I received a spam email this morning. While this one came from firstname.lastname@example.org, which is an address completely unfamiliar to me, the message itself was not unfamiliar at all. I’ve received a half-dozen of these in the past two weeks.
It’s a sextortion scam.
It appears that, [REDACTED], is your password. May very well not know me and you are most likely wondering why you’re getting this e mail, right?
in fact, I put in place a malware over the adult vids (adult porn) website and guess what, you visited this website to have fun (you really know what I mean). Whilst you were watching videos, your internet browser started out functioning as a RDP (Team Viewer) which provided accessibility to your screen and webcam. and then, my software programs obtained all of your contacts from the Messenger, Outlook, Facebook, as well as emails.
What did I actually do?
I created a double-screen video recording. 1st part shows the recording you’re watching (you’ve got a good taste haha . . .), and Second part shows the recording of your webcam.
what exactly should you do?
Well, in my opinion, $1000 is a reasonable price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
Bitcoin Address: 1EMyC92th1NRyPVHawhhqkTUcJsEVwD637
(It is case sensitive, so copy and paste it)
You have 1 day in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read this email message). If I do not get the BitCoins, I will certainly send your video recording to all of your contacts including family, co-workers, and so forth. Having said that, if I get the payment, I’ll destroy the video immidiately. If you need evidence, reply with “Yes!” and I will undoubtedly send your videos to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by responding to this message.
Krebs on Security explains the scam, and I won’t go into details. The email is self-explanatory.
The password in the email was a real password that I used… about ten years ago.
But, there’s a lot of silliness involved here.
First, I don’t even have a camera attached to my computer. I never have.
Second, the email account with the compromised passwords was one of my throwaway accounts.
Third, the “unique pixel” threat made me laugh my ass off; this scam email, like the others I’ve received, were in plain text. There’s no tracking pixel, and no way to embed one.
In short, this scam depends on the recipient’s gullibility.