A few weeks ago a friend of mine contacted me about a concerning email one of their friends had received. The email claimed that a hacker had hijacked their computer, gathered some embarrassing and compromising video of them from their webcam, and threatened to share it with their friends if they didn’t send $1900 USD in Bitcoin. The email also shared one of the victim’s real (but old) passwords to make the email and hack claim seem more legitimate. Though some of the allegations in the email didn’t check out with this victim, it was convincing enough to concern and anger them. Watch today’s video to learn more about these sorts of sextortion scam spams, and why you don’t really have to worry about the false claims in the scam.
Episode Runtime: 4:31
Direct YouTube Link: https://www.youtube.com/watch?v=-wPw55kEgPU
EPISODE REFERENCES:
- Great Reddit post covering all these sextortion scams – Reddit
- Article on stolen password blackmail emails – Tech Dirt
- Krebs covers the sextortion spam – Krebs on Security
- An example of on Sextortion blackmail email:
From: Apostolos Lyng <[email protected]>
To: Anonymous Victim <mindyourownbiz.co>Subject: Victim – [A REAL PASSWORD],
Date: Tue, 10 Jul 2018It seems that, [A REAL PASSWORD], is your pass word. You may not know me and you’re probably wondering why you are getting this email, right?
Well, I actually setup a malware on the adult video clips (sexually graphic) web-site and do you know what, you visited this site to have fun (you know what I mean). While you were watching video clips, your internet browser started operating as a RDP (Remote control Desktop) with a keylogger which gave me access to your screen and cam. Right after that, my software program gathered your entire contacts from your Messenger, Facebook, and email.
What exactly did I do?
I made a double-screen video. First part displays the video you were watching (you’ve got a nice taste lmao), and next part shows the recording of your webcam.
What should you do?
Well, I believe, $1900 is a fair price tag for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
BTC Address: 1JHwenDp9A98XdjfYkHKyiE3R99Q72K9X4 (It is cAsE sensitive, so copy and paste it)
Note:
You have one day to make the payment. (I have a specific pixel in this email message, and at this moment I know that you have read this e mail). If I don’t receive the BitCoins, I will, no doubt send your video to all of your
contacts including friends and family, coworkers, and so forth. However, if I do get paid, I will erase the video immidiately. If you need evidence, reply with “Yes!” and I will send your video to your 7 contacts. It is a
non-negotiable offer, therefore don’t waste my personal time and yours by replying to this message.
—Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply