Step by Step Example - "Hacker" sextortion scam based on your old leaked data
Take action: If there was a good reason to activate Multi Factor Authentication on everything and use a password manager to generate different passwords for everything, a sex extortion is one. A little bit of authentication discomfort fixes so many problems in the future (and 1,500 USD)
Learn More
In the third week of May there's a mail circulating on the internet claiming that a "hacker" has successfully compromised the email recipient's computer. As evidence, the "hacker" includes a password of the recepient as part of the email. The "hacker" then asks for around $1500 USD in Bitcoin to be paid to a crypto wallet, or they will release the recepient's emails and a compromising sexual content video.
Usually these scam emails are very generic and can be easily ignored. This time it's different because of the password provided in the email.
We found that ta lot of people on the internet reported this email as a scam on various platforms including over 100 reports on the ChainAbuse blockchain abuse platform
The passwords referenced in the email have been harvested from previous data leaks in which the email recepients had their email and password from some site exposed. It's easy to check if your data has been leaked on HaveIBeenPwned.
Unfortunately, everyone is guilty of recycling and not changing their passwords, so an old leaked password may still be used by the user - and the user may pay the extortion money. So far one person has paid this particular scammer :(
This is how the email looks like:
Hi,
I am a hacker, and I have successfully gained access to your operating system.
I also have full access to your account.
When I hacked into your account, your password was: <redacted>
I've been watching you for a few months now.
The fact is that your computer has been infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence.
Why did your antivirus not detect malware?
Answer: The malware I used is driver-based, I update its signatures every 4 hours. Hence your antivirus is unable to detect its presence.
I made a video showing how you satisfy yourself in the left half of the screen, and the right half shows the video you were watching at the time.
With one mouse click, I can send this video to all your emails and contacts on your social networks.
I can also make public all your e-mail correspondence and chat history on the messengers that you use.
If you don't want this to happen, transfer $1450 in Bitcoin equivalent to my Bitcoin address (if you do not know how to do this, just search "buy bitcoin" on Google).
My Bitcoin address (BTC Wallet) is: 1GnGGkm4kRjhU71mZSUCEkkQFNbCpGAneG
After confirming your payment, I will delete the video immediately, and that's it. You will never hear from me again.
I will give you 50 hours (more than 2 days) to pay. I will get a notice, when you open this email, and the timer will start.
Filing a complaint somewhere does not make sense because this email cannot be tracked like my Bitcoin address.
I never make any mistakes.
If I find that you have shared this message with someone else, the video will be immediately distributed.
Best regards!
