.jpg)
A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer's webcam. The attackers then demand $1,900 in bitcoins or the video will be sent to family and friends.
BleepingComputer has been reporting on these scams since the summer of 2018 when they started to be sent by scammers.
While many would disregard these emails, some have been so concerned that a video would leak that they sent payments to the scammers. In the first week that these extortion emails began to be sent out, concerned recipients sent over $50,000 in bitcoin to the attackers.
Since then, threat actors have created different types of email extortion scams including one that pretends to be hitman contracts, bomb threats, CIA investigations, threats of installing ransomware, and just recently, threats to infect your family with the Coronavirus.
Today's campaign revisits old campaign
In today's email extortion campaign, the attackers have gone back to basics and have started emailing people stating that their computers were hacked, a video was taken using their webcam, and that they know their passwords.
The listed passwords are in many cases actual passwords used by the recipient in the past, but the attacker does not know them by hacking your account, but rather through leaked data breaches shared online.
Due to today's campaign, BleepingComputer began to receive numerous emails from recipients where they shared samples of the extortion emails being sent.
These emails are very similar to our original article regarding these scams and below you can see one of the extortion emails that was sent to us today from a reader.
The text of these emails can be read below.
I know, xxx, is your password. You don't know me and you're thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you've got a fine taste haha), and next part recorded your webcam (Yep! It's you doing nasty things!).
What should you do?
Well, I believe, $1900 is a fair price for our little secret. You'll make the payment via Bitcoin to the below address (if you don't know this, search "how to buy bitcoin" in Google).
BTC Address:
bc1qzl2qlywq8fzfm49e7mvsuz4yvpdwpzfqs5g85r
(It is cAsE sensitive, so copy and paste it)
Important:
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don't get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with "Yes!" and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don't waste my time and yours by replying to this email.
Some of the bitcoin addresses shared with BleepingComputer from this campaign include:
bc1q3h9lq7z4uke8q8uslx5rlr2xq0xgnu37zt8ywn
bc1qzl2qlywq8fzfm49e7mvsuz4yvpdwpzfqs5g85r
bc1qflasaggvrat2kavt5ygy043k9p5rjwr9kkql03
bc1qzl2qlywq8fzfm49e7mvsuz4yvpdwpzfqs5g85r
bc1qpq0ptyh6cwzksu0mkmg4t5xkhvp9q4vfgh4gyq
bc1qehk8rsppsqtwh7hvmmgdz4rnkydtdsx8pqdwjw
Everyone needs to know that these emails are fake, scams, and nothing to worry about.
As scary as they may seem, especially if they are including passwords you currently use or have used in the past, recipients should not send any payments to the scammers.
If the passwords listed are in use or familiar, you should automatically change them at any site that they are being used.
Otherwise, simply read the email, get a quick chuckle out of it, junk it, and carry on with your day!
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Comments
buddy215 - 5 years ago
I got that email yesterday. The first for me. The password it claimed I used was a long series of numbers. I have never used such a password. Nor do I have a camera on any of my monitors.
I marked it as phishing so my email provider will block it if ever sent again from the same sender. Good for a chuckle. It was sent to one of my proxies. I knew one of the sites I used it on had been compromised. One of only two sites the email address was used.
tonino32 - 5 years ago
I received an email with this scam today in the morning (it was almost the same email mentioned above in the article, only a few words in the beginning of the email were different), it mentioned a password I use on a lot of sites and social networks. I got scared at first but I am reliefed now that there is no way they recorded me. Apparently they got my password because I entered it in a surveymonkey survey yesterday. It was stupid, I know. Usually I am careful about this, it was late at night and I wasn't paying much attention.
They demanded $3.900.
My question is if the guys that do this scam are known for doing something harmful with the password. I changed the password on all websites where I used it. Apparently they entered in my facebook account, because there is an entry 10 hours ago on FB that I don't recognise. Or maybe they just focus on getting your money through the original email scam and that's it? Thanks!
EmanuelJacobsson - 5 years ago
They most likely found it in a database breach, which happens quite often, if you changed it youre fine, and that facebook login was probably probably one of three things:
a huge coincidence
you use a weak password
you dontt have two factor authentication.
illerterateca - 5 years ago
I got this email last evening. I am SPOOKED. Are you sure it is fake, and my contact list hasn't been pic ed by the hacker? It could be INCREDIBLY embarrassing....
EmanuelJacobsson - 5 years ago
Think about it, they have a keylogger/RAT on your computer, the only thing they could blackmail you with was a single password, A SINGLE ONE, which they actually got from a database breach, which happens almost all the time.
Eszter - 5 years ago
I just received this email but luckily I have already heard about it from someone who has received it! I knew immediately that it was a scam!
The most concerning thing is that they have my actual password in the e-mail!
Really rather frustrating!
AZHead - 5 years ago
If these bitcoin addresses lead to actual people or bank accounts, can’t they be traced? (He asked naively).
Chris Cosgrove - 5 years ago
If any of these scam emails do contain passwords which you currently use then it would be a really, really good idea to change them - rapidly ! And, in an ideal world, nobody would use the same password for more than one account.
Chris Cosgrove
jc212 - 5 years ago
I received on 4-12-2020 bout 9:30 pm stating he had access to my operating system and account advising me of a video (split-screen) he made of me visiting a porn site and what I was doing as well. He provided a bitcoin address to forward payment of $500. or he'd post it on social media /send to all my contacts and I had 2 days (50 hrs) to comply. Then advise me his bitcoin address & email were untraceable as he doesn't make mistakes. Also, there was a timer attached to the email assuring he would know when I read it ...well I forwarded it spam@uce.gov.
et70 - 5 years ago
I received exactly the same one. I’m at fifty two hours and all is good.
jc212 - 5 years ago
Replying to et70, thanks for the reassure
yoloseatfre - 5 years ago
I got a similar email - the wording is very different asking around two thousand dollars. They say my twitter, facebook connections - randomly 10 people.
The person wants my attention for next 24 hrs. Asking to send money by bitcoin. Says I have an incredibly weird preference.
yoloseatfre - 5 years ago
https://www.bitcoinabuse.com/reports - report the addresses here - check if others have put the same addresses. The fight back has to be croudsourced.
cherry-coke - 5 years ago
Hi, guys...!
I'd like to share an email that I received last Saturday (11/04/20) at 15:33 pm. I got really scared, worried and anxious. That s**t really messed up with my mental health. So, I don't have to be worried about this email anymore RIGHT? Just wanna carry on with my life lol
There it is:
"Leτs geτ dιrecτly το ροιητ. (XXXXXXXX) οηe οf yοur ραssρhrαse. Nοτ α sιηgle ρersοη hαs ραιd me το ιηνesτιgατe αbοuτ yοu. Yοu mαy ηοτ κηοw me αηd yοu're ρrοbαbly wοηderιηg why yοu're geττιηg τhιs e mαιl?
Ι αcτuαlly ρlαced α mαlwαre οη τhe 18+ νιdeοs (ροrηοgrαρhιc mατerιαl) sιτe αηd guess whατ, yοu νιsιτed τhιs web sιτe το exρerιeηce fuη (yοu κηοw whατ Ι meαη). Wheη yοu were νιewιηg νιdeοs, yοur ιητerηeτ brοwser begαη fuηcτιοηιηg αs α Remοτe cοητrοl Desκτορ wιτh α κey lοgger whιch ρrονιded me wιτh αccess το yοur dιsρlαy screeη αηd web cαmerα. Jusτ αfτer τhατ, my sοfτwαre οbταιηed αll yοur cοηταcτs frοm yοur Messeηger, Fαcebοοκ, αηd e-mαιl . Afτer τhατ Ι mαde α dοuble νιdeο. 1sτ ραrτ dιsρlαys τhe νιdeο yοu were wατchιηg (yοu hανe α gοοd ταsτe : )), αηd secοηd ραrτ shοws τhe νιew οf yοur cαm, yeα ιτ ιs yοu.
Yοu geτ 2 sοluτιοηs. Leτs checκ οuτ τhese ροssιbιlιτιes ιη deταιls:
Very fιrsτ ορτιοη ιs το dιsmιss τhιs emαιl. Ιη τhιs sceηαrιο, Ι wιll seηd yοur νery οwη νιdeο recοrdιηg το eνery οηe οf yοur cοηταcτs αηd τheη yοu cαη eαsιly ιmαgιηe regαrdιηg τhe αwκwαrdηess yοu cαη geτ. Aηd lικewιse ιf yοu hαρρeη το be ιη αη ιητιmατe relατιοηshιρ, jusτ hοw ιτ wοuld αffecτ?
Lαττer ορτιοη wιll be το ραy me $ 1900. We αre gοιηg το regαrd ιτ αs α dοηατιοη. Ιη τhιs cαse, Ι mοsτ cerταιηly wιll ιmmedιατely dιscαrd yοur νιdeο fοοταge. Yοu cοuld κeeρ gοιηg οη dαιly lιfe lικe τhιs ηeνer οccurred αηd yοu wιll ηοτ heαr bαcκ αgαιη frοm me.
Yοu'll mακe τhe ραymeητ τhrοugh βιτcοιη (ιf yοu dοη'τ κηοw τhιs, seαrch fοr "hοw το buy bιτcοιη" ιη Gοοgle).
βTC Address το seηd το: 1Bzn13QECa3RdgzwmGTbzcaTwzCWVNKkcR
[cαse SENSΙTΙVEsο cορy αηd ραsτe ιτ]
Ιη cαse yοu αre curιοus αbοuτ gοιηg το τhe cορs, gοοd, τhιs emαιl cαη ηοτ be τrαced bαcκ το me. Ι hανe τακeη cαre οf my sτeρs. Ι αm jusτ ηοτ τryιηg το chαrge α fee α huge αmοuητ, Ι jusτ wαητ το be rewαrded. Ι hανe α sρecιfιc ριxel ιη τhιs e-mαιl, αηd rιghτ ηοw Ι κηοw τhατ yοu hανe reαd τhιs e-mαιl. Yοu hανe οηe dαy το mακe τhe ραymeητ. Ιf Ι dοη'τ receινe τhe ΒιτCοιηs, Ι defιηιτely wιll seηd οuτ yοur νιdeο recοrdιηg το αll οf yοur cοηταcτs ιηcludιηg members οf yοur fαmιly, cοwοrκers, eτc. Hοweνer, ιf Ι receινe τhe ραymeητ, Ι'll erαse τhe recοrdιηg ιmmιdιατely. Ιf yοu reαlly wαητ eνιdeηce, reρly Yuρ! αηd Ι wιll seηd οuτ yοur νιdeο το yοur 5 frιeηds. Ιτ ιs α ηοη:ηegοτιαble οffer sο ρleαse dοη'τ wαsτe mιηe τιme & yοurs by resροηdιηg το τhιs e mαιl."
jc212 - 5 years ago
Replying to cherry-coke, I'm angry someone's preying and trying to extort others considering the current circumstances going on. I was concerned until I began researching and after et70 confirmed there wasn't any clap-back from it, I felt better. Personally, my thoughts someone thinking people are desperate and not thinking that who has money to send anyways. Then to add insult to all this i.e. timer when email was read, notifying authorities and replying to the email (in your case) all I can say lets not be gullible
GeorgiePorgie2254 - 5 years ago
Had an email similar however they have tried accessing the majority of my apps so have changed all of my passwords, reported the bitcoin code thing and someone else has also reported it.. do I have nothing to worry about with this email??
Annie09 - 5 years ago
I received one of these emails last night. It was quite concerning as they used one of my passwords in the email subject. I’ve changed all my passwords to social media today but it’s good to know it’s a scam! Some awful people out there to try and scam people out of money at times like this. Hope people don’t fall for it, it seems like they’ve been doing it for a while as when I googled it I found articles on it from 2018.
MissPiggy - 5 years ago
I received the first one Friday last week, basically identical to the one in this article. Sent it to spam. Then last night I get another one, different wording this time.. saying they have been watching me for 117 days and to pay up or I'll never be able to look my friends n family in the eye again, saying they know all about me and have my facebook contacts and also mobile phone contacts and the video will be sent and not to mess with them.. haha !! They titled the email up with the same password as last friday. This password was breached via Netflix last month and a hacker had actually set up a profile on my netflix a/c, this was resolved Hacker booted off and password changed. The same password I also had for BT, I went into change it yesterday and it said your password has been breached so please change it, which I have. On the safe side I have also changed my fbook password even though not connected to this breached password, however under settings in fbook happened to notice that login attempts have been successful in all different places around the UK, using my fbook password, since 2019.... scary hey.... appears nothing is ours nowadays and our passwords appear to be out there for these scammers to see..!!
Just thought I would post this, to let you know the second email received was different, they wanted $2000 bitcoin and 24 hours to pay. They wanted $1900 last email, just some of the wording and how they put the threat across was different this time. Morons !!
MissPiggy - 5 years ago
Here you go, here is the one from last night on my Spam now and deleted....it came from the lovely Gaynor Garcia using an outlook a/c.... the last one was from a Marcia also using an outlook a/c...... what nasty people they are, doing this and poor vulnerable people may cave in and send the bitcoin !! Looked and apparently loads of cases have been reported to the police over the last few days...
I do know, ********** is your password.
I need your total attention for the the next Twenty-four hrs, or I will certainly make sure you that you live out of embarrassment for the rest of your life span.
Hello, you don't know me. Yet I know a lot of things concerning you. Your personal facebook contact list, mobile phone contacts and all the online activity in your computer from past 117 days.
Including, your self pleasure video clips, which brings me to the primary motive why I am writing this specific e mail to you.
Well the last time you went to see the porno websites, my malware was activated in your computer system which ended up saving a beautiful video footage of your masturbation play by activating your web cam.
(you got a really strange taste by the way lmao)
I have the full recording. Just in case you feel I 'm fooling around, just reply proof and I will be forwarding the recording randomly to 5 people you know.
It might be your friends, co workers, boss, parents (I'm not sure! My system will randomly choose the contacts).
Would you be capable to look into anyone's eyes again after it? I question that...
However, it doesn't have to be that route.
I want to make you a 1 time, no negotiable offer.
Buy $ 2000 in bitcoin and send them to the below address:
bc1***q6ten46rjjp4rdwvmwxgtnm8wrwj9s5v65l7gca
[case SENSITIVE so copy & paste it, and remove *** from it]
(If you don't know how, lookup how to purchase bitcoin. Do not waste my valuable time)
If you send this particular 'donation' (we will call it that?). After that, I will disappear and never ever make contact with you again. I will get rid of everything I have about you. You may proceed living your current normal day to day life with no fear.
You have 24 hours in order to do so. Your time will begin as quickly you read through this e mail. I have got an unique code that will notify me once you see this e mail therefore do not try to act smart.
MissPiggy - 5 years ago
just reported it to bitcoin abuse site and there are literally loads of reports being added every minute with various bitcoin refs.... apparently has come up twice the particular bitcoin ref sent to me..
Address bc1q6ten46rjjp4rdwvmwxgtnm8wrwj9s5v65l7gca
Report Count 2
Latest Report Thu, 16 Apr 20 11:09:44 +0000
(1 second ago)
Total Bitcoin Received 0 BTC
No. Transactions Received 0
et70 - 5 years ago
Got another one. Slightly different. Just sticking here so people can see the wording. My first one was last Saturday with obviously no issues sent to anyone.
2Hi3!8
9I5will6be4direct.1You7watch4adult8content7often,6and5I2caught1you1masturbating.1We1all5do8it8from6time3to5time.7
4How5I9did6this?4Your4router2was8vulnerable.8
3I9was7able5to7inject8some2code3into3the1firmware,3and4every7device2connected7on5the1network,7including3phones,7was8compromised.5
9Then7I1set5every5device5available1to6record9with3the3camera1only6when6you1watch8adult4content.8
1I1also3got6your7contact2lists,6phone8numbers,8emails,9social5media4contacts,8and7here9is2the4deal.3
4If6you2don`t3pay5me27005dollars3worth2in1BTC,1I6will5send5your9masturbation9video8and9search9history7to6all3your5contacts.9
8Amount:10.16BTC2(approximately)3
9BTC8Account:
1KqWms9Pcwxt5CwN7wBMsX7hNb7Bs6MHRA
7Quick2tip!1You8can1buy5BTC8from7Coinbase1,6Paxful1etc.5Use9Google9to8find3it.4
9In1case5you2wonder7why5your7antiviruses5were6not2triggered8is9because5my7code7is6not6set6to1steal4passwords,1
2PIN8codes,2and5other5sensitive9details.5
6The5only6function2is6to5record7with7the5cameras(in1silent8mode)3and4grab6the4contacts.5
7I3know8that8you9have1that5amount6of6money8that2is7requested.7
2You6have5723hours4(39days)4to1send5the1payment.1
4When2coins9are6submitted,2the3video4with5you8doing...6you1know6what7will5be8destroyed,6and1you1will1never9hear1from3me.6
1
5Next8time1you4cover1your9cameras,6somebody1may4watch9it!9
MissPiggy - 5 years ago
hi, they are being reported every second on the Bitcoin Abuse Database, every second....you need to report it on https://www.bitcoinabuse.com/reports/create you can also view all the other reports going up non stop..!
bobmcbob1 - 5 years ago
Hi, i got a very similar email last night, the fact they knew "my password" did freak the life out of me, but i haven't used that password for a few years, i still use it for non critical stuff, been trying to think if what they are but they're so mundane i can't think of them! anyhoos, scared the life out of me but good to read the comments on here, i'll post again tomorrow to say nothing has happened to put peoples minds at rest as since i had mine, 2 friends have also had similar emails, it's a stinking virus that's for sure! Bob
cherry-coke - 5 years ago
Hi, Peeps!
It's been 5 days since I received the "sextortion email". The guy who sent it gave me 24 hours to make the bitcoin deposit in his account ( which I obviously didn't!) and nothing happened so far. (Thank's god! )
I reported the bitcoin account at bitcoinabuse.com and there were 2 formers reports in the site for the same reason: sextortion.
Ps: I didn't receive other email so far and I hope it won't happen (Fingers crossed!)
buddy215 - 5 years ago
I've gotten three of these emails from three different people. You shouldn't panic or do anything other than mark as junk. Don't even bother opening them. As others have plainly said....all they have is a password you used or may have used on a website that was hacked.
MisterJC - 5 years ago
Hello, I received the same exact email as MissPiggy today, i reported it to bitcoin and one other person had reported it as well. They said my webcam was used however I do not have a webcam on my desktop.