‘Your account has been hacked’ scam tries to blackmail you for Bitcoin

Your account has been hacked email scam

A new email phishing scam emerged today that tries to blackmail you for Bitcoin.


Beware of an email message that claims someone has hacked your account. The email message claims that on 06/28/2018 (or other) someone hacked your operating system and obtained full access to your account.

Change your password immediately. Your account has been hacked

The email claims that malware is on your device and that “it is useless to change the password, my malware intercepts it every time.”

The purpose of the email is to frighten the target enough to pay the scammer in Bitcoin (BTC wallet: 15ZHnf1MPn6ybb8yUeAoCQ1AJtiKhg3NrP or other). For example, the email says that “a month ago, I wanted to lock your device and ask for a small amount of money to unlock” and then further states that they “looked at the sites that you regularly visit, and came to the big delight of your favorite resources.” To add to this the scammer says “I’m talking about sites for adults.”

To make it more frightening the email then says “I made a screenshot of the intimate website where you have fun” and then threatens to send the pictures to your relatives, friends, an d colleagues if you do not pay up.

This is just another sextortion scam of the many that has been in circulation, so do not pay the scammer. The email can be frightening because it shows the past or current password to your email account and the message appears to be sent to you from your own account; However, the email was not sent from your own account. A third-party email spoofing service was used and this can be proven by the IP address used to send the email.

If you received an email message that says “I have bad news for you” (or other) and appears to be sent to you from your own email address, ignore it. The message is fraudulent and no one actually hacked your email account and device.

Email message campaigns like this have been making circulation following recent breaches that occurred on websites like LinkedIn and Adobe. To see where your email information may have been leaked from check out https://haveibeenpwned.com/. You can input your email address to locate where your information was leaked.

Here’s what is written in the email message:

Subject: Change your password [your password] immediately. Your account has been hacked.
From: [your email]
To: [your password]

I greet you!

I have bad news for you.
06/28/2018 – on this day I hacked your operating system and got full access to your account [your email]
On that day your account ([your email]) password was: [your password]

It is useless to change the password, my malware intercepts it every time.

How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.
I’m talking about sites for adults.

I want to say – you are a big pervert. You have unbridled fantasy!

After that, an idea came to my mind.
I made a screenshot of the intimate website where you have fun (you know what it is about, right?).
After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate.

I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues.
I think $988 is a very small amount for my silence.
Besides, I spent a lot of time on you!

I accept money only in Bitcoins.
My BTC wallet: 15ZHnf1MPn6ybb8yUeAoCQ1AJtiKhg3NrP

You do not know how to replenish a Bitcoin wallet?
In any search engine write “how to send money to btc wallet”.
It’s easier than send money to a credit card!

For payment you have a little more than two days (exactly 50 hours).
Do not worry, the timer will start at the moment when you open this letter. Yes, yes .. it has already started!

After payment, my virus and dirty photos with you self-destruct automatically.
Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your “joys”.

I want you to be prudent.
– Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)
– Do not try to contact me (this is not feasible, I sent you an email from your account)
– Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim.
This is a hacker code of honor.

From now on, I advise you to use good antiviruses and update them regularly (several times a day)!

Don’t be mad at me, everyone has their own work.
Farewell.

Here’s a second version of the email message:

Subject: Mail delivery failed: returning message to sender
From: Mail Delivery System
To: [your email]

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

hanea.rasezine@gmail.com
(ultimately generated from [your email])
host smtp.mailchannels.net [52.41.197.171]
SMTP error from remote mail server after end of data:
550 5.7.1 [CS] Message blocked. If this is a false positive, please report this to your hosting service provider. See https://console.mailchannels.net/insights/bounce?auid=[your email host]&sender=[your email]&txid=480f40be1b83dc2b
Reporting-MTA: dns; [your email host]

Action: failed
Final-Recipient: rfc822;hanea.rasezine@gmail.com
Status: 5.0.0
Remote-MTA: dns; smtp.mailchannels.net
Diagnostic-Code: smtp; 550 5.7.1 [CS] Message blocked. If this is a false positive, please report this to your hosting service provider. See https://console.mailchannels.net/insights/bounce?auid=[your email host]&sender=[your email]&txid=480f40be1b83dc2b
Subject: Change your password [your password] immediately. Your account has been hacked.
From: [your email]
To: [your password]

I greet you!

I have bad news for you.
06/28/2018 – on this day I hacked your operating system and got full access to your account [your email]
On that day your account ([your email]) password was: [your password]

It is useless to change the password, my malware intercepts it every time.

How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.
I’m talking about sites for adults.

I want to say – you are a big pervert. You have unbridled fantasy!

After that, an idea came to my mind.
I made a screenshot of the intimate website where you have fun (you know what it is about, right?).
After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate.

I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues.
I think $988 is a very small amount for my silence.
Besides, I spent a lot of time on you!

I accept money only in Bitcoins.
My BTC wallet: 15ZHnf1MPn6ybb8yUeAoCQ1AJtiKhg3NrP

You do not know how to replenish a Bitcoin wallet?
In any search engine write “how to send money to btc wallet”.
It’s easier than send money to a credit card!

For payment you have a little more than two days (exactly 50 hours).
Do not worry, the timer will start at the moment when you open this letter. Yes, yes .. it has already started!

After payment, my virus and dirty photos with you self-destruct automatically.
Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your “joys”.

I want you to be prudent.
– Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)
– Do not try to contact me (this is not feasible, I sent you an email from your account)
– Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim.
This is a hacker code of honor.

From now on, I advise you to use good antiviruses and update them regularly (several times a day)!

Don’t be mad at me, everyone has their own work.
Farewell.

As you can see, the email can appear legitimate to many people. But, the same exact message has been sent around the internet to many people and there have been many campaigns like it in the past. For example, a previous email claims that a hacker cracked your email account. If you have never visited an adult website, you will still receive the same message. If your device does not have a camera, they will still claim to have recorded you through your camera.

In conclusion, do not pay BTC to the scammer and do not reply to the fraudulent email message. The only thing you need to do is change the password to your email address and other accounts you have for safe measure.

The email message does not mean that your computer is infected with malware; However, if you would like to scan your computer for malware and other potentially malicious files from your computer we recommended to use Malwarebytes. Here are some instructions to do so:

1. Download Malwarebytes Anti-Malware software to scan your computer and remove malicious files and potentially unwanted programs.

2. To install the program, click the file you just downloaded. It can usually be located in the Download folder.

install malwarebytes

3. A window that says “Welcome to the Malwarebytes Setup Wizard” will appear. Click Agree and Install to begin the installation. Once complete, click Finish.

scan now

4. Now the Malwarebytes is installed, open the program and click the Scan Now button – or go to the Scan tab and click the Start Scan button.

quarantine selected

3. When the scan is complete click the Quarantine Selected button.

4. If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.

Sean Doyle

Sean Doyle is a tech author and engineer with over 20 years of experience in cybersecurity, privacy, malware, Google Analytics, online marketing, and other topics. Sean's content has been featured in numerous publications.

13 Responses

  1. The good news it s a scam. But it can be terrifying for some. One woman, who was in tears, called it very frightening, according to a report in Canada s CBC .

  2. AA says:

    Thank you so much for this article @Sean, I was really freaking out when I got this email (even though they didn’t even have my password, unlike what others received) – I can relax a bit now but will definitely change all my passwords and UP my virus and malware protection!

  3. Anonymous says:

    I’ve been getting these about 1 per week for about 6 weeks now. I knew from the beginning that they were fake because they had the wrong password…until yesterday. Then I got one with my current password from Adobe. That is the only place I use that username/password combo. I contacted Adobe and they denied they have had any recent breach. They basically blew me off. I don’t believe them.

    • Anonymous says:

      I just checked that “haveibeenpwnd.com” website, as suggested by the article and Adobe *HAS HAD* a data breach, but in 2013 (so I guess for them it was not “recent”…)

      Below is what the haveibeenpwnd website said about Adobe breach, and I recommend you check if you’ve been pwnd too:

      Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

      Compromised data: Email addresses, Password hints, Passwords, Usernames

    • Anonymous says:

      I too got one of those emails and the password was one from Adobe

  4. L D says:

    I’ve been getting loads of these over the last few weeks. The only bit that actually concerns me is that they are quoting my actual REAL password. Not the password for that emaill address though, it’s a password I use on various websites. So I have to guess that someone breached a website I use and sold my data on the dark web.

  5. Anonymous says:

    Thanks

  6. Anonymous says:

    Thank you for you info, i wasnt so worried cause im always on full protect, but just in case you know, glad that other got the same fake message, screw the hackers!

  7. B says:

    Is this just a phishing scam, or is there a virus, malware, trojan, etc. along with it?

  8. human says:

    please someone take some action and take down those scammers who sending such email

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.