‘Hacker who cracked your email’ scam tries to blackmail you for Bitcoin
One of the latest email phishing scams claims that a hacker has cracked your email and device a few months ago. It claims that you entered a password on one of the sites you visited and that they intercepted it. The email message then shows you your password at the moment of the alleged hack.
If you received an email message that says “I’m a hacker who cracked your email and device a few months ago” and appears to be sent to you from your own email address, ignore it. The message is fraudulent and no one actually hacked your email account and device.
The email message might be frightening because it will appear as if it was sent from your own account and your password (previous password or current password) will be mentioned numerous times. However, your email address was not accessed. It was spoofed by a third-party service such as anonymailer.
The purpose of the email is to trick you into paying a certain amount of Bitcoin to a BTC wallet (1YnYAxprVrTo1WzPPzMo86ste5Ssp4xsy or other) in order to erase data they claim to have collected about you.
The email says that you have 48 hours to make a payment and if you do not they will send all of your contacts “crazy shows from your dark secret life.” They also claim that your device will be blocked with some sort of ransomware.
Email message campaigns like this have been making circulation following recent breaches that occurred on websites like LinkedIn and Adobe. To see where your email information may have been leaked from check out https://haveibeenpwned.com/. You can input your email address to locate where your information was leaked.
Here’s what is written in the email message:
Subject: I’m crack [your email address], password [your password] for [your email address] is compromised, or Mail delivery failed: returning message to sender
From [your email address]
To [your password]
Hello!I’m a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from [your email address] on moment of hack: [your password]Of course you can will change it, or already changed it.
But it doesn’t matter, my malware updated it every time.Do not try to contact me or find me, it is impossible, since I sent you an email from your account.
Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.I am in shock of your fantasies! I’ve never seen anything like this!
So, when you had fun on piquant sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.There will be laughter when I send these photos to your contacts!
BUT I’m sure you don’t want it.Therefore, I expect payment from you for my silence.
I think $897 is an acceptable price for it!Pay with Bitcoin.
My BTC wallet: 1YnYAxprVrTo1WzPPzMo86ste5Ssp4xsyIf you do not know how to do this – enter into Google “how to transfer money to a bitcoin wallet”. It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.My Trojan have auto alert, after this email is read, I will be know it!
I give you 2 days (48 hours) to make a payment.
If this does not happen – all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)Do not be silly!
Police or friends won’t help you for sure …p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.
I hope for your prudence.
Farewell.
Here’s a second version of the email message:
Subject: account [your email address] is compromised
From [your email address]
To [your email address]
Date Today 11:15Hello!
I’m a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.Of course you can will change it, or already changed it.
But it doesn’t matter, my malware updated it every time.Do not try to contact me or find me, it is impossible, since I sent you an email from your account.
Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.I am in shock of your fantasies! I’ve never seen anything like this!
So, when you had fun on piquant sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.There will be laughter when I send these photos to your contacts!
BUT I’m sure you don’t want it.Therefore, I expect payment from you for my silence.
I think $883 is an acceptable price for it!Pay with Bitcoin.
My BTC wallet: 1DVU5Q2HQ4srFNSSaWBrVNMtL4pvBkfP5wIf you do not know how to do this – enter into Google “how to transfer money to a bitcoin wallet”. It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.My Trojan have auto alert, after this email is read, I will be know it!
I give you 2 days (48 hours) to make a payment.
If this does not happen – all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)Do not be silly!
Police or friends won’t help you for sure …p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.
I hope for your prudence.
Farewell.
As you can see, the email can appear legitimate to many people. But, the same message has been sent around the internet to many people (word-for word) and there have been many campaigns like it in the past. Even if you have never visited a “piquant” website, you will still receive the same message. Even if your device does not have a camera, they will still claim to have recorded you through your camera.
Do not pay the BTC and do not reply to the scammers. The only thing you need to do is change the password to your email address and other accounts you have for safe measure.
The email message does not mean that your computer is infected with malware; However, if you would like to remove malware and other potentially malicious files from your computer we recommended to use Malwarebytes. Here are some instructions:
1. Download Malwarebytes Anti-Malware software to scan your computer and remove malicious files and potentially unwanted programs.
2. To install the program, click the file you just downloaded. It can usually be located in the Download folder.
3. A window that says “Welcome to the Malwarebytes Setup Wizard” will appear. Click Agree and Install to begin the installation. Once complete, click Finish.
4. Now the Malwarebytes is installed, open the program and click the Scan Now button – or go to the Scan tab and click the Start Scan button.
3. When the scan is complete click the Quarantine Selected button.
4. If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.
What if they send 2 email and they put also a photo of my computer? They send the email to other emails that i had connected in the computer. I already change my passwords but not of the other who was sent the email.And also installed lot of antivirus. Should i be worried?
I replied, I told them not to bother waiting and do their worst, does replying leave me open to any more attacks from these pricks?
It certainly brings attention your way if you found a way to contact them. I highly advise against it.
https://www.blockchain.com/btc/address/1DVU5Q2HQ4srFNSSaWBrVNMtL4pvBkfP5w
WOW!! Seems they are making GOOD money in that wallet from one example here!! 1.7 BTC – almost £10,000 at todays price from 21 poor people!!
SOMETHING needs to be done!
seems the wallet on this sample letter above has had 8 people fall for it!!
https://www.blockchain.com/btc/address/1YnYAxprVrTo1WzPPzMo86ste5Ssp4xsy
this one 21 poor people totalling 1.7 Bitcoin ((almost £10,000) at todays money!!
Very lucrative it seems something should be done!!
The wallets are having the money sent to one main wallet!!
https://www.blockchain.com/btc/address/3PYBsYvb61fD94trS5J9EPnwVcKg2asvML
$34,000 in that one!!!
WOW!! Any ideas on what can be done?
Figure out how to scam the scammers?
I just had the same email making me panic at first then laugh as everyone knows what a pervert I am!!
Nothing illegal but no one would be surprised so was gonna bite the bullet! In midst of trojan scan etc as it is scary and makes you think!!
Glad things aren’t going to be posted to all my friends anyhow after seeing this and nice to know the scammer is not collecting much money from it. Use https://www.blockchain.com to search on the wallet address and you will be able to see any transactions coming or going for the history of the wallet!! GOTTA LOVE the blockchain eh!!?
Any one with a wallet that has had BTC given to it?
https://www.blockchain.com/btc/address/1YnYAxprVrTo1WzPPzMo86ste5Ssp4xsy 8 transactions to the one in sample letter!! 🙁
You are an angel!
What if you can’t change your password?
I would backup that email account and delete everything in it. Then I would stop using it… But do as you please. The reason for this is because your password was leaked so your account is vulnerable and a password that cannot be changed is not beneficial to the you.
What if they actually have a password that you have used in the past? A password that no one could guess unless they actually intercepted it?
Your password was not obtained by any means of hacking (or cracking) if you received this email message. Please be advised that this email message is simply a scam. The scammer uses information obtained after a breach occurred. Your information was leaked and acquired by the scammer. You can see which breach may have lead to your info being leaked on this website: https://haveibeenpwned.com/
Please be aware that a scammer or hacker is not going to sign into thousands of email accounts at the same time in order to send them the same message. Targeted attacks are rare and unlikely in most scenarios. The purpose of the email scam is to scare people in order to get them to pay up, so don’t be scared and fall for it.
Also, it’s been confirmed that a third-party email spoof service is being used to send email messages. Email messages like this have been sent out in the past. This is not uncommon at the moment. This is confirmed as a scam.
Hope this helps.
I found in this thread https://botcrawl.com/your-secret-life-email-scam/ one comment saying anonymailer is what they use. I sent an email to myself from that site and it showed up in my Sent folder as well. I don’t know how or why, but it is.
What if this email is actually showing up in my Sent folder? How is that possible?
I found in this thread https://botcrawl.com/your-secret-life-email-scam/ it mentions them using anonymailer. I tested it by sending an email to myself and it also shows up in my Sent folder.
I noticed that the password they claimed to have stolen was all lowercase when in fact it had a few capitals. The only account that uses that password was super old that I don’t use their services anymore (optus). So it narrowed down where the “intercept” was. A lot of accounts that used it previously has been updated. It was a password I’ve used years and years ago. So I can tell this wasn’t a recent intercept. – Still concerning nonetheless.
has anybody already waited the 48 h through? the only fear that i have is that my device is gonna be blocked…porn is something everybody watches so i don’t like the idea but whatever…but i like my computer 🙂
oh and he’s getting cheaper, only wants 872$ from me lol
$869 from me! LOL
I am cyber security and our organization has seen many of these. I tell our employees to just delete them. I do ask that they change their password if what is shown is the current password I am not sure how they get the password since I tried searching the address and got nothing. to be safe change the password but otherwise just delete it
Yes. Similar email messages have been in circulation for quite a while. It is a scam.
Good day! Several people approached me with this problem. In addition to letters with a password from the mail, they also sent letters with passwords from logins to other services. I suppose that the computer still has a trojan that monitors keyboard input.
That would have nothing to do with this email message because the information was acquired during a breach. You can search which breach your email info was leaked here: https://haveibeenpwned.com/
but when I tried it I got nothing. I don’t believe their is a trojan because the password can be a personal password used with work email etc so not sure how that is obtained. Or only a portion of the password is shows. its weird none the less
It was obtained during a breach. The breach may not have been listed or your information may not have been publicly leaked. There is not a trojan on your computer. This email message has been sent to a lot of people.
I received the exact hacker email mentioned. The hacker stated my correct password. When I tried to login to my email server I could not because the hacker changed the account manager password. But the hacker did not change my pop account password so that is why I continued to receive my emails uninterrupted. So theoretically the hacker could see all emails I sent and received. Of course I did not pay the ransom. The deadline is 48 hours and it’s been 24 hours. I will let you know if my computer blows up at deadline.
Hello, this is just an extortion scam. The alleged hacker does not hack anyone’s account. Your password being changed has nothing to do with the email you received. Your computer will also be fine since this is only a scam designed to scare you into paying up.
So…did your computer blow up? I’m interested to know.
I would like to know as well, please respond or I will assume you are sitting on a pile of computer/office rubble
I can tell it’s a scam when your bitcoin address is the same as mine that I got and that a whole bunch of people got the email
Thank you so much!
Thank you very much for this post Sean. A fucking heart attack this morning was not the best breakfast.
stay away from porn sites and you wont have a heart attack next time lol
Many thanks for this. I have to say it completely freaked me this morning! Mine must have been from the LinkedIn breach. The text in my email is word for word identical.
My account is from NEWSEAs
Please note this site
From play sim3 … wwwwww
Glad to know I am safe
And thanks for this article
They also sent me 11 in total at the same time
You’re welcome. That is a lot of messages. If you want to, feel free to copy and paste those messages in this forum (with your email address and password removed) so we can go through them: https://botcrawl.com/forums/forum/security-center/
Take care
Sadly I have deleted them already but I was scared at first but then I saw the spelling errors and such and saw that no email was sent from my email
And then with bitcoin how can they know I sent them money to delete my stuff that’s another red flag
Hi,
but how can he send a mail with my mail address, passing my Spamfilter?
IP address was from mazedonia.
Edit:
The password in the email to me was wrong.
They use a third-party service. They are not actually using your own account to send you a message. They are sending this message to a lot of people. It would take a very long time to send a message to each person from their own accounts one at a time. If the password was incorrect it is likely that it was your previous password that they obtained during a breach somewhere or they simply messed up. They have been running this type of email campaign for a little while and sometimes the passwords are incorrect.
Still how can you send the mail without the password.
There are numerous services that allow someone to “email spoof.” Without getting into the details, it is very easily done and spammers utilize this tactic all the time.
Hi,
thank you for your answer. No, the pasword wasn‘t a previous password. I think they have messed up. 😀
I checked mail address and password and I‘m not pwned.
hi
thanks for that
but how do they actually know the password ?
As explained in the post, during a breach of a third-party site. You can search where your info was leaked on this website: https://haveibeenpwned.com/
ohhhhh.k
thanks again man!!