This week I have started receiving a new blackmail/scam email which seems to be doing the rounds
This scam works on the premise that the recipient of the email has been visiting porn websites such as xvideos or pornhub, which of course is most of the male population, and the blackmailer then tells you that he installed malware on your computer via the website and has recorded a video of you spanking your monkey, which he will share with all your contacts if you do not pay the ransom.
Firstly, stay calm and don’t worry, none of this is true, it is a scam.
While this type of scam is nothing new in itself, the convincer is the fact that the scammer has one of your passwords which is linked to your email address and thus which makes the threat more believable.
I have received several of these emails so far, all almost identical, demanding various different amount of money via bitcoin. In all cases the email did indeed quote a real password I have used in the past, which has obviously been obtained from hacked websites, but they were old passwords that I have not used for at least 10 years, and the same is true for other reports I have read, so these scammers are obviously using some very old data.
As i’m sure everyone knows by now, websites get hacked on a regular basis, in fact roughly 37,000 websites per day get hacked, but only the big well-known sites/companies make it into the news.
The cybercriminals steal all the personal details of all the users/members from the hacked websites database and then use them for fraudulent purposes, such as phishing, identity theft, blackmail etc. They also use the gleaned details to try to access other sites where you may have used the same login details. The cybercriminals also often put all the obtained details online for other criminals to use.
How do you know if your data has been stolen?
There is a handy website called haveibeenpwned.com which keeps track of hacked websites and stolen data, and will tell you if your email address appears in any of those known data thefts. I checked my own email and found that at least 15 websites I have used in the past have been hacked and my details stolen. So I would strongly suggest you check haveibeenpwned.com for your own email address and see if any of your passwords have been hacked, and if so, reset them ASAP.
This is why it is really important NOT to use the same password on multiple websites, and to use a password manager such as Dashlane or LastPass to generate and store random passwords and to use a good cyber security product to protect you online, such as BitDefender.
Here is the email I received. I can imagine this might scare the crap out of anyone who was actually visiting xvideos.com recently, is not very security savvy and uses the same password on multiple websites.
FROM: Juliet Blount <email@example.com>
I do know (REDACTED) is one of your pass word. Lets get directly to the purpose. None has compensated me to investigate about you. You may not know me and you’re probably thinking why you’re getting this email?
actually, I placed a malware on the X vids (pornography) web-site and do you know what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser began operating as a RDP having a keylogger which gave me access to your display screen and web camera. Immediately after that, my software program collected all of your contacts from your Messenger, Facebook, as well as email . After that I made a double-screen video. First part shows the video you were watching (you have a fine taste ; )), and next part shows the recording of your cam, & its you.
You actually have two different choices. Lets check out these types of choices in particulars:
First solution is to neglect this e mail. In that case, I will send your recorded material to just about all of your personal contacts and also imagine about the shame you feel. Moreover if you happen to be in a loving relationship, precisely how it is going to affect?
Next choice will be to pay me $7000. I will call it a donation. As a result, I will promptly delete your video recording. You could carry on with your way of life like this never took place and you surely will never hear back again from me.
You will make the payment via Bitcoin (if you do not know this, search for “how to buy bitcoin” in Google search engine).
BTC Address: 1FCxzQitbQb9VVz6y7cqkdPdZbeJcfYrYM
[CASE-SENSITIVE copy and paste it]
In case you are thinking of going to the cops, look, this mail cannot be traced back to me. I have dealt with my steps. I am also not attempting to charge you so much, I simply want to be paid. You now have one day to make the payment. I have a specific pixel in this e-mail, and right now I know that you have read through this e mail. If I don’t receive the BitCoins, I will definitely send out your video recording to all of your contacts including family members, colleagues, etc. Nevertheless, if I do get paid, I will destroy the recording immediately. This is the non-negotiable offer, thus please don’t waste my personal time and yours by responding to this email message. If you need proof, reply with Yea! and I will certainly send your video to your 6 contacts.