Don’t be fooled by this email scam demanding bitcoin

I’ve had several people reach out to me recently asking me about a particularly bothersome email going around that claims to have evidence of them going to adult websites and that they are going to expose them to their contacts if they don’t pay a fee in bitcoin. 

What’s happening here is this scammer has made use of past data breaches of online account databases that have been stolen that include personal information, including email address, passwords, etc. in order to try and fool people into giving them money.  They claim to have your browsing history (hello, Google already has this anyway), pc files, webcam access, etc.  Since these data breaches are real, and the password that the scammer sends you might be legit (many times older passwords), it tends to be effective in scaring people into thinking they have been hacked.

What do they actually have?

Not much.  They don’t have access to your computer.  They don’t have a video of you from your webcam.  They have your email address and an old password and a bunch of lies. 

Here’s a sample of what the email might look like

I am well aware [REDACTED] is your pass words. Lets get right to point. Neither anyone has paid me to investigate you. You may not know me and you are probably thinking why you’re getting this e-mail? 

actually, i installed a software on the adult videos (pornographic material) web-site and do you know what, you visited this website to have fun (you know what i mean). While you were viewing videos, your web browser began working as a Remote Desktop that has a keylogger which gave me accessibility to your display and also cam. Just after that, my software gathered every one of your contacts from your Messenger, Facebook, as well as email . after that i created a double video. 1st part displays the video you were viewing (you’ve got a nice taste haha), and next part shows the recording of your cam, yeah its you. 

You have not one but two choices. Shall we read up on these options in aspects: 

First alternative is to just ignore this message. in such a case, i am going to send out your actual video to every single one of your personal contacts and think regarding the awkwardness you will definitely get. and definitely if you happen to be in a loving relationship, how it would affect? 

Number 2 solution is to pay me $950. Lets name it as a donation. in this situation, i most certainly will asap remove your video footage. You could carry on daily life like this never occurred and you surely will never hear back again from me.

You’ll make the payment through Bi‌tco‌in (if you don’t know this, search for ‘how to buy b‌itcoi‌n’ in Google). 

B‌T‌C‌ ad‌dre‌ss to send to: [REDACTED]

[CaSe sensitive, copy & paste it] 

if you are wondering about going to the law enforcement officials, well, this message can not be traced back to me. I have dealt with my actions. i am also not attempting to demand a huge amount, i would like to be compensated. within this%} emaiQUNdkpeC [SIC] if i do not receive the ‌bi‌tco‌in‌, i will send your video recording to all of your contacts including family members, coworkers, and so forth. Having said that, if i receive the payment, i will erase the recording immediately. If you really want proof, reply Yup then i will send out your video to your 9 friends. This is a non-negotiable offer, so don’t waste mine time and yours by replying to this e mail.

What should you do?

First, don’t panic.  They are just trying to get some easy money using scare tactics.

Second, try using a trusted website like www.haveibeenpwned.com and enter your email address and see what breaches show up.  You can also enter your password in question under that section to see if it’s also been a part of the data leaks.

Third, if you are using the password in question, or anything close to it, go online and change it. 

Last, delete the email with full confidence that you’re fine and don’t give them any money.

Parting thoughts

Being in IT over 20 years, I’ve seen my share of hacking, scams, ransomware, etc.  From the numbers I’ve seen, over 90% of “hacks” are through email where they are phishing for information or trying to scare you.  Do not click links in emails that you are not expecting, EVEN IF THEY LOOK LEGITIMATE.  Open a browser and go directly to the website in question and login from there to address what the email was saying.

Brian Edwards