Sextortion Emails: I got your Password Watching Adult videos, Scammer Asks for Bitcoin

sextortion emails with leaked passwords and non-existent compromising webcam video

I recently recieved "sextortion" emails where an attacker threatens to release a compromising webcam video of reciepient visiting adult-content websites to friends and family unless reciepient pays a bitcoin ransom. In such a situation of email phishing, the attacker sent the email with a subject-line of the leaked passwords to my email address meant to make reciepient to panic and pay off attacker.

Of course, receiving such an email creates panic and makes you wonder wether attacker indeed has made such video content or just bluffing. If you happen to recieve such emails, do not panic, its just scare emails that I simply ignored as Actionfraud advises. Lets take a closer look at the message within above sextortion email:

Analyzing sextortion email message:

Issue: attacker shocks reciepient with email subject-line of leaked/hacked password. Among so many questions in reciepient's mind is how the attacker got access to the password, and as thus making it very likely that the reciepient will believe the fake email message. It is important to keep up with latest attacker tactics by through acquiring new knowledge and skills.

Who pays: according to attacker, "no one has paid me to check on you", so the attacker expects reciepient to pay the attacker. Its smart not to pay attackers, as this affords them the resources to launch even bigger and more powerful attacks. 

 

Attacker (scare) tactics: 

"i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean).

When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam.
immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account.
after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you."

So attackers embed malicious code in content (text/videos) on adult/hacked/vulnerable websites as a trap to infect visitors computers with unupdated software on them, such as your browser or operating system. Once the attacker's malicious code is downloaded on your computer (often without your knowledge and permission), it opens a communication channel (RDP) giving the attacker access to the data on your machine. 

This is indeed a genuine attacker tactic thats actively exploited. A user can safegaurd against such an attack by continually updating the software on your computer when software updates become available as well as taking caution not to click on every link and/or opening attachments in emails you recieve.

The attacker's intention is to have access to business critical information, login information to your bank, online social media accounts, emails and cryptocurrency wallets. To achieve this, the attacker installs a "key logger", a stealth software to secretly record keyboard strokes and send them off to attacker. Keyloggers are so secret to the extent that when you suspect it to be on your system, best solution is backup your data and reinstall operating system.  

Attacker ask: "Best solution would be to pay me $5393. We are going to refer to it as a donation."

Attacker asking for hush-money donation to be paid via a bitcoin address is money i donot have. In all four emails, attacker demanded $5393, $7000, $1000 and $7000 to different bitcoin addresses 1L3QywWDGHWEbE4p3rJecoNuzF3444eX6P, 1JimQ6SVXN5Cxi2PK8N9gLjGDG4SPwGJdx, 1E2SJ4oLYTbefYLynzo1FPM72yfoLCbeFA and 1A1jWstjdtwkbSWBaV3VbX62DeBsTkRjBB respectively. Checked all four cryptocurrency addresses on the bitcoin blockchain explorer (blockchain.com) and all four had received 0 bitcoins ($0) todate.

empty bitcoin wallet of sextortion scammer

Last part of sextortion scammer email: "You'll make the payment via Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google).

if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it's hacked too.

I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid.

if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on.

Nevertheless, if i do get paid, i will destroy the recording immediately.

If you need proof, reply with Yeah then i will send out your video recording to your 8 friends.

it's a nonnegotiable offer and thus please don't waste mine time & yours by replying to this message."

Cryptocurrency scams promising extraordinary returns at zero risk are taking advantage of many desperate africans suffering high unemployment and eager to get rich quick. Always think that if it sounds too good to be true, it usually is meaning dont spend your hard-earned money. I ignored the sextortion scammers without the need to search google, changed my passwords and where possible activated double-login to my social media accounts (that is, login via password and mobile phone token or one-time password).

Checking where Attacker might have got my login credentials

email and password leaked online in 21 breaches says haveibeenpwned.com 

Checking haveibeenpwned sure enough confirmed that my email and password were leaked online in 21 breaches, which include LinkedIn and several others, which explains how the attacker got access to my now old password. You should visit the service to check if your email(s) have been leaked online, and if so, change them immediately, as well as activating login via mobile phone token where possible. 

In conclusion, when you get a sextortion email, similar to ones above, dont engage with the scammer. Dont panic or get threatened into paying the ransom. If you do pay, the scammer will come back to you with more threats demanding even bigger payouts. Change your passwords and activate two-factor login that requires password and login via mobile phone. Do reach out to your support network for help. 

Below are all emails sextortion scammer sent.

email 1:

On Thu, Dec 24, 2020 at 8:55 PM Patrick Perez <Piper@graineouille.com> wrote:
I know xxyyzzz is one of your password on day of hack..

Lets get directly to the point.
Not one person has paid me to check about you.
You do not know me and you're probably thinking why you are getting this email?
in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean).
When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam.
immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account.
after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you.
Best solution would be to pay me $5393. 
We are going to refer to it as a donation. in this situation, i most certainly will without delay remove your video.
My -BTC -address: 1L3QywWDGHWEbE4p3rJecoNuzF3444eX6P
[case SeNSiTiVe, copy & paste it] 
You could go on your life like this never happened and you will not ever hear back again from me.
You'll make the payment via Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google).
if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it's hacked too.
I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid.
if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on.
Nevertheless, if i do get paid, i will destroy the recording immediately.
If you need proof, reply with Yeah then i will send out your video recording to your 8 friends.
it's a nonnegotiable offer and thus please don't waste mine time & yours by replying to this message. 

Email 2:

On 10/16/18 13:16, 'Constantin Frable' via info wrote:
 xxyyzzz i‌s yo‌ur pa‌ss wo‌rds. Lets g‌et ri‌ght to‌ purpo‌s‌e. No on‌e ha‌s co‌mp‌ensa‌t‌ed me to i‌nv‌esti‌ga‌te about yo‌u. Yo‌u ma‌y no‌t know me and yo‌u're most lik‌ely thi‌nki‌ng why you'r‌e g‌etting thi‌s ‌e-ma‌il?
 a‌ctually, i‌ a‌ctua‌lly s‌etup a‌ ma‌lwar‌e o‌n th‌e xxx vi‌d‌eo‌s (po‌rno‌gra‌phi‌c ma‌t‌eri‌a‌l) w‌eb-si‌t‌e a‌nd th‌er‌e's mo‌re, yo‌u vi‌sit‌ed thi‌s si‌t‌e to‌ hav‌e fun (you kno‌w wha‌t i m‌ea‌n). Whi‌l‌e yo‌u w‌er‌e wa‌tching vi‌d‌eo‌ cli‌ps, yo‌ur int‌ern‌et browser sta‌rt‌ed out o‌pera‌ti‌ng as a‌ RDP wi‌th a k‌ey logg‌er whi‌ch pro‌vi‌d‌ed m‌e with a‌cc‌essi‌bi‌lity to‌ your scre‌en as well a‌s webca‌m. Ri‌ght aft‌er tha‌t, my software pro‌gra‌m obtain‌ed a‌ll yo‌ur conta‌cts fro‌m yo‌ur M‌ess‌enger, FB, a‌s w‌ell a‌s ‌ema‌i‌la‌cco‌unt. a‌nd then i creat‌ed a‌ doubl‌e-scr‌een vid‌eo‌. Fi‌rst pa‌rt sho‌ws the vi‌d‌eo‌ yo‌u w‌er‌e vi‌‌ewing (yo‌u hav‌e a ni‌c‌e ta‌ste ha‌ha‌), a‌nd seco‌nd pa‌rt shows th‌e vi‌‌ew of yo‌ur web cam, and i‌ts you.
 Yo‌u wi‌ll ha‌v‌e 2 choic‌es. W‌e a‌r‌e go‌i‌ng to‌ a‌na‌lyze th‌es‌e o‌pti‌ons in pa‌rticulars:
 1st optio‌n i‌s to ski‌p thi‌s ‌e-ma‌il. as a r‌esult, i‌ mo‌st certa‌i‌nly wi‌ll s‌end yo‌ur vi‌deo reco‌rdi‌ng to every o‌n‌e o‌f yo‌ur p‌erso‌na‌l co‌ntacts a‌nd th‌en yo‌u ca‌n ‌ea‌si‌ly i‌ma‌gine co‌nc‌erni‌ng th‌e sha‌m‌e you ca‌n get. a‌nd as a‌ co‌nsequ‌enc‌e if yo‌u a‌re i‌n a‌ lo‌vi‌ng relati‌onshi‌p, just how i‌t i‌s go‌i‌ng to‌ a‌ff‌ect?
 Next cho‌i‌c‌e wi‌ll b‌e to‌ gi‌v‌e m‌e $7000. We wi‌ll r‌ega‌rd i‌t as a‌ do‌na‌tio‌n. in such a‌ ca‌se, i‌ wi‌ll i‌nstantly remo‌v‌e yo‌ur vid‌eo‌ fo‌otage. Yo‌u co‌uld k‌e‌ep on yo‌ur da‌i‌ly routin‌e li‌k‌e this nev‌er to‌ok pla‌ce a‌nd yo‌u wi‌ll not hear ba‌ck a‌ga‌i‌n from me.
 Yo‌u'll ma‌ke the pa‌yment thro‌ugh Bitcoi‌n (if yo‌u do no‌t kno‌w this, s‌ea‌rch fo‌r 'ho‌w to buy bi‌tcoi‌n' i‌n Go‌o‌gl‌e).
 B‌T‌C‌ a‌ddress: 1JimQ6SVXN5Cxi2PK8N9gLjGDG4SPwGJdx
 [Ca‌S‌e-S‌eNSiTi‌V‌e copy and paste i‌t]
 in ca‌s‌e yo‌u a‌re pla‌nni‌ng on go‌i‌ng to‌ th‌e la‌w ‌enforcem‌ent, v‌ery w‌ell, thi‌s ‌ema‌i‌l messa‌g‌e can no‌t be tra‌c‌ed ba‌ck to‌ m‌e. I‌ hav‌e co‌v‌er‌ed my mo‌v‌es. i‌ a‌m no‌t lo‌o‌ki‌ng to‌ cha‌rge yo‌u a‌ hug‌e a‌mo‌unt, i‌ pr‌ef‌er to‌ b‌e pa‌i‌d. Yo‌u no‌w ha‌v‌e 48 ho‌u‌rs to‌ mak‌e th‌e paym‌ent. i‌ ha‌v‌e a‌ uni‌qu‌e pi‌x‌el i‌n thi‌s ‌e-ma‌i‌l, a‌nd a‌t thi‌s mo‌ment i‌ kno‌w tha‌t yo‌u ha‌v‌e r‌ea‌d through this ‌ema‌i‌l m‌essa‌g‌e. i‌f i don't get th‌e B‌i‌tC‌o‌ins, i‌ defi‌ni‌t‌ely wi‌ll s‌end your vi‌d‌eo to‌ a‌ll o‌f your co‌nta‌cts includi‌ng fri‌‌ends a‌nd fa‌mi‌ly, cowork‌ers, a‌nd many o‌th‌ers. Ha‌vi‌ng said tha‌t, i‌f i‌ r‌ec‌eiv‌e the pa‌yment, i‌ will d‌estroy th‌e vi‌d‌eo‌ i‌mm‌edi‌ately. Thi‌s i‌s a no‌n-n‌ego‌tia‌bl‌e o‌ffer and so pl‌ea‌s‌e do no‌t wast‌e my time & yo‌urs by r‌espo‌ndi‌ng to‌ this e-mai‌l. i‌f yo‌u rea‌lly wa‌nt ‌evidenc‌e, r‌eply Y‌ea‌h th‌en i‌ defi‌ni‌tely wi‌ll s‌end o‌ut yo‌ur vi‌d‌eo‌ to‌ yo‌ur 6 conta‌cts.

Email 3: 

On 7/26/18 04:10, Rahal Wirth wrote:

 I do know xxyyzzz is your pass word. Lets get straight to the point. You don't know me and you're most likely wondering why you're getting this mail? There is no one who has compensated me to check you.

 In fact, I setup a malware on the adult videos (sex sites) web-site and you know what, you visited this website to experience fun (you know what I mean). When you were viewing video clips, your web browser began functioning as a Remote Desktop having a keylogger which gave me access to your display screen as well as web cam. Right after that, my software collected all of your contacts from your Messenger, Facebook, as well as e-mail . And then I made a double-screen video. First part displays the video you were viewing (you've got a nice taste ; )), and next part displays the view of your web cam, yea it is u. 

 You actually have just two options. Shall we go through each of these possibilities in particulars:

 Very first option is to skip this e-mail. As a result, I am going to send your very own video recording to each of your your personal contacts and think about about the disgrace you experience. Moreover if you happen to be in a loving relationship, just how this will affect?

 Number 2 option would be to compensate me $1000. We will describe it as a donation. As a result, I will quickly delete your video recording. You could keep going your life like this never occurred and you will never hear back again from me.

 You'll make the payment via Bitcoin (if you don't know this, search for "how to buy bitcoin" in Google). 

 BTC Address: 1E2SJ4oLYTbefYLynzo1FPM72yfoLCbeFA

 [case sensitive, copy & paste it]

 Should you are looking at going to the cops, well, this email message can not be traced back to me. I have covered my steps. I am also not looking to charge you very much, I want to be paid. You now have one day to make the payment. I have a special pixel within this email message, and at this moment I know that you have read this e-mail. If I do not get the BitCoins, I will, no doubt send your video recording to all of your contacts including family members, coworkers, etc. Having said that, if I do get paid, I will destroy the video immediately. It is a non:negotiable offer and so do not waste my personal time and yours by replying to this e-mail. If you need proof, reply  Yeah and I will certainly send out your video to your 7 friends.

Email 4:

On 7/24/18 07:53, Velvet Witherell wrote:

I know xxyyzzz is your pass word. Lets get directly to the purpose. No one has compensated me to check you. You may not know me and you are most likely thinking why you are getting this mail?

Well, I actually placed a software on the adult vids (pornography) web-site and there's more, you visited this website to experience fun (you know what I mean). While you were viewing videos, your internet browser started out operating as a Remote control Desktop with a keylogger which provided me with accessibility to your display screen and also cam. after that, my software program collected your entire contacts from your Messenger, Facebook, as well as email . Next I made a double-screen video. First part shows the video you were watching (you've got a fine taste ; )), and second part displays the view of your web camera, yea it is you. 

You have a pair of alternatives. Why dont we take a look at these types of options in particulars:

First option is to dismiss this e-mail. In this case, I will send your actual videotape to all of your personal contacts and thus just consider regarding the shame you will see. And consequently if you are in a romance, just how it can affect?

Next option would be to compensate me $7000. I will name it as a donation. In this case, I will straightaway erase your video recording. You could carry on with daily life like this never occurred and you never will hear back again from me.

You'll make the payment through Bitcoin (if you don't know this, search "how to buy bitcoin" in Google search engine). 

 BTC Address to send to: 1A1jWstjdtwkbSWBaV3VbX62DeBsTkRjBB

 [case SENSITIVE, copy & paste it]

 If you may be thinking about going to the police, surely, this message cannot be traced back to me. I have dealt with my steps. I am not attempting to demand a lot, I simply want to be paid. I've a unique pixel within this e-mail, and now I know that you have read through this message. You now have one day in order to pay. If I do not receive the BitCoins, I definitely will send your video to all of your contacts including friends and family, colleagues, and so on. However, if I receive the payment, I will destroy the video right away. If you really want evidence, reply with Yup! then I will certainly send out your video to your 7 contacts. It is a non:negotiable offer thus please do not waste my time & yours by responding to this e mail.

Leave us a comment and share with your network

Read more:

• To pay or Not to Pay Ransomware: Reasons 15 Companies paid to Restore Data

• Phishers Dream Email tool used to Embed Ransomware in Danish Company

• CISSP Masters Degree: Where to start with CISSP Certification

• CISM is Worth it: how i passed CISM online proctored exam

• How I Passed CCSK on First Try and Tips for You to do it

• Tips on How I Passed CCSP in First Try and You can do same

• Linkedin is Top Phishing Trap ahead of Whatsapp and Telegram

• Africa awash with Scams promising High Returns at Zero Risk

• Phishers Dream Email tool used to Embed Ransomware in Danish Company

• High Interest in Cybersecurity at eLearning Africa Virtual Meet