Do you remember that scary sextortion scheme that’s been going around? It’s an email that claims that someone has installed malware onto a porn site (yet again!) that you have visited and with some unknown “software magic,” they have video evidence of your “private” moments.”
It’s just another good old blackmail/online extortion scheme that tries to scare you into ponying up your hard-earned cash to these cyber scammers. It’s pretty far-fetched but people are actually getting duped.
New variations to this “sextortion” scam are constantly being added to make it more convincing. Your email addresses, old passwords, your name – but don’t be fooled! They’re just ways for these scammers to scare you into giving in to their demands.
Now, it looks like they added another weapon in their sextortion arsenal.
Don’t be their next victim. Read on and learn how to spot this scam from a mile away.
Now, they have phone numbers
A new twist in this popular sextortion email scam is starting to spread around.
Now, it looks like aside from names, email addresses, and old passwords, the scammers have acquired a list of phone numbers associated with email addresses.
So included with the message is a phone number, which the scammers think might be yours. Again, don’t be alarmed! It’s just another ploy to pressure you into paying up.
According to the Naked Security, most of the phone numbers they have spotted so far have a North American format, with five digits crossed out (for example, +1-555-xxx-xx55). Other would-be victims are also reporting U.K.-style phone number formats with the last four digits crossed out.
Based on their recent samples, Naked Security also revealed that amounts these blackmailers are demanding ranges from $100 to $1,000.
How come they have your name, old passwords and phone numbers?
So how did these scammers manage to get your information?
Well, with the number of data breaches that are seemingly occurring every day, your email address, real name and even your old passwords are not that hard to acquire. These databases are typically available for sale on the Dark Web and even on public file sharing sites.
Even if you do get a threatening email addressed to your name or with your old password and phone number attached, please don’t fall for it!
Can you tell that this is fake?
Different variations, same scam
The scam emails have varying content but they all share these common characteristics:
- The subject line may have your real name, an old password you have used before or even your phone number
- The attackers claim that they placed malware on a porn site that you visited
- With that malware, they were able to access your webcam and record you while you’re on the porn website
- The attackers will send the video to your friends unless you pay them a specific bitcoin amount
So another variation of the extortion email goes like this:
Subject: I’m aware that <XXXXXX> is your phone number
It seems that, +1-555-xxx-xx55, is your phone number. You may not know me and you are probably wondering why you are getting this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, in my opinion, (Bitcoin amount varies) is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
BTC Address: XXXXXXX
(It is cAsE sensitive, so copy and paste it)
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid (after payment, send an email to XXXXXX@XXXXXX), I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
Just another extortion scam
As you can see in the email, the sender claims to have put malware onto a porn site (yet again!) that the recipient visited and with some unknown “software magic,” turned her web browser into the ultimate spying tool!
It’s scary, for sure, but from the looks of this email, this is just another variation of the popular extortion scam that’s going around these days.
If you receive an email of this sort, don’t be intimidated by big hacker terms like “RDP” or “keylogger;” it’s just another way for these scammers to bully you into believing that they are what they claim to be.
So what are the tell-tale signs in this particular message that proves that it is nothing more than an extortion scam?
First, although the scammer has your personal information, the attackers do not really have your browsing activity, the porn website nor any actual proof of the “video evidence.”
Second, the scammer is offering “evidence” of the recording by sending the video to five of your friends. As you would suspect, this offer is simply just another scam in itself and it actually discourages you from asking for the proof in the first place.
If it’s real, the blackmailer will at least send you concrete proof of the video such as a short clip, a screenshot, or heck, even the whole video itself.
Third, it’s full of blatant misinformation, technical errors and urgent threats that force you to act quickly.
And like so many other scams out there, these emails are so full of grammatical and spelling errors that it’s hard to take them seriously. (Most of the time, they read like someone ran them through a terrible version of Google Translate.)
Don’t pay the ransom!
If you receive any threatening emails of this sort, please don’t give in by paying the bitcoin ransom!
A quick web search reveals that this extortion scam is getting popular lately. There may be variations in the words and the ransom amount but the M.O. is still the same – they claim to have video proof of your porn website excursions and they will release the video if you don’t pay the bitcoin amount.
In the words of Admiral Ackbar, “IT’S A TRAP!”
But just in case…
Although this particular email threat is fake, remote access software, keyloggers and spying software are real.
In fact, webcam hacking is a real threat facing computer users every day. Believe me, you don’t want hackers taking over your webcam and watching your every move. That’s creepy!
If you want to be completely confident that your computer is free from spying malware, make sure you have some sort of anti-malware or anti-virus protection in place and do a deep scan.
There are free third-party anti-virus tools online that will aid you in checking and removing malware, spyware and virus infections. Malwarebytes, for instance, is a proven malware removal tool for both Macs and PCs.
Windows 10 also has a free malware detection and extraction program called the Microsoft Windows Malicious Software Removal Tool. Introduced way back in Windows Vista, this tool runs in the background, quietly scanning your system and will alert you if it detects any suspicious activity.
Some types of malware can be stealthy and persistent even after a scan, though. In this case, you can try troubleshooting your PC in Safe Mode or use a diagnostic boot CD or USB portable drive to track down any pesky viruses.
Have a question about email scams or anything tech-related? Kim has your answer! Tap or click here to send Kim a question, she may use it and answer it on her radio show.