In the past few months, there has been a wave of messages where spammers include a password or a part of it that might have been used in the past for some services or is even still a valid one. The message also claims that they have placed a virus on your computer and have used your webcam to capture pictures or videos of you, while watching websites with adult content. Moreover, the spammers are asking for a ransom through a bitcoin or some other cryptocurrency payment; otherwise, these files would be sent to various names of your contact list.

No matter how stressful or believable such a message seems – you should not panic. The fact that they have quoted a password you might have used doesn’t make such blackmailing attempts less fake. In fact, there are several things that just don’t hold water in these messages.

You should not be worried, since there aren’t any personal details in the message. There aren’t any attached screenshots, pictures or videos of you they claim to have captured. There are different variations of the content, but all of them are essentially the same – empty threats. Here is the most recent version of the scam:

Hello,
I am a spyware software developer. Your account has been hacked by me in the summer of 2018.
I understand that it is hard to believe, but here is my evidence (I sent you this email from your account).
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
I went around the security system in the router, installed an exploit there. When you went online, my exploit downloaded my malicious code (rootkit) to your device. This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol). That is, I can see absolutely everything that you do, view and download your files and any data to yourself. I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt... on you... I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
I know what you like hard funs (adult sites). Oh, yes .. I'm know your secret life, which you are hiding from everyone. Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... 🙂
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera. Believe it turned out very high quality!
So, to the business! I'm sure you don't want to show these files and visiting history to all your contacts.
Transfer $998 to my Bitcoin cryptocurrency wallet: 1JwRp2J8bQcoG8XTUbxQZaEj9QB4RB6zEa
My system automatically recognizes the translation. As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system. Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position. You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours. If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material.
I advise you to remain prudent and not engage in nonsense (all files on my server).
Good luck!  

The messages are based on templates with slight modifications to the content. The main purpose, however, is still the same – trying to blackmail you. Here is what the template from September looks like:

From: “#FNAME#” 
Subject: Re: Your {social|public|personal} life is about to get
{destroyed|ruined|damaged|demolished|shattered}
Date: Tue, 11 Sep 2018 04:08:53 -0700
Importance: normal
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=UTF-8
Message-ID:
{Well|Okay} {i will|i’ll|I am going to|let me|i’m going to} {make it|ensure it is} as {quick and|fast and} short {as possible|possibly can|as it can be},
{Few months|Couple of months|Month or two|Few days} back while visiting one of {hacked|compromised} {websites|web sites|web-sites}, your {computer|pc|personal computer} {was|was in fact} {infected|taken over} by our {Virus|Trojan|Malware|Viruses}
{and it|also it|plus it| and it also} {hacked|broken into|broken in to} {all your|all of your|your entire|your complete} network devices such as your
{smartphone|smart phone|mobile phone|cell phone|phone}, {ever since|since that time|since then|ever since that time} its {collecting|gathering} {great deal of|good deal of|lots of|large amount of|massive amount of} {details|information|important information} {about you|about yourself} {using your|utilizing your} {computer|pc|personal computer} {and your|as well a your|plus your|including your} {smartphone|cell phone|mobile phone|phone|smart phone} , {we got| we’ve got|we have got|we have} your {videos|video clips} , {images|pictures|photos} , call {recordings|audio recordings} , {contacts|connections} , your {social|media|social network} {contacts|connections} , your {emails|e-mails} , your {address|home address|street address} {and even|as well as|and also} {videos|video clips} of your changing {dress|clothing|clothes} , {bathing|showering} etc
{I know|I understand|I’m sure|I am sure} its {quite|very|really|extremely} {disturbing|distressing|worrisome|distressful} for you {and you should|and you outh to|and you’ll|you’re going to be} be {wondering|questioning|asking yourself|thinking} what should you do ? {isnt|isn’t} it ?
{Relax|Loosen up|Take it easy|Chill out|Calm down} {take a deep breath|breathe deeply} , dont {panic|stress|freak out|be scared} {and read|and focus} {carefully|very carefully} now, {if you wish|if you want} these audio video recordings, {emails|e-mails}, {computer data|data|computer files},{Phone|Mobile phone|Cell phone|Cellphone|Mobile} data, {pictures|photos|images|photographs|pics} etc {and your|as well as your|including your|plus your|along with your|and also your} other secrets ({you can|you’ll be able to} guess it {very well|well|really well}) {to remain|to stay} {between|inbetween} {us|you and me}, {and do not|and don’t} want me to share it {with your|along with your|with all your} {loved ones|family members|relatives},{best friends|close friends|good friends|friends}, colleagues, or on {mainstream|popular|well known|well-known} {websites|web sites|web-sites} like {Facebook|Fb}, Reddit, Xvideos, Pornhub {and others|as well as others|and many others} , {there is|there’s a} simple {way out|way to avoid it|way to avoid}.
{Simply|Simply just} pay {500$|550$|600$} {worth of|amount of} bitcoin to my bitcoin wallet address, {in my opinion|I think|I believe|I really believe|if you ask me|I do believe|from my opinion|I do think|there’s no doubt that|I feel|to my opinion} its really fair and low amount to {keeping your|maintaining your} little secret. ({if you do not|if you don’t} know this, search “how {to buy|to purchase} bitcoin” {in Google|search engines like google.})
{BTC|Bitcoin} Address: #WAL#
({It is|It’s} case sensitive, so copy and paste it)
{Important|Very important):
{You have|You’ve|You’ve got} {one day|few days|3 days|5 days|1 day|some days} {in order to make|to make} the payment. ({I’ve|I have} a {unique|special|completely unique} pixel {in this|within this} {e mail|e-mail}, and at this moment {I know|I am aware} {that you have|you have|that you’ve} {read through|read} this email message). If I {do not get|don’t get} the BitCoins, I will certainly {send out|send} your {video recording|videos} to all of your contacts including {relatives|family members|family}, {coworkers|colleagues|co-workers}, {and so on|and so forth}. Having said that, if I {receive the|get the} payment, I’ll destroy {the video|the recording} immediately. {If you need|If you want|If you’d like} evidence, reply with “Yes!” {and I will|and I’ll} {certainly|definitely|undoubtedly} {send out|send mail out} your {video recording|videos} to your {2|3|5|6} contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by {responding to|answering} this message.

Most of these messages come from various botnets which are, basically, compromised individual accounts controlled by the spammers. There have been reports of messages coming from compromised servers deliberately used for such purposes – scam, blackmailing and spreading malware.

Regarding the passwords which are quoted in these “sextortion” attempts

There is a high possibility that your password has been obtained from some of the leaked databases around the web. There are many cases of data breaches and leaked information, such as usernames and passwords. Such cases include big names like Adobe which were hacked in October 2013 and 153 million accounts were breached. In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Dropbox has also underwent through a data breach in 2012 and more than 60 million accounts were subsequently traded online.

You can see a list of such data breaches at https://vigilante.pw/ and also check if your email address has been used for some compromised services at: https://haveibeenpwned.com/.

What you need to do when you receive such blackmail scam:

As a precaution, we recommend that you change your mailbox password. Since the same password might have been used at some compromised website, using it for another service is a security problem.

Re-using your passwords for multiple services should be avoided. Every single password you have should be unique. Using a password manager is also a good choice. Some of them provide even a feature to create an encrypted backup of your locally saved passwords.

Do not send any money to the hacker. Simply ignore and delete the message. You can also inform your colleagues to do the same if they receive such a scam message.

Our anti-spam mechanisms are ready to block such messages. SpamAssassin is one of the most effective pieces of software used to fight spam. This tool uses Bayesian classifier too, which means that it is self-learning. It learns from your incoming mail, and it’s tailored to your unique email flow. Once it starts its machine learning from incoming spam keywords and patterns, it will improve over time and filter spam more efficiently.

More information about it is available at:
https://tickets.suresupport.com/faq/article-1090/en/spamassassin_2

Sometimes, this message comes from your own domain or even your own mailbox which is even more frustrating. Having an SPF record will greatly reduce the deliverability of such spoofed messages. With this protection, only our server will be listed as an allowed sender for your domain. Adding DKIM protection is also strongly recommended. Basically, with DKIM protection enabled, a digital signature is added to the header of each outgoing message, validating it that it’s legitimate and was indeed sent by you.

If your domain name is using our nameservers, both SPF and DKIM can be easily enabled via the DNS Manager section of our Control Panel.

You can report these blackmailing attempts to the following authorities:

Update (February 10th, 2019)

As you may’ve already noticed, these blackmail messages are still coming with slight variations in the content. We want to remind that you should not send any money to these people or even reply to these messages.

In general, most of these messages get blocked before even reaching your mailbox, thanks to the advanced anti-spam mechanisms which are included in all of our hosting plans – SpamAssassin and Spamdyke. However, if you do receive such a message and you are worried about it, you can always contact us for assistance.

Note that there is a new variation of this message which includes a QR code and images in the bitcoin address in order to avoid anti-spam filters:

Here are some of the most recent copies of this blackmail scam:

You may not know me and you are probably wondering why you are getting this e mail, right?
I’m a hacker who cracked your email and devices a few months ago.
Do not try to contact me or find me, it is impossible, since I sent you an email from YOUR hacked account.
I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean).
While you were watching videos, your internet browser started out functioning as a RDP (Remote Control) having a keylogger which gave me accessibility to your screen and web cam.
After that, my software program obtained all information.
You entered a passwords on the websites you visited, and I intercepted it.
Of course you can will change it, or already changed it.
But it doesn’t matter, my malware updated it every time.
What did I do?
I backuped device. All files and contacts.
I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.
exactly what should you do?
Well, in my opinion, $1000 (USD) is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
My Bitcoin wallet Address:
19p63VSjmRLPNP34ASWPEixUDYhvGQxTFK
(It is cAsE sensitive, so copy and paste it)

Important:
You have 48 hour in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message).
To track the reading of a message and the actions in it, I use the facebook pixel.
Thanks to them. (Everything that is used for the authorities can help us.) If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on.
Hello!
As you may have noticed, I sent you an email from your account.
This means that I have full access to your account.
I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence.
Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this,
transfer the amount of $733 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: 11wQFVQ65DdfzWXqup3JdY7prFazMbXjc
After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.
Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.
If I find that you have shared this message with someone else, the video will be immediately distributed.


Author