Well, that made me look twice. A would-be sextortion scammer led his email to me with my password. I confess, my tummy did perform a little flip-flop.
Sextortion is an online fraud where someone tries to blackmail you for some kind of sexual activity. The one I received is purely a scam. There was only one piece of information in the thing that related to me. And that was that password.
The Sextortion letter in full is at the bottom of this article.
Anyone who Google’s any phrase in it will find it is a lie, a scam. If you’ve received such an email, you should be safe. With elementary precautions, you will be safe.
The letter says that the writer had set up malware on an (unnamed) adult website. Further he had installed a keylogger on my computer. From there, he says, he gained access to my password, contacts and webcam. And he used the latter to record me “doing inappropriate things” while watching porn.
I must say, I feel very weird writing that stuff.
To avoid him sending the “video recording to your contacts including family members, co-workers, and so forth”, all I have to do is pay him $1,950 in Bitcoin.
Why is sextortion scary?
The reasons this attempt at sextortion was scary are:
- It leads with a real password. It’s not one that I have used for years, but it is one that I have used in the past. Inevitably there’s a “someone’s spying on me” feeling.
- It is much better written than the typical Nigerian Prince email. It seems almost personal. And of course, it’s menacing.
- It was somewhat persistent. A couple of days ago a similar one got caught up in my spam filter. I zapped it without thinking, so I’m not sure if this is from the same sender. I seem to recall that the earlier one wanted more than $3,000.
- Yes, the password is real, but it’s an old one. There have been many large-scale data leaks over the years. Stolen email/password lists are widely available in the darker corners of the internet. That password was one I only used for sites I considered trivial. Had someone been logging the keystrokes on my computer, they may have grabbed, oh I don’t know, perhaps the password to my bank accounts. Just maybe?
- How personal was it? The only fact it specified was the password. Nothing else. It relies on that one scare, a guilty conscience and fear of secrets leaking. I don’t have either of the latter.
- Hell, I might get another dozen or hundred of them. So? Bulk email is cheap, verging on free. When I’ve finished writing this article, I shall block the sender and report it as a “Phishing” email. (Yes, technically it isn’t, but that’s closer than the other option, which is “Spam”).
What to do?
If you get one of these, report it to the Australian Cybercrime Online Reporting Network (ACORN). I just did that, and it took less than five minutes. Then “Spam” or “Phish” it if your email client provides that capability. I’d say that you should then delete the email, except that ACORN wants you to keep it. So move it to a new folder called “Phishing”.
And stop worrying.
Unless you’re still using that password. Then change that password wherever you’re using it, and think about your password habits.
One further thing. If you do have a guilty conscience and are worried about the disclosure of your secrets … still, don’t pay! If you do, the scammer will know he has a live one with real secrets, and will just ask your for more, and more, and more.
I won’t give the name or email address of the sender. The former would be fake, and there’s probably some innocent soul in the world who does go by that name.
I will directly come to the point. I’m aware [password redacted] is your password. Moreover, I know your secret and I have evidence of it. You don’t know me personally and nobody employed me to look into you.
It’s just your hard luck that I discovered your bad deeds. Actually, I actually setup a malware on the adult video clips (sex sites) and you visited this web site to have fun (you know what I mean). When you were busy watching videos, your internet browser started out working as a Rdp (Remote desktop) that has a key logger which gave me access to your display screen and also web cam. Right after that, my software obtained all your contacts from your social networks, as well as mailbox.
Next, I put in more time than I should have looking into your life and made a double screen video. 1st part shows the video you had been viewing and second part shows the video from your web cam (its you doing inappropriate things).
Honestly, I am willing to forget details about you and allow you to get on with your regular life.
And I am going to provide you 2 options which will make it happen. Those two choices are to either ignore this letter, or simply just pay me $1950. Let’s explore those 2 options in more detail.
First Option is to ignore this email. Let us see what will happen if you choose this path. I definitely will send your video recording to your contacts including family members, co-workers, and so forth. It will not save you from the humiliation your family will feel when friends find out your dirty details from me.
Other Option is to pay me $1950. We will name it my “confidentiality charges”. Now let me tell you what happens if you opt this option. Your secret will remain your secret. I’ll destroy the recording immediately. You keep your life as though nothing like this ever happened.
Now you must be thinking, “I should call the cops”.
Let me tell you, I have covered my steps to make sure that this message can’t be tracked time for me and yes it will not prevent the evidence from destroying your lifetime. I am not seeking to break your bank. I just want to be compensated for my efforts I place into investigating you. Let’s assume you have decided to generate pretty much everything disappear completely and pay me my confidentiality fee. You will make the payment through Bitcoin (if you do not know this, type “how to buy bitcoins” on google search)
Required Amount: $1950
Send To This Bitcoin Address: 1EtBCW1RZLp*Xzc6Ph7qkwJr2pdMmnFYySy (Remove * from this address and note it carefully)
Tell no person what you would be using the Bitcoins for or they might not offer it to you. The procedure to acquire bitcoin can take a few days so do not procrastinate.
I have a special pixel in this email message, and right now I know that you’ve read this message. You have one day in order to make the payment. If I do not get the Bitcoin, I will definitely send out your video to all your contacts including members of your family, coworkers, and many others. You better come up with an excuse for friends and family before they find out. However, if I receive the payment, I’ll destroy the proof and all other proofs immediately. It’s a non negotiable offer, so do not waste my time and yours. Your time has started. You should be aware that my software will still be sharing the actions you’re taking when you’re done reading this letter. Let me assure you that If you try to act smart then I will share your video to your close relatives, colleagues even before your deadline.