Moreover, this software made your device act as dedicated server with plenty of functions like keylogger, parser etc. To sum up, my software picked all data, especially all your contacts from messengers, e-mails, social networks. If you wanna make me silent you must make a transaction of 260 dollars with bitcoin. 1K2auXQEKz7Ro8cRa2xr3bAPV2n6KT5vi1 You must use it as usual credit card number. If you send bitcoins nobody will see your shame. Watch youtube manuals about methods of buing BTC... I can offer you this exchanger: localbitoins.com.  If you have a problem with this, you can search comfortable ATM for bitcoin at coin atm radar. I give you no more than twenty four hours since you read our message to pay. You can complain cops, but they can not find us I use bot network, and of course we live abroad. If you want us to show proofs we will share it to seven mates from your data after that you will be given their contacts. So you will ask them if something strange was received about you. For some questions just reply. Dont be fullish, AmAZinGcRackeR$.

Scary, right? And there have been instances where victims’ computers were hacked, they were filmed in various states of undress (or worse) and then blackmailed that may make this threat seem all too real. But there are several indications that this is nothing more than a phishing scam, hoping to rope in active porn watchers with false threats (an easy demographic to target via mass email given that the world’s largest porn site, Pornhub.com, gets 75 million visitors PER DAY).

First, there is nothing in the email that demonstrates they know anything personally about you: it’s not addressed to you by name and there’s no detail about what site you supposedly visited and when. Nor did they supply a screenshot of the “self-abusing” they allege to have captured. In fact, they are explicitly discouraging you from asking for proof, by threatening to share said “proofs” with your “mates” if you ask. That is completely contrary to how we would expect a real hacker/blackmailer to act – if I wanted to scare the bejesus out of you to get you to pay, the first thing I would do is show you a compromising screen capture to prove that this is very, very real.

Another red flag is that when our readers ran scans using antimalware tools, no malware was detected. Antimalware tools aren’t perfect, but the better ones should have picked up the type of remote administration tool (RAT) described in the email.

Searching the web, there are reports of people receiving similar email scams, going back at least to last fall. The wording of the email varies, including where the scammers claim they’re from, the nature of their threat and the amount of money being demanded. Some people are falling for them, but fortunately not many. I researched a selection of the bitcoin accounts used in these scams and none of the emails had duped more than a handful of victims.

Unfortunately, these scams will likely continue and morph into new threats as the ubiquity of bitcoin makes it easier for scammers to hide behind these accounts and for victims to pay. In fact, while this article was originally written in March of 2018, Sophos security recently released a new study, based on millions of porn blackmail emails that were sent between September 2019 and March 2020, demonstrating this to be the case. During that period, sextortion emails made up 4.23% of all spam observed by Sophos. The study also showed scammers are using new methods for obfuscating email content to evade spam filters, enabling them to collect nearly a half million dollars in payments from victims during the same period. Fortunately, despite some payouts, potential victims seem to be becoming wise to the scam, as only half a percent of the Bitcoin addresses used in the spam messages received any payment, according to Sophos.

So, if you get one of these emails, should you pay the ransom before all your friends find out what you’ve been up to?

The answer is no, don’t be “fullish”.

[EDITOR'S NOTE REGARDING PASSWORD APPEARING IN THE EMAIL SCAM 7/12/18: A number of people have posted in the comments that they received a version of the email which includes a real password they've used in the past. Does this mean that they should be concerned? The answer is No and Yes. No, you shouldn't be concerned that your computer was hacked and you were actually filmed watching porn - it's still a scam. But, yes, you should be concerned that your password has been leaked through a data breach. Security researcher Troy Hunt has uncovered more than 500 million passwords leaked through these breaches. That password in the email was likely one of them. 

If it is still an active password for you, the scam email should be a big wake up call that you need to ensure you are using unique and secure passwords for every one of your accounts. We strongly recommend a password manager like Dashlane or 1Password , which will automatically check your passwords to see if they have been revealed in a breach and help you create unique, secure ones for every site.]

[EDITOR'S NOTE WARNING ABOUT ATTACHMENTS 7/20/18: One reader reported receiving an attachment titled "Invoice" with the porn scam email. If you get an attachment, DO NOT OPEN IT. Email attachments are one of the primary ways hackers use to install malware on your computer, which could turn this fake malware scam into a very real one.]

[EDITOR'S NOTE ABOUT EMAIL SPOOFING 10/19/18: Many readers are commenting that the porn blackmail email appears to be sent from their own email address, causing added concern the hacking claims may be real. But don't be fooled. Email spoofing has been around for a long time and is relatively easy to do. Usually the message headers will reveal the true sending email address. Here's how to tell if an email has been spoofed.]

[EDITOR'S NOTE ABOUT WORK VS PERSONAL EMAILS 1/21/19: A number of people are expressing concern in the comments that the blackmail email is coming to their work email, instead of their personal email (or both). It doesn't matter — an email address is a email address as far as this scam goes. Billions of emails have been leaked over the years, many of those from business-focused services such as Dropbox, LinkedIn and Adobe. If I check to see which of my email addresses have been involved in breaches, my work email has been breached many more times than my personal email.

Originally published 3/12/18. Updated 4/22/2020 with new data from Sophos

[Image credit: Man in a dark room at a computer via BigStockPhoto]


Topics

Computer Safety & Support, News, Computers and Software, Blog


Discussion loading

gravatar

From Jimmy on October 21, 2018 :: 1:10 am


I received one recently from someone telling me their username on the darkweb was XXXXXXX

and that they had hacked my email account recently, have access to my contacts, social media etc and been watching what i’d been visiting and taking a picture through my camera (i don’t even have one), and saying i’d been nonchalant on the internet and had to send a large amount of money through bitcoin because i’d been an exciting boy etc etc and that changing my passwords would be pointless anyway as they already gave themselves access to my computer, and they know when i’ve read the email, and have 48 hours from then before the data is sent to my contacts, if i pay they will delete the data as they have no need of it

Does all this sound familiar to others that have had this kind of email?

The first thing i did of course was run a rootkit check and virus check and nothing at all came up.

Reply

gravatar

From Claire on October 21, 2018 :: 4:37 pm


Received another one today with a different password (that I’d used ages ago) and darknet name. Hope it stops soon =/

Hello!

My nickname in darknet is hymie25.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from (email) is (password)

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $893 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I’ll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere!
Good luck!

Reply

gravatar

From Claire on October 21, 2018 :: 4:41 pm


Can I report this to anyone?

Reply

gravatar

From Jessica Gorski on October 21, 2018 :: 9:58 pm


HEY! I got this one and panicked for 24 hours, then relaxed. It’s over 48 hours now and I still have my privacy! .

Reply

gravatar

From Jessica on October 21, 2018 :: 7:14 pm


I had the same email, same email adress as mine too. I also had the same one again after, deleted that one. Unfortunately I did reply to the first one, I was so mad! I checked my sent emails and there was nothing which was reassuring.
I checked my activity too which showed me that other people from all around the world was trying to log into my account but was unsuccessful. Changed me email adress even though the hacker said there was no point. If it carries on I’ll try and report it to to whoever I can to get this sorted. My 48hrs isn’t up yet so shall see what will come of it. Sounds like nothing will which I’m happy about as it will be a pain to get it all sorted.

Reply

gravatar

From Jessica Gorski on October 21, 2018 :: 9:58 pm


HEY! I got this one and panicked for 24 hours, then relaxed. It’s over 48 hours now and I still have my privacy!

Reply

gravatar

From Jimmy on October 21, 2018 :: 10:49 pm


Today i received 3 more of the same email, they went straight to my junk which is where they will be staying, i might report them for phishing but honestly nothing would ever come of it anyway

Reply

gravatar

From VR on October 22, 2018 :: 1:35 am


I’ve received below email three days ago . First I was shocked and wondering what to do and I thought I will not pay any ransom to these people. Then I searched form internet and found this article .  thanks lot for writing this article it really help me to released my pressure.
Thanks again !!!

This is the mail I’ve received
=================================
Hi.

Hopefully you do not really mind my english sentence structure, considering
that im from Germany. I infected your machine with a virus and im in
possession of your private information from your operating system.

It was mounted on a mature web site after which you’ve selected the movie,
viewed it, my application quickly gain access to your computer.

After that, your cam started to record you hand partying, besides i
documented a movie that you have seen.

Soon after a short while in addition, it picked up every one of your social
contact list. If u want me to wipe out your all that i currently have -
transfer me 310 us in btc its a crypto-currency. It is my btc account
address - 14KBwFGCFcmfpur2W8gQg7YcJn61T1j44u

At this moment you will have 24hours. to decide Once i will get the deal i
am going to wipe out this movie and everything entirely. Otherwise, you
should remember that your footage is going to be forwarded to your friends.
=====================================

Reply

gravatar

From MJ on October 22, 2018 :: 7:01 am


So I received the following email this morning and had my work email as the sender…...................

My nickname in darknet is peder78.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from ‪(work email) is Xxxxxx.

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $830 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I’ll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere!
Good luck!
******************

My biggest concern is that it states my work email and password and references access to contact and social media etc. I have visited a popular pornsite previously and also visited an adult dating site. The English seems pretty good. Should I panic? Josh thoughts?

Thanks.

Reply

gravatar

From Denis on October 22, 2018 :: 10:04 am


I’ve received an email from
My nickname in darknet is zacherie99

My nickname in darknet is zacherie99.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

He has my email address and the exact password I was using a long time ago.

It goes on to say that

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I am very scared that this is real threat. Is it possible that this is just scam or should I be really worried

Reply

gravatar

From Rob on October 29, 2018 :: 6:14 pm


I received an almost identical email 10/28.  I also received a slightly different one a few weeks ago. Certainly very unsettling.  Mone asked for $240.

Reply

gravatar

From i dont know on October 22, 2018 :: 10:24 am


Hello!

I’m a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from (my e mail adress) on moment of hack: (some password i have used but not for this e mail - and last time i changed my password was 5 years ago so its not correct at all)

Of course you can will change it, or already changed it.
But it doesn’t matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I’ve never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!
BUT I’m sure you don’t want it.

Therefore, I expect payment from you for my silence.
I think $871 is an acceptable price for it!

Pay with Bitcoin.
My BTC wallet: 1YnYAxprVrTo1WzPPzMo86ste5Ssp4xsy

If you do not know how to do this - enter into Google “how to transfer money to a bitcoin wallet”. It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.
If this does not happen - all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)

Do not be silly!
Police or friends won’t help you for sure ...

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.
Farewell.

Reply

gravatar

From Idk on October 25, 2018 :: 7:01 pm


I got the same one yesterday

Reply

gravatar

From E Wei on November 01, 2018 :: 11:36 am


I got this same one today (well, just noticed it today) and they had one of my old passwords from a long time ago.  One question though - are hackers able to take screenshots or record through a phone camera? iPhone camera, to be more precise

Reply

gravatar

From E Wei on November 01, 2018 :: 11:37 am


thanks for this article, Josh. Panicked a little even though I didn’t have reason to haha.

Reply

gravatar

From Josh Kirschner on November 01, 2018 :: 6:22 pm


If your iPhone is not jailbroken, then it is very difficult to install spyware of that nature. The only situation I’m aware of where iPhones have been hacked in this way is via extremely expensive software used by state spy/law enforcement agencies. To my knowledge, this has not made its way into the general hacking world. So yes, it’s possible. But unless you’re a criminal target (or a political dissident or independent journalist in a country that frowns on those things), it’s highly unlikely this would happen to you.

Reply

gravatar

From Mike on October 23, 2018 :: 12:03 pm


For any one still worried about such emails, even after reading the many comments and examples on this site - my advice is to relax. Denis, you don’t need to be scared by this.

I received the first email like this about 6 months ago. I was on holiday and didn’t read it until days after the time limit had expired - and nothing had happened… Most recently, I received two last week, where the darknet name came up for the first time (ooh, scary). Again, my deadlines have expired and nothing has happened.

As others have pointed out, If these scumbags had anything, they’d send you a sample in the email to make sure you took them seriously. All they have on me is a public domain email address that I use on my website and a very old password used only on sites where the hacking of their data could have no impact on my life. The junkmail folder is too good for these messages. It is just a pity the people sending these messages can’t be locked away, where they belong. My suggestion is to make sure you password security is up to scratch and move on.

Reply

gravatar

From Rockynator on October 23, 2018 :: 1:26 pm


I got this from ” Orren Gennari ” = orrenlin137@mail.ru

“xxxxxxxxx is o‌n‌e o‌f your pass wo‌rds. L‌ets g‌et di‌r‌ectly to‌ th‌e po‌i‌nt. No‌t o‌n‌e p‌erso‌n has co‌mpensa‌t‌ed m‌e to‌ inv‌esti‌ga‌t‌e about yo‌u. Yo‌u do‌ no‌t kno‌w m‌e a‌nd you’r‌e mo‌st li‌k‌ely thi‌nki‌ng why yo‌u ar‌e getti‌ng thi‌s ‌e mail?

W‌ell, i‌ i‌nstall‌ed a‌ malwa‌r‌e o‌n th‌e xxx vi‌ds (po‌rno‌) web si‌t‌e and guess wha‌t, yo‌u vi‌si‌t‌ed thi‌s w‌eb si‌t‌e to‌ exp‌eri‌enc‌e fun (yo‌u kno‌w wha‌t i m‌ea‌n). Wh‌en yo‌u wer‌e vi‌‌ewi‌ng vid‌eo cli‌ps, yo‌ur bro‌ws‌er sta‌rted o‌ut functioni‌ng a‌s a R‌emot‌e co‌ntro‌l Desktop that has a key lo‌gg‌er whi‌ch pro‌vid‌ed m‌e with a‌cc‌ess to yo‌ur di‌spla‌y scr‌e‌en a‌nd a‌lso w‌eb cam. after tha‌t, my so‌ftwa‌re pro‌gra‌m gath‌ered your ‌enti‌r‌e co‌nta‌cts fro‌m yo‌ur M‌ess‌eng‌er, social n‌etworks, and ‌ema‌i‌l . a‌nd then i mad‌e a‌ vi‌d‌eo. Fi‌rst pa‌rt di‌spla‌ys the vi‌d‌eo you w‌ere vi‌‌ewi‌ng (yo‌u have a go‌o‌d tast‌e lo‌l . . .), a‌nd s‌eco‌nd pa‌rt sho‌ws the r‌eco‌rding o‌f yo‌ur ca‌m, & it is u” ... continue…

Reply

gravatar

From Rockynator on October 23, 2018 :: 4:35 pm


So i do not nothing but only clicking “answer”-button and then senders name , so i see that my email proba ly comes from Russian.
ip-address i like to searcu but i do know how

Reply

gravatar

From Terry on October 23, 2018 :: 2:57 pm


Take a look at https://www.businessinsider.com/new-email-scam-uses-old-password-fake-porn-threats-webcam-video-bitcoin-2018-7

Reply

gravatar

From Josh Kirschner on October 23, 2018 :: 8:56 pm


BI was a little late to the game (we reported on this four months earlier) but, yeah, same thing.

Reply

gravatar

From micaela on October 24, 2018 :: 12:48 am


hello!
my nickname in darknet is harv67.
i hacked this email more than six months ago. through it i infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

so, your password is****** from ***********
even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

i have access to all your accounts, social networks, email,browsing history. accordingly, i have the data of all your contacts, files from your computer,photos and videos.

i was most struck by the intimate content sites that you occasionally visit.
you have a very wild imagination, i tell you!

during your pastime and entertainment there, i took screenshot through the camera of your device, synchronizing with what you were watching. oh my god! you are so funny and excited!

i think that you do not want all your contacts to get these files, right?
if you are of the same opinion, then i think that 899$ is quite a fair price to destroy the dirt i created.

send the above amount on my btc wallet (bitcoin):1NXNt72qfMhPZDffUEqryEUzyR6LmgH as soon as the above amount is recived i guarantee that the data will be deleted, i do not need it.

otherwise these files and history of visiting sites will get all your contacts from your device.also, ill send to everyone you contact access to your email and access logs, i have carefully saved it!

since reading this letter you have 48 hours! after your reading this message, ill recive an automatic notification that you have seen the letter.

i hope i taught you a good lesson. do not be so nnonchalant , please visit inly to proven resources, and dont enter passwords anywere!
good luck!

i use my cellphone to open my emails, im assuming this is also a scam but i also noticed it was a bit different than some of the others people received, one thing that tipped me off after i got over the panic was that the password was the first one i ever used and was around 12 years old. i had changed it to something more secure years and years before i received this email i got it on the 20th of October and it has been well past the deadline and my “dirt” has yet to be sent out as far as i know.

Reply

gravatar

From Jimmy 2shoes on October 24, 2018 :: 3:43 am


My email I got is very similar to these.

However they had my password mentioned in it for this one email address which was it or at least very close to it woth a number at the end missing.

Plus they sent it from the email that was hacked to my main email I use - so not sure how they got that and I guess that’s why I’m a bit more worried.

Reply

gravatar

From Josh Kirschner on October 24, 2018 :: 8:57 am


I talk about email spoofing in the article above. That should alleviate your concerns.

Reply

gravatar

From Amy on October 24, 2018 :: 7:02 am


I received a similar email but due to some other personal reasons and safety decided fo delete the account permanently.
Did I gain more attention doing that? I’m really concerned.

It mentioned something like, “remember months ago that your account was hacked, it was me. Proof is that this email comes from your addresss and I have the password you had by then (mentioned an old pass) probably you already changed it but it doesn’t matter I already have it” ... and so one asking bitcoin and same menaces previously mentioned.
Thanks.

Reply

gravatar

From Karen on October 24, 2018 :: 11:51 am


I have received two emails as above, but both have been sent from my own email address. I’ve clicked in the headers and it’s still my email address. They also quoted one of my passwords, although it’s not the one I have for my email account as they say (but could have been before) What should I do? Thanks for any help.

Reply

gravatar

From Josh Kirschner on October 25, 2018 :: 1:51 pm


I explored this issue with Karen and we confirmed that it was another example of spoofing. In this case, the sending IP address was a server host in South Africa, not Microsoft, which makes it pretty clear the email was not really coming from a Hotmail account. Also, for those who want to get a little more technical, the SPF authentication was a “SoftFail” because the sending server (in South Africa) was not authorized to send for that domain (hotmail.com). Only legitimate emails should result in an SPF “Pass” result.

Reply

gravatar

From SystemAdmin on October 25, 2018 :: 1:18 pm


We have been plagued with these on a number of client sites. Most of them use Exchange Server so we added this simple transport rule at the organizational level to intercept them. It looks for the word “bitcoin” in the message body and redirects it to another mailbox for review.

New-TransportRule -Name ‘Filter out BITCOIN messages’ -Comments ‘Re-direct any messages with the word BITCOIN in them’ -Priority ‘0’ -Enabled $true -SubjectOrBodyContainsWords ‘bitcoin’ -RedirectMessageTo ‘System.Administrator@ourdomain.com’ -ExceptIfFromScope ‘InOrganization’

A similar approach could be used with other SMTP servers.

Reply

gravatar

From Sally Jones on October 25, 2018 :: 11:05 pm


I’ve rec’d similar email, but my ransom is $6000 bitcoins ; should the large ransom be indication of a real case?

Reply

gravatar

From Josh Kirschner on October 25, 2018 :: 11:14 pm


Bigger ransom just means bigger scam.

Reply

gravatar

From Rick on October 26, 2018 :: 8:08 am


More than the sextortion threat, scam emails received as a job application almost got me. In my work email, I got the following email for the first time.

Good Afternoon,
My name is [name removed]  and I’m interested in a position.

I’ve attached a copy of my resume.
The password is “1234”

Thank you!


My company is actively receiving real applications, and sometimes people do send email directly (I suppose), so it looks legit. I did open the attachment and foolishly typed in the password. Thankfully MS Word detect a macro and disabled opening, so hooray for using the latest version of MS Word.

Reply

gravatar

From Mr Smith on October 26, 2018 :: 4:14 pm


I too received an email with darknet nickname, my work email and password requesting bitcoin or they would reach out to contacts exposing habits etc.

The time has now passed and nothing has happened. The spoofing notes by editor answers how they used my work email as sender. Still blows me away though that when I tap sender it accesses my personal contact details in phone.

I think the subscriber who referenced ‘exchange’ is on to something because I’m pretty sure my work email is powered by exchange. But also because I received another email to the same address this morning informing me that some terms and policies have been updated and to access the link for more. Although it’s not requesting anything the red flag is that once again sender is me. The organisation I work for would not send emails this way. Needless to say I will not be touching the link and have since forwarded it on. Unlike the initial email this did not mention any hot words like Bitcoin so I’m guessing this is why the email came through to my inbox without any attention or warning from my employer.

Maybe it’s time for my employer to change my email if I continue to receive emails similar to these in the future.

Josh, appreciate your follow up notes in thread.

Reply

gravatar

From Shalom on October 26, 2018 :: 5:12 pm


is your password. Lets get directly to the point. You may not know me and you’re most likely thinking why you’re getting this e mail? No person has compensated me to investigate you.

Well, I placed a software on the 18+ streaming (pornography) web site and there’s more, you visited this site to experience fun (you know what I mean). While you were viewing videos, your internet browser started out working as a Remote Desktop that has a keylogger which gave me accessibility to your display and also cam. Just after that, my software collected all of your contacts from your Messenger, social networks, as well as e-mail . And then I created a double video. 1st part displays the video you were watching (you have a good taste lmao), and 2nd part shows the recording of your webcam, yeah it is u.

You have two different alternatives. Lets take a look at these types of options in aspects:

First alternative is to neglect this e mail. In this case, I am going to send out your actual recorded material to every single one of your contacts and also just consider about the shame you feel. Do not forget should you be in an affair, precisely how this will affect?

Other solution will be to give me $7000. We will call it a donation. Subsequently, I will right away erase your video recording. You can continue your daily life like this never happened and you will not hear back again from me.

You’ll make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1BsdGwXrznfFy3XdqnVvybeoaLhLsmsjZT
[CASE-sensitive, copy and paste it]

If you may be wondering about going to the police, good, this mail can not be traced back to me. I have taken care of my steps. I am just not trying to ask you for so much, I simply want to be paid for.

You have one day to pay. I’ve a special pixel in this mail, and right now I know that you have read through this mail. If I don’t receive the BitCoins, I will, no doubt send out your video to all of your contacts including friends and family, co-workers, and so on. Having said that, if I do get paid, I will erase the video right away. If you need proof, reply with Yes! & I definitely will send out your video to your 14 friends. This is the non:negotiable offer therefore do not waste my time and yours by responding to this e mail.

Reply

gravatar

From Just a random hit on October 26, 2018 :: 5:31 pm


My email asked for $6000….
I figure if it was real they’d ask for something I might be able to pay since I sure couldn’t pay that even if I wanted to.

Thanks for the information though since I always research anything I think could be a scam this really made me feel better.

BTC address:
18yRj6Nn3UEgmD8cnV5LgshzS5r3Vu3iEv
Sender was listed as Aaron@Smith968.edu

Reply

gravatar

From Pa on October 26, 2018 :: 10:35 pm


Someone tried to scam a friend accusing them of having child porn on his computer. The thing is that apparently they had remote access to his computer and parts of his computer are not working since he failed to pay the extortion demand. How can you recover the computer? And make sure they didn’t plant child porn in the process?

Reply

gravatar

From Rh on October 27, 2018 :: 4:10 am


I got this and wasn’t worried as I get lots of junk but the email it is sent from is actually mine. Says ‘Me’ when I click on it it comes up with my real email and my whole contact info. Does this mean there is someone using my account?

Reply

gravatar

From Alice Khayinza on October 27, 2018 :: 11:22 am


Received a similar email today . .
Asking for 859$ in bitcoin with a link to where I should send the money.
Given 48 hours to do so otherwise all my contacts will be given salicious pictures of me. I have never logged onto a porno site in my life. Now they say they have pictures of me through their malware on phone doing what they exactly I don’t know. The password is one I used on Pinterest. Should I be worried!

Reply

gravatar

From User on October 27, 2018 :: 12:40 pm


Have I been hacked? I have received the same bitcoin email, but it was sent from my own account?

Reply

gravatar

From Julia on October 28, 2018 :: 1:45 pm


So, I keep getting a whole bunch of similar emails to this, but one ACTUALLY was sent from me, to me - I checked my Sent folder and the emails was there

Reply

gravatar

From Josh Kirschner on October 29, 2018 :: 11:39 am


It’s certainly possible that someone hacked your email account and sent the email from your own account, but this is the far less likely scenario.  And, frankly, if a hacker has access to your email account, there are far better ways to rip you off than through a lame pron blackmail scam. Are you sure you don’t have mail forwarding to yourself from an older account that may make it seem like it you sent the original? If you think it was sent from your account, it would be safest to follow our steps for what to do when your email gets hacked.

I would also be willing to take a look at the header information of the original email (I would need to see the full headers), if you can take a screen shot and send it to me. josh at techlicious dot com.

Reply

gravatar

From Julia on October 29, 2018 :: 8:20 pm


yeah, I’ll pass the header info along. And since it’s in my Sent folder, I’m not sure how that would make it “seem” like it came from my own account. Wouldn’t that only show emails that came from that particular account? How in the world could someone spoof that?

Reply

gravatar

From Josh Kirschner on October 30, 2018 :: 6:00 pm


I took a look at the header info you sent me and it was clearly not sent from your email. The sending IP address is from an unrelated company in Japan (and it failed its SPF validation, too, as a permitted sender for your domain).

As to why it is appearing in your sent folder, I think that is just a function of how your email interface is handling the spoofed address. Since your real email is in the “From” field (even tough it’s spoofed), your email system must be pulling things into your “Sent” folder based on that.

gravatar

From Gerry Rigley on October 29, 2018 :: 4:58 am


I will start by admitting that I am a complete TECHNOPHOBE I can switch my computer on and off, read my emails and do a search on google and that’s my lot, but I hear every day on the TV and read on the internet about all these amazing six year olds that can hack into the white house and do amazing things, so why is it not possible for some clever dick to backtrack on these idiots sending these emails and find who and where they are, if someone can explain please in easy to understand, non gobbledigook language I would really appreciate it.  Thanks…  Gerry

Reply

gravatar

From Josh Kirschner on October 29, 2018 :: 11:55 am


I think we all wish these folks could be tracked down and suffer the appropriate punishment for their evil ways. And, given enough resources, it is possible to do that, in most cases. However, it is not easy to do.

Most of these scammers are hidden behind anonymous VPN or TOR networks, receive payment into anonymous bitcoin accounts and are based in countries that don’t play well with US or European law enforcement. So, while the FBI could trace back IP addresses (if they can get past the encryption and lack of user logging), get search warrants for user information from foreign server hosting companies (which may be ignored), spend effort trying (perhaps in vain) to match server access records with individual users (if the records exist), only to find that the person they’re after resides in a country which doesn’t cooperate with US law enforcement or for which these activities aren’t even illegal, the likelihood of success is very low and the costs are very high.

So the FBI chooses to focus its resources on the bigger criminal syndicates and highest profile scammers/spammers, rather than the thousands/tens-of-thousands of small-time scammers. That’s why it’s so important for all of us to be proactive at managing our own internet safety and learn how to spot and avoid these scams.

Reply

gravatar

From Vicky Powell on October 29, 2018 :: 8:26 pm


I did wonder if some porn sites could actually be selling data too. A lot of them have mafia type undertones and I wouldn’t put it past them,. Not data on what is watched but email addresses, passwords etc. It may be a coincidence but I accessed one as was following up from a thread on a women’s forum about something I thought was really gross and was curious (honest, it certainly was t my bag!) and literally about 2 weeks later I got one of these. It might just be coincidence, but certainly haven’t had them before and I do know I was compromised with a couple if the data breaches.  Mine was one of the strange ‘came from myself’ emails too but as there was nothing in the sent box I was pretty sure it was a scam and to honest they would just have captured me staring somewhat incredulously at a screen!!

Reply

gravatar

From Josh Kirschner on October 30, 2018 :: 10:36 am


Porn sites, at least the major ones, are big businesses who would have a lot to lose if it were revealed that they were selling user data. And if this were information from a specific porn site, it would make more sense to create a more detailed letter to convince you it’s real(that is, at least name the site, if not specific videos or access times). But all the letters I’ve seen provide none of that - they’re just generic notes anyone could create using data from one of dozens of various data breaches.

Reply

gravatar

From Grace on October 30, 2018 :: 2:58 am


I got an email today from my school email address:


He‌llo‌

So‌ I a‌m a‌ ha‌cke‌r who‌ cra‌cke‌d yo‌u‌r e‌-ma‌i‌l a‌nd de‌vi‌ce‌ a‌ co‌u‌ple‌ o‌f we‌e‌ks ba‌ck.

Yo‌u‌ e‌nte‌re‌d yo‌u‌r pa‌sswo‌rd o‌n o‌ne‌ o‌f the‌ we‌b-si‌te‌s yo‌u‌ vi‌si‌te‌d, a‌nd I i‌nte‌rce‌pte‌d i‌t.

He‌re‌ i‌s the‌ se‌cu‌ri‌ty pa‌sswo‌rd fro‌m ******MY EMAIL******** o‌n mo‌me‌nt o‌f ha‌ck: grace ****(my name)*****

Of co‌u‌rse‌ yo‌u‌ ca‌n ca‌n cha‌nge‌ i‌t, o‌r pe‌rha‌ps a‌lre‌a‌dy cha‌nge‌d i‌t.

The‌n a‌ga‌i‌n i‌t wo‌n’t ma‌tte‌r, my ma‌li‌ci‌o‌u‌s so‌ftwa‌re‌ u‌pda‌te‌d i‌t e‌ve‌ry ti‌me‌.

Do‌ no‌t re‌a‌lly co‌nsi‌de‌r to‌ ge‌t i‌n to‌u‌ch wi‌th me‌ pe‌rso‌na‌lly o‌r e‌ve‌n fi‌nd me‌, i‌t i‌s i‌mpo‌ssi‌ble‌, si‌nce‌ I se‌nt yo‌u‌ e‌ma‌i‌l fro‌m yo‌u‌r e‌ma‌i‌l a‌cco‌u‌nt.

Vi‌a‌ yo‌u‌r e‌ ma‌i‌l, I u‌plo‌a‌de‌d ha‌rmfu‌l pro‌gra‌m co‌de‌ to‌ yo‌u‌r Ope‌ra‌ti‌o‌n Syste‌m.

I sa‌ve‌d yo‌u‌r e‌nti‌re‌ co‌nta‌cts to‌ge‌the‌r wi‌th bu‌ddi‌e‌s, fe‌llo‌w wo‌rke‌rs, re‌la‌ti‌ve‌s a‌nd a‌lso‌ the‌ fu‌ll hi‌sto‌ ;ry o‌f vi‌si‌ts to‌ the‌ Wo‌rld wi‌de‌ we‌b re‌so‌u‌rce‌s.

As we‌ll I se‌t u‌p a‌ Tro‌ja‌n o‌n yo‌u‌r syste‌m.

Yo‌u‌ a‌re‌n’t my o‌nly ta‌rge‌t, I typi‌ca‌lly lo‌ck co‌mpu‌te‌rs a‌nd a‌sk fo‌r a‌ ra‌nso‌m.

Ho‌we‌ve‌r I wa‌s hi‌t by the‌ we‌b-si‌te‌s o‌f i‌nti‌ma‌te‌ co‌nte‌nt tha‌t yo‌u‌ no‌rma‌lly sto‌p by.

I a‌m i‌n i‌mpa‌ct o‌f yo‌u‌r cu‌rre‌nt fa‌nta‌si‌e‌s! I’ve‌ ne‌ve‌r o‌bse‌rve‌d a‌nythi‌ng a‌t a‌ll li‌ke‌ thi‌s!

So‌, whe‌n yo‌u‌ ha‌d e‌njo‌yme‌nt o‌n pi‌qu‌a‌nt i‌nte‌rne‌t si‌te‌s (yo‌u‌ kno‌w wha‌t I me‌a‌n!) I ma‌de‌ scre‌e‌n sho‌t wi‌th u‌si‌ng my pro‌gra‌m thro‌u‌gh yo‌u‌r ca‌me‌ra‌ o‌f yo‌u‌rs de‌vi‌ce‌.

Fro‌m the‌n o‌n, I pu‌t to‌ge‌the‌r the‌m to‌ the‌ co‌nte‌nt o‌f the‌ pa‌rti‌cu‌la‌r cu‌rre‌ntly se‌e‌n we‌bsi‌te‌.

The‌re‌ i‌s go‌i‌ng to‌ be‌ la‌u‌ghte‌r whe‌n I se‌nd the‌se‌ sho‌ts to‌ yo‌u‌r a‌cqu‌a‌i‌nta‌nce‌s!

BUT I a‌m su‌re‌ yo‌u‌ do‌ no‌t wa‌nt thi‌s.

He‌nce‌, I e‌xpe‌ct to‌ ha‌ve‌ pa‌yme‌nt fro‌m yo‌u‌ i‌nte‌nde‌d fo‌r my qu‌i‌e‌t.

I thi‌nk $900 i‌s a‌n sa‌ti‌sfa‌cto‌ry pri‌ce‌ re‌ga‌rdi‌ng thi‌s!

Pa‌y wi‌th Bi‌tco‌i‌n.

My BTC wa‌lle‌t a‌ddre‌ss: 1HMaDdEhSQbc12B5Rb9qHUZNnWXF5xXPJL

In ca‌se‌ yo‌u‌ do‌ no‌t re‌a‌lly kno‌w ho‌w to‌ do‌ thi‌s - e‌nte‌r i‌nto‌ Go‌o‌gle‌ ‘ho‌w to‌ tra‌nsfe‌r mo‌ne‌y to‌ a‌ bi‌tco‌i‌n wa‌lle‌t’. It i‌s e‌a‌sy.

Imme‌di‌a‌te‌ly a‌fte‌r ge‌tti‌ng the‌ gi‌ve‌n a‌mo‌u‌nt, a‌ll yo‌u‌r i‌nfo‌rma‌ti‌o‌n wi‌ll be‌ stra‌i‌ght a‌wa‌y e‌li‌mi‌na‌te‌d a‌u‌to‌ma‌ti‌ca‌lly. My ma‌lwa‌re‌ wi‌ll a‌d di‌ti‌o‌na‌lly cle‌a‌r a‌wa‌y i‌tse‌lf o‌u‌t o‌f yo‌u‌r o‌pe‌ra‌ti‌ng-syste‌m.

My Tro‌ja‌n ha‌ve‌ a‌u‌to‌ a‌le‌rt, so‌ I kno‌w whe‌n thi‌s spe‌ci‌fi‌c e‌ ma‌i‌l i‌s re‌a‌d.

I gi‌ve‌ yo‌u‌ two‌ da‌ys (48 ho‌u‌rs) fo‌r yo‌u‌ to‌ ma‌ke‌ the‌ pa‌yme‌nt.

If thi‌s do‌e‌s no‌t ha‌ppe‌n - ju‌st a‌bo‌u‌t a‌ll yo‌u‌r fri‌e‌nds wi‌ll ge‌t cra‌zy pi‌ctu‌re‌s fro‌m yo‌u‌r da‌rk se‌cre‌t li‌fe‌ a‌nd yo‌u‌r syste‌m wi‌ll be‌ blo‌cke‌d a‌s we‌ll a‌fte‌r 48 ho‌u‌rs.

Do‌ no‌t e‌nd u‌p be‌i‌ng si‌lly!

Po‌li‌ce‌ fo‌rce‌ o‌r pa‌ls wo‌n’t su‌ppo‌rt yo‌u‌ fo‌r su‌re‌ ...

P.S I ca‌n pro‌vi‌de‌ yo‌u‌ wi‌th re‌co‌mme‌nda‌ti‌o‌n wi‌th re‌ga‌rd to‌ the‌ fu‌tu‌re‌. Ne‌ve‌r type‌ i‌n yo‌u‌r pa‌sswo‌rds o‌n u‌nsa‌fe‌ i‌nte‌rne‌t si‌te‌s.

I wi‌sh fo‌r yo‌u‌r di‌scre‌ti‌o‌n.

Fa‌re‌we‌ll.


even though my name is in the from box, I looked and it says adam419smith@yahoo jb. should I be worried????? by the way, I don’t go on porn sites or anything, but I have used putlocker in the past (not in the last three months)

Reply

gravatar

From Josh Kirschner on October 30, 2018 :: 10:41 am


That is exactly the type of email spoofing I describe in the article.

FWIW, the technical discussion in the email you got is pretty humorous, too. Sounds like someone who has no idea how malware works just pulling things out of the air. I’m surprised they’re even technically savvy enough to use bitcoin.

Reply

gravatar

From grace on October 30, 2018 :: 5:28 pm


Thank you so much!

Reply

gravatar

From Polina on October 30, 2018 :: 2:40 pm


My Email has my email from other email-box and a password from another WebSite smile. Author ist Aaron196Smith@yahoo.jp
I should pay 900 Dollar into wa‌lle‌t a‌ddre‌ss: 12pWkM6PnbZbDdRokwJEGAofZFBFqpSnKX.
“If thi‌s do‌e‌s no‌t ha‌ppe‌n - e‌ve‌ry yo‌u‌r co‌nne‌cti‌o‌ns wi‌ll ce‌rta‌i‌nly ge‌t nu‌ts pi‌ctu‌re‌s fro‌m yo‌u‌r da‌rk se‌cre‌t li‌fe‌ a‌nd yo‌u‌r de‌vi‌ce‌ wi‌ll be‌ blo‌cke‌d a‌s we‌ll a‌fte‌r 48 ho‌u‌rs.”
It comes tomorrow

Reply

Read More Comments: 1 2 3 4 5 6 7 8 9 10 11 12 13 14

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.