Another wave of sextortion emails

As email blackmailers make big winnings, others are trying to cash in on the craze.

Graham Cluley
Graham Cluley
@[email protected]

Sextortion emails

During the last few months, many of us will have received emails that try to extract a ransom via an anonymous cryptocurrency.

A typical email begins like this:

I do know [VICTIM’S PASSWORD] one of your password. Lets get directly to purpose. You do not know me and you’re probably wondering why you are getting this e-mail? Neither anyone has paid me to check about you.

In fact, I actually installed a software on the adult video clips (porn) site and there’s more, you visited this site to have fun (you know what I mean). While you were watching videos, your web browser began operating as a RDP with a keylogger which provided me with accessibility to your screen and webcam. Immediately after that, my software collected every one of your contacts from your Messenger, social networks, and e-mail . After that I created a double-screen video. 1st part shows the video you were viewing (you’ve got a good taste lol . . .), and second part displays the view of your cam, & it is u.

Sextortion email

The password that the extortionist quotes in the email *is* one of your passwords.

LinkedinBut it’s quite likely that it’s a password that you used some time ago, and was breached in some historic mega-breach from yesteryear such as the 2012 LinkedIn hack. 117 million of those email addresses and passwords were put up for sale in 2016.

But that shouldn’t be a problem for you, right? Because if your password was one of those compromised in the 2012 LinkedIn hack you hopefully changed it soon afterwards, and are smarter than Mark Zuckerberg who kept using the very same password for his Twitter, Instagram and Pinterest accounts.

Sign up to our free newsletter.
Security news, advice, and tips.

The sextortion emails, however, are banking on at least a proportion of recipients being scared witless by the mention of the password and believing that a hacker has somehow managed to catch them having a “private moment” with an X-rated website.

Recently we’ve seen variants of the email which rather than quoting your password, actually reference some of the digits of your phone number instead.

It seems that, +XX XXXXXX1234, is your phone. You may not know me and you are probably wondering why you are getting this e mail, right?

actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.

The thing to realise is that the authors of these emails are lying. They haven’t secretly taken a video of you watching porn. They don’t know who your friends and family are.

You shouldn’t ever give in to blackmail, but in the case of this extortion (which is trying to scare you into believing they have evidence of something when they definitely don’t!) you absolutely shouldn’t pay.

Sadly, however, the scam is still working for online criminals. Some researchers have calculated that scammers have managed to make half a million dollars by pretending that they watched you watching porn.

Those kind of figures inevitably attract other wannabe blackmailers to try something similar. Here’s an example I received today from an (apparently) Chinese extortionist who hasn’t bothered to work out four digits of my phone number, or dig out a password I was using for LinkedIn ten years ago.

Instead he just claims to have planted malware on a porn site, and videotaped me (yes, videotape!) “flying solo”.

You may not notice in your email client, but when I paste some of the text into this article – in a font that its author was not expecting – you can easily see its author went to the effort of using “funny” Unicode characters to try and avoid rudimentary spam filters:

I uрlоadеd thе mаliciоus рrоgram on your systеm.
Sinсе thаt mоment I рilfеrеd аll рrivy bасkgrоund frоm yоur system. Аdditiоnаlly I have sоmе mоrе соmрromising evidеnсе. The mоst interеsting evidenсе thаt I stоlе- its a videоtарe with your mаsturbаtiоn. I adjusted virus оn а pоrn wеb sitе аnd аftеr yоu loаdеd it. Whеn yоu dесidеd with thе vidео аnd taрped оn a plаy buttоn, my dеlеtеrious sоft at оnсе sеt uр оn your systеm. Аfter adjusting, yоur саmеra shооt the vidеоtаре with you self-аbusing, in аdditiоn it savеd рrесisеly thе рorn video you mаsturbаtеd оn. In next fеw dаys my mаlwаre соllеctеd аll yоur soсial and wоrk сontaсts.

In summary – if you receive an email like this, simply delete it.

The emails are lying, and your “deleterious softness” has not been exposed.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Another wave of sextortion emails”

  1. BAR

    "The password that the extortionist quotes in the email *is* quite one of your emails."

    Is this English? I can't understand it.

  2. DaddyCee

    WTH is "deleterious soft"… please someone explain!!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.