Porn Password Blackmail
I have had a couple of customers report they received an email claiming to release a video of you watching porn to all your contacts.
What made this email especially frightening for some was the fact the email included a password that was either a previously used password, or, in rare cases, a valid password. A sample of this email is below:
It seems that, password, is your password. You may not know me and you are probably wondering why you got this e-mail, right?
Actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. After that, my software program obtained all of your contacts from your Messenger, FB, as well as email.
What did I do?
I backuped phone. All photo, video and contacts.
I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.
Exactly what should you do?
Well, in my opinion, $400 0 is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
BTC Address: BTC Address
(It is cAsE sensitive, so copy-paste it)
Important:
You have one day in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on. Having said that, if I receive the payment - I’ll destroy the video immediately. If you need evidence, reply with “Yes!” and I'll send out your video recording to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by responding to this message.
But How Did they know this password?
While not new news, One of the biggest breaches in the computer industry was that of LinkedIn in 2012. 165 Million emails and passwords were leaked. There have been other sites compromised such as myspace and adobe. The attackers have used this database to send out email blasts with threats.
View our Blog Post on Passwords
How do I know if my passwords have been leaked?
A great resource is https://haveibeenpwned.com/ this will allow you to enter your email address and see if you have been in any of the leaked password lists.
What should I do if I receive an email like this?
Delete it.
References:
Linkedin hack https://www.troyhunt.com/observations-and-thoughts-on-the-linkedin-data-breach/
Porn email Scam: https://www.businessinsider.com.au/new-email-scam-uses-old-password-fake-porn-threats-webcam-video-bitcoin-2018-7?r=US&IR=T