There’s a new sextortion scam making the rounds, where the scammer sends a chilling email with one of the recipients usernames and passwords.
The sex-extortion (or “sextortion”) threat involves a supposed video filmed from the recipient’s own computer while they were watching porn, which will be released in tandem with a video of the porn being watched. Exposure can be avoided, the scammer kindly continues, by making a bitcoin payment ranging from $1,900 to $3,900 to sky’s-the-limit.
The scammer promises (in a ironic display of ethics) to delete that video if the funds are received within 24 hours.
By one account, the scammers are using passwords and username combinations that are over ten years old.
What should you do if you receive such an email?
- Do not pay!
- Go under the hood and get the envelope information from the email.
- Forward both the email and the under-the-hood information to your local RCMP.
- Protect yourself by:
- Immediately changing your passwords
- Never re-using that same username/password combination
- Never re-using passwords
- Changing you passwords frequently (see Resources for a way to do this using Keepass)
- Cover or turn off built-in computer(s) camera
- Never open unrequested email attachments, especial .zip files
- Back-up important computer files on a separate drive
We repeat: Do not pay! The scammer is both extorting you and simultaneous promising to be diligently ethical and deleting the alleged video once you pay. If you pay, you are in fact confirming that they have successfully leveraged a threat over you, and that you will pay whatever you are asked. This opens you up to even more extortion whenever they are in need (or want) of money.
Following is an example of the email.
Subject: [username-redacted] - [password-redacted] I know, [redacted], is your password. You don't know me and you're thinking why you received this e mail, right? Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account. What exactly did I do? I made a split-screen video. First part recorded the video you were viewing (you've got a fine taste haha), and next part recorded your webcam (Yep! It's you doing nasty things!). What should you do? Well, I believe, $1900 is a fair price for our little secret. You'll make the payment via Bitcoin to the below address (if you don't know this, search "how to buy bitcoin" in Google). BTC Address: 19VJjCjq4pxP7mh71gN1HJaxf83qWv
BJTk (It is cAsE sensitive, so copy and paste it) Important: You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don't get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with "Yes!" and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don't waste my time and yours by replying to this email
- Sextortion Scam Uses Recipient’s Hacked Passwords
- How to Find Out Server Information for an Email Address
- Keepass, an open source lightweight password program
- Other types of sextortion scams – RCMP files
- Sooke RCMP can be reached at 250-642-5241
- Scam: SIN scammers impersonate VicPD Officer
- Millennials account for half of all scam victims, Vancouver police launch NanaSays
- Are you one of the 101 million email accounts compromised via Ebrite, in a 2013 breach identified in 2019?
- BCSC wins in U.S. court to enforce order against fraudster
- Better Business Bureau’s top 10 scams of 2018
- Online dating – know what you’re signing up for
- Cyber fraud affecting businesses in the West Shore
- BC Hydro warns customers about scams after record number of attempts to defraud in 2018
- Crackdown in Mumbai has big impact on CRA tax scam
- Public warning as email-based “sextortion” scams reported
- Pornography scam uses your username and password information to extort bitcoin payment
- Emergency scam with a concerning variation
- New scam strikes with a new slick twist
- RCMP issue reminder that “gifting clouds,” aka pyramid schemes, are illegal
- Business directories: Double-check before writing them a cheque
- Scammers are at it again, this time threatening legal action
- A special prize just for you? Don’t be fooled into believing you are a sweepstakes winner
- March is Fraud Prevention Month: Here are some safety tips
- Fraud awareness: Merchants beware of counterfeit credit cards
- CRA scam prompts warning from detectives
- Don’t fill their wallets with gift cards
- Sooke RCMP issue CRA phone scam alert
- ICBC warning customers of text message scam
- No the CRA won’t tell you to e-Transfer Bitcoin or pay in iTunes cards
- Business e-mail compromise scam prompts warning
- Compromised image extortion trend leads to police warning
- LETTER: Scammed Sooke senior shares this randsomware story
- Envelope theft: Protecting yourself on your special day
- SCAM Reminder: CRA does not do transactions with links!
- Know your customer; Or, Don’t send speeding scam to RCMP