In the past few months, there has been a wave of messages where spammers include a password or a part of it that might have been used in the past for some services or is even still a valid one. The message also claims that they have placed a virus on your computer and have used your webcam to capture pictures or videos of you, while watching websites with adult content. Moreover, the spammers are asking for a ransom through a bitcoin or some other cryptocurrency payment; otherwise, these files would be sent to various names of your contact list.

No matter how stressful or believable such a message seems – you should not panic. The fact that they have quoted a password you might have used doesn’t make such blackmailing attempts less fake. In fact, there are several things that just don’t hold water in these messages.

You should not be worried, since there aren’t any personal details in the message. There aren’t any attached screenshots, pictures or videos of you they claim to have captured. There are different variations of the content, but all of them are essentially the same – empty threats. Here is the most recent version of the scam:

Hello,
I am a spyware software developer. Your account has been hacked by me in the summer of 2018.
I understand that it is hard to believe, but here is my evidence (I sent you this email from your account).
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
I went around the security system in the router, installed an exploit there. When you went online, my exploit downloaded my malicious code (rootkit) to your device. This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol). That is, I can see absolutely everything that you do, view and download your files and any data to yourself. I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt... on you... I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
I know what you like hard funs (adult sites). Oh, yes .. I'm know your secret life, which you are hiding from everyone. Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... 🙂
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera. Believe it turned out very high quality!
So, to the business! I'm sure you don't want to show these files and visiting history to all your contacts.
Transfer $998 to my Bitcoin cryptocurrency wallet: 1JwRp2J8bQcoG8XTUbxQZaEj9QB4RB6zEa
My system automatically recognizes the translation. As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system. Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position. You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours. If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material.
I advise you to remain prudent and not engage in nonsense (all files on my server).
Good luck!  

The messages are based on templates with slight modifications to the content. The main purpose, however, is still the same – trying to blackmail you. Here is what the template from September looks like:

From: “#FNAME#” 
Subject: Re: Your {social|public|personal} life is about to get
{destroyed|ruined|damaged|demolished|shattered}
Date: Tue, 11 Sep 2018 04:08:53 -0700
Importance: normal
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=UTF-8
Message-ID:
{Well|Okay} {i will|i’ll|I am going to|let me|i’m going to} {make it|ensure it is} as {quick and|fast and} short {as possible|possibly can|as it can be},
{Few months|Couple of months|Month or two|Few days} back while visiting one of {hacked|compromised} {websites|web sites|web-sites}, your {computer|pc|personal computer} {was|was in fact} {infected|taken over} by our {Virus|Trojan|Malware|Viruses}
{and it|also it|plus it| and it also} {hacked|broken into|broken in to} {all your|all of your|your entire|your complete} network devices such as your
{smartphone|smart phone|mobile phone|cell phone|phone}, {ever since|since that time|since then|ever since that time} its {collecting|gathering} {great deal of|good deal of|lots of|large amount of|massive amount of} {details|information|important information} {about you|about yourself} {using your|utilizing your} {computer|pc|personal computer} {and your|as well a your|plus your|including your} {smartphone|cell phone|mobile phone|phone|smart phone} , {we got| we’ve got|we have got|we have} your {videos|video clips} , {images|pictures|photos} , call {recordings|audio recordings} , {contacts|connections} , your {social|media|social network} {contacts|connections} , your {emails|e-mails} , your {address|home address|street address} {and even|as well as|and also} {videos|video clips} of your changing {dress|clothing|clothes} , {bathing|showering} etc
{I know|I understand|I’m sure|I am sure} its {quite|very|really|extremely} {disturbing|distressing|worrisome|distressful} for you {and you should|and you outh to|and you’ll|you’re going to be} be {wondering|questioning|asking yourself|thinking} what should you do ? {isnt|isn’t} it ?
{Relax|Loosen up|Take it easy|Chill out|Calm down} {take a deep breath|breathe deeply} , dont {panic|stress|freak out|be scared} {and read|and focus} {carefully|very carefully} now, {if you wish|if you want} these audio video recordings, {emails|e-mails}, {computer data|data|computer files},{Phone|Mobile phone|Cell phone|Cellphone|Mobile} data, {pictures|photos|images|photographs|pics} etc {and your|as well as your|including your|plus your|along with your|and also your} other secrets ({you can|you’ll be able to} guess it {very well|well|really well}) {to remain|to stay} {between|inbetween} {us|you and me}, {and do not|and don’t} want me to share it {with your|along with your|with all your} {loved ones|family members|relatives},{best friends|close friends|good friends|friends}, colleagues, or on {mainstream|popular|well known|well-known} {websites|web sites|web-sites} like {Facebook|Fb}, Reddit, Xvideos, Pornhub {and others|as well as others|and many others} , {there is|there’s a} simple {way out|way to avoid it|way to avoid}.
{Simply|Simply just} pay {500$|550$|600$} {worth of|amount of} bitcoin to my bitcoin wallet address, {in my opinion|I think|I believe|I really believe|if you ask me|I do believe|from my opinion|I do think|there’s no doubt that|I feel|to my opinion} its really fair and low amount to {keeping your|maintaining your} little secret. ({if you do not|if you don’t} know this, search “how {to buy|to purchase} bitcoin” {in Google|search engines like google.})
{BTC|Bitcoin} Address: #WAL#
({It is|It’s} case sensitive, so copy and paste it)
{Important|Very important):
{You have|You’ve|You’ve got} {one day|few days|3 days|5 days|1 day|some days} {in order to make|to make} the payment. ({I’ve|I have} a {unique|special|completely unique} pixel {in this|within this} {e mail|e-mail}, and at this moment {I know|I am aware} {that you have|you have|that you’ve} {read through|read} this email message). If I {do not get|don’t get} the BitCoins, I will certainly {send out|send} your {video recording|videos} to all of your contacts including {relatives|family members|family}, {coworkers|colleagues|co-workers}, {and so on|and so forth}. Having said that, if I {receive the|get the} payment, I’ll destroy {the video|the recording} immediately. {If you need|If you want|If you’d like} evidence, reply with “Yes!” {and I will|and I’ll} {certainly|definitely|undoubtedly} {send out|send mail out} your {video recording|videos} to your {2|3|5|6} contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by {responding to|answering} this message.

Most of these messages come from various botnets which are, basically, compromised individual accounts controlled by the spammers. There have been reports of messages coming from compromised servers deliberately used for such purposes – scam, blackmailing and spreading malware.

Regarding the passwords which are quoted in these “sextortion” attempts

There is a high possibility that your password has been obtained from some of the leaked databases around the web. There are many cases of data breaches and leaked information, such as usernames and passwords. Such cases include big names like Adobe which were hacked in October 2013 and 153 million accounts were breached. In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Dropbox has also underwent through a data breach in 2012 and more than 60 million accounts were subsequently traded online.

You can see a list of such data breaches at https://vigilante.pw/ and also check if your email address has been used for some compromised services at: https://haveibeenpwned.com/.

What you need to do when you receive such blackmail scam:

As a precaution, we recommend that you change your mailbox password. Since the same password might have been used at some compromised website, using it for another service is a security problem.

Re-using your passwords for multiple services should be avoided. Every single password you have should be unique. Using a password manager is also a good choice. Some of them provide even a feature to create an encrypted backup of your locally saved passwords.

Do not send any money to the hacker. Simply ignore and delete the message. You can also inform your colleagues to do the same if they receive such a scam message.

Our anti-spam mechanisms are ready to block such messages. SpamAssassin is one of the most effective pieces of software used to fight spam. This tool uses Bayesian classifier too, which means that it is self-learning. It learns from your incoming mail, and it’s tailored to your unique email flow. Once it starts its machine learning from incoming spam keywords and patterns, it will improve over time and filter spam more efficiently.

More information about it is available at:
https://tickets.suresupport.com/faq/article-1090/en/spamassassin_2

Sometimes, this message comes from your own domain or even your own mailbox which is even more frustrating. Having an SPF record will greatly reduce the deliverability of such spoofed messages. With this protection, only our server will be listed as an allowed sender for your domain. Adding DKIM protection is also strongly recommended. Basically, with DKIM protection enabled, a digital signature is added to the header of each outgoing message, validating it that it’s legitimate and was indeed sent by you.

If your domain name is using our nameservers, both SPF and DKIM can be easily enabled via the DNS Manager section of our Control Panel.

You can report these blackmailing attempts to the following authorities:


Author