Sextortion Scams Are Sending Users Into a Frenzy

Advancements to Sextortion Scams Continue

Hackers continue to trick users into thinking their computers have been infected with malware that recorded videos of them watching porn.  In an attempt to legitimize their claims, the hackers reveal they know a real password the victim has used and have begun spoofing victims’ email addresses.  By spoofing the email address, it makes it appear the messages are being sent from the victim’s own email account.

After distributing these spoofed emails, the hackers then demand a payment in the untraceable cryptocurrency, bitcoin.  They claim if a payment is not received, they will send the recordings to everyone in the recipient’s contacts list.  The scam has been incredibly effective, raking in bitcoin payments totaling $4 million in just the last three months.

Below are a couple examples of these sextortion emails, provided by Barkley:

Sextortion-scam-email-spoofing-1

 

sextortion-scam-spoofed-email-2

How Users Are Being Exploited

First, it is important to clarify, these victims have not been infected with malware.  Instead, they’ve received a scam email that is exploiting the password that was leaked in one of today’s major data breaches.  There is NO recording!

Many recipients of these emails have confirmed the passwords included in the emails, haven’t been used in years.  This has led several experts to believe these scams are using data dumps from data breaches that occurred years ago.

What’s Next?

If you received one of these emails, it is important you remember — this is only a scam, your device is NOT infected with malware.  PC Matic encourages you NOT to pay the bitcoin demands.  Instead, ensure you are no longer using the password the hacker discloses in the email.  If you are still using this password, it is important to change the login credentials for those accounts.

If you are wondering if your information has been breached, you may visit www.haveibeenpwned.com.  By typing in your email address, the website will tell you if and when your information was breached.

40,973 total views, 6 views today

(Visited 16,473 times, 1 visits today)

23 thoughts on “Sextortion Scams Are Sending Users Into a Frenzy

  1. One of my clients received this email last week. So I carried out the due diligence used livewire to find the actual sender of the email and their IP address then sent a copy of the information to Spam Cop who issued the relevant information to the ISP who then closed down the account. Oh, the scammer was from Brazil.

  2. I’ve had several of these emails show up and I simply deleted them without even reading them all the way through. Frankly, they don’t scare me. I trust PC Matic to keep any malware off my computer and know that I have never frequented any porn sites, so claims to the contrary are simply a lie to be denounced and ignored. It would be nice if this stuff could be reported, tracked, and the perpetrators ruined though. The scams never seem to stop. I tried reporting one to my local law enforcement several years ago and they laughed at me. They weren’t interested in pursuing such stuff.

  3. The best proof that it is a scam: why do the hackers not send you a screenshot of you watching a video to convince you to pay ? It would be so easy for them, and a lot more effective from their point of view….

  4. Just ignore it…;D I received a few emails like that, with a passw just used for ‘non sensitive data’,
    Never pay a buck for things like that!

  5. I was quite amused when I began receiving these e-mails recently (four to date) – apart from anything else I’m a woman and I don’t visit porn websites and in addition, as with a previous poster, I always cover my webcams immediately I set up a new monitor.

    However the latest e-mail of this type did concern me as it was headed with one of my genuine passwords. However I visited the site concerned and tried logging in, and the login failed. My account had been deleted by the site owner (the site was simply a basic commercial one where I’d bought a few non-sensitive items in the past), so obviously the owner was aware of a breach.

    Unfortunately the scam seems to be working, and I think having passwords which people recognise is the key. I’ve been contacted by two friends so far who’ve asked my advice (along the lines of “Should I pay?”…), which is very concerning.

    I’ve advised reporting the e-mails to the relevant bodies, marking them as spam and then deleting them immediately, obviously – but I’m cheered to have the confirmation that the security breaches are old as I wasn’t able to get a fix on this, so thank you.

  6. I have received multiple variations of these emails over the last few weeks. I had assumed they were just spam/phishing as the technology they outline doesn’t make a lot of sense. Thanks for the confirmation.

  7. “A drone strike on the hacker” I loved it but the colatetal damage will be an issue.
    Better use the “travel agency” approach, send a 10 members team, after identifying the “mark” just make it look like an accident (car crash, drugs overdose, suicide). Please, don’t take it to an U.S. embassy, killing someone one on an embassy is reeeeeeally crappy and could go south, don’t think so, ask the saudis!!

  8. Aside from uncontrolled immigration, the greatest threat America faces is it’s inability to secure it’s cyber systems which control every aspect of our lives, our nations infrastructure. Cyber crime has to be punishable by death.

  9. I have been receiving this scam for over a month now, and probably have received the same (or similar) demands 3 and 4 times a day every day since. Why so late appearing in PCPitStop? Is there an address we can mail these upon first receipt so that $ can be saved by those not sure (and who read PCPitStop)?

  10. In my case, my telephone company was hacked and that’s how they got my address and password. As the article points out, these tend to be very old lists.

    I suspect that much of this comes out of the Soviet Union, and unfortunately in America these days, the politicians are deliberately doing nothing to protect American citizens from this sort of attack. Our safety now tends to go to the highest bidder, and the Russians are the current highest bidders. As you may guess, I don’t hold the politicians higher regard than the person sending the extortion email.

    Jeffrey Wilen’s approach is good. White hackers may be a big help, particularly as new software is developed.

    You should also know that bitcoin’s can now be traced. Bitcoinist.com has an article explaining how. http://www.bitcoinist.com/yes-your-bitcoin-transactions-can-be-tracked-and-here-are-the-companies-that-are-doing-it/

    “Companies like Chainalysis have been identifying wallets that are linked to criminal activity, such as Darknet transactions. With their blockchain analysis software and other online, public clues, they were able to link transactions to real identities. Chainalysis’s most famous work was helping the FBI identify two rogue agents that had been stealing Bitcoins from the wallet of an online drug market operator.”

    “Another company working on blockchain analysis software is California startup CipherTrace. They’ve even gone as far as infecting their own systems with ransomware to track the coins that are used to decrypt the machines. This can lead to possibly finding out who is behind many of these viruses, along with aiding law enforcement in recovering the money.”

    Another useful website is http://www.bitcoinwhoswho.com. They allow you to register the bitcoin address that is enclosed in the extortion emails. At least this can taint the particular address and allow it to pop up on Google searches before a person considers sending them cash.

    Hopefully, more tools will come into our hands to fight back.

  11. I received two different emails last week, they kinda had my password but it wasn’t correct! I guess I could have worried if I way doing that stuff that was reported. The thing I don’t like about the whole thing is these people made 4 million the last 3 months. Why in the world can’t I come up with something like that to make 4 mil in 3 months? I see where a post said it’s 4 billion!a

  12. Since the Internet in many ways resembles the Wild West of the 19th century USA, maybe it’s time to impose “frontier justice” on the hackers and scammers behind these things. It certainly would be difficult to trace them, but there must be white hat hackers or government agencies who can do so. Where a hacker is outside the jurisdiction of civilized countries and cannot be arrested, the modern equivalent of hanging a horse thief would be a drone strike on the hacker. Once the word got out that a few notorious bandits were dealt with, that might serve as a deterrent for others.

  13. I got one of these too, it did not say they put anything on my computer but did say they had video of me watching porn and I was to send them $7000 in bitcoin. The fact they had a password did give me a surprise but I said oh well changed the password and forgot it. I can’t believe people really fall for it and send money.

  14. I’ve had my webcam covered for years. On the rare occasion I use it, I uncover it and then recover it when finished. In view of this scam, a good idea.

  15. The linked article at Barkley says 4 million $ in 3 months. Your article misquotes it as 4 billion. Just a tiny difference.

  16. This happened to me. A password I use for sites I am not concerned about was displayed in the subject line which got my attention right away. But after reading the claim and demand, I knew it was bogus as I have never been to any porn sites and never clicked on any sex spam emails. So I knew there were no videos. Nevertheless, I have been changing that password.

  17. Yes,I also have been using PitStop for about a year and just renewed. I feel like my computer is protected the best way possible.

  18. I was amused when I received one of these at work since my work PC doesn’t have a webcam and, as far as I know, it’s never been used to surf porn sites.

  19. Thank you for that information and the many scams you report on.
    I’ve been using PC Matic for about a year after using other programs. This has been excellent! I feel much safer using your program because PC Matic not only protects my computer but thoroughly scans it and notifies me of the results.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.