Home » Blog » Scams » Email messages with your password in the subject are scams
Email messages with your password in the subject

Email messages with your password in the subject are scams

Email messages with your password in the subject

If you received an email message that has your password in the subject you’re not alone. The email message is part of a sextortion email scam campaign that gained momentum in September 2018.

The email message body will typically say that your computer or mobile device was hacked or corrupted with malware and a video of you was recorded through your device’s camera while you were watching an adult video.

The message will then insist that you pay the alleged hacker a certain amount of Bitcoin or risk having the video of you sent to your contacts including your friends, family, and colleagues.

Here’s an example of an email message:

Subject: [Email Address] – [Password]
From: Spike Difabio

I­ ­a­m­ ­a­w­a­r­e­­ ­[Password] ­­o­n­e­ ­o­f­­ ­y­o­u­r­ ­­p­a­s­s­­.­ ­L­e­t­s­ ­g­e­t­ ­­r­i­g­h­t­ ­t­o­­ ­­t­h­e­ ­­­p­o­i­n­t­­.­ ­­N­o­ ­o­n­e­­ ­h­a­s­ ­­c­o­m­p­e­n­s­a­t­e­d­­ ­m­e­ ­t­o­ ­­i­n­v­e­s­t­i­g­a­t­e­­­ ­a­b­o­u­t­­ ­y­o­u­.­ ­­Y­o­u­ d­o­n­’­t­­ ­k­n­o­w­ ­m­e­ ­­a­n­d­ ­y­o­u­’­r­e­­ ­­p­r­o­b­a­b­l­y­­ ­­w­o­n­d­e­r­i­n­g­­ ­w­h­y­ ­­y­o­u­’­r­e­­ ­g­e­t­t­i­n­g­ ­t­h­i­s­ ­­e­-­m­a­i­l­­?­ ­

L­e­t­ ­m­e­ ­t­e­l­l­ ­y­o­u­­,­ ­­i­­ ­­i­n­s­t­a­l­l­e­d­­ ­a­ ­­m­a­l­w­a­r­e­­ ­o­n­ ­t­h­e­ ­­X­­ ­­v­i­d­e­o­ ­c­l­i­p­s­­ ­(­­a­d­u­l­t­ ­p­o­r­n­­)­ ­­w­e­b­-­s­i­t­e­­ ­a­n­d­ ­­d­o­ ­y­o­u­ ­k­n­o­w­ ­w­h­a­t­­,­ ­y­o­u­ ­v­i­s­i­t­e­d­ ­­t­h­i­s­ ­w­e­b­ ­s­i­t­e­­ ­­t­o­ ­e­x­p­e­r­i­e­n­c­e­­ ­f­u­n­ ­(­y­o­u­ ­k­n­o­w­ ­w­h­a­t­ ­i­ ­m­e­a­n­)­.­ ­­W­h­i­l­e­­ ­y­o­u­ ­w­e­r­e­ ­­w­a­t­c­h­i­n­g­­ ­­v­i­d­e­o­ ­c­l­i­p­s­­,­ ­y­o­u­r­ ­­i­n­t­e­r­n­e­t­ ­b­r­o­w­s­e­r­­ ­­i­n­i­t­i­a­t­e­d­­ ­­f­u­n­c­t­i­o­n­i­n­g­­ ­a­s­ ­a­ ­­R­e­m­o­t­e­ ­D­e­s­k­t­o­p­­ ­­h­a­v­i­n­g­ ­a­­ ­­k­e­y­l­o­g­g­e­r­­ ­w­h­i­c­h­ ­­p­r­o­v­i­d­e­d­ ­m­e­­ ­­a­c­c­e­s­s­­ ­t­o­ ­y­o­u­r­ ­­d­i­s­p­l­a­y­­ ­­a­n­d­­ ­­w­e­b­ ­c­a­m­­.­ ­­a­f­t­e­r­­ ­t­h­a­t­,­ ­m­y­ ­­s­o­f­t­w­a­r­e­­ ­­o­b­t­a­i­n­e­d­­ ­­a­l­l­ ­o­f­ ­y­o­u­r­­ ­c­o­n­t­a­c­t­s­ ­f­r­o­m­ ­y­o­u­r­ ­M­e­s­s­e­n­g­e­r­,­ ­­s­o­c­i­a­l­ ­n­e­t­w­o­r­k­s­­,­ ­­a­n­d­­ ­­e­-­m­a­i­l­­­a­c­c­o­u­n­t­­.­ ­­a­f­t­e­r­ ­t­h­a­t­­ ­i­ ­­c­r­e­a­t­e­d­ ­a­­ ­­d­o­u­b­l­e­ ­­v­i­d­e­o­.­ ­­F­i­r­s­t­­ ­p­a­r­t­ ­­s­h­o­w­s­­ ­t­h­e­ ­v­i­d­e­o­ ­y­o­u­ ­w­e­r­e­ ­­w­a­t­c­h­i­n­g­­ ­(­­y­o­u­’­v­e­ ­g­o­t­ ­a­­ ­­g­o­o­d­­ ­t­a­s­t­e­ ­­l­o­l­­)­,­ ­a­n­d­ ­­s­e­c­o­n­d­­ ­p­a­r­t­ ­­s­h­o­w­s­­ ­t­h­e­ ­­r­e­c­o­r­d­i­n­g­­ ­o­f­ ­y­o­u­r­ ­­w­e­b­c­a­m­­,­ ­­y­e­a­­ ­­i­t­ ­i­s­­ ­­y­o­u­­.­ ­ ­

Y­o­u­ ­h­a­v­e­­ ­­o­n­l­y­ ­2­­ ­­o­p­t­i­o­n­s­­.­ ­­W­e­ ­w­i­l­l­­ ­­u­n­d­e­r­s­t­a­n­d­­ ­­t­h­e­s­e­ ­t­y­p­e­s­ ­o­f­­ ­­p­o­s­s­i­b­i­l­i­t­i­e­s­­ ­i­n­ ­­d­e­t­a­i­l­s­­:­ ­

V­e­r­y­ ­f­i­r­s­t­­ ­­o­p­t­i­o­n­­ ­i­s­ ­t­o­ ­­i­g­n­o­r­e­­ ­t­h­i­s­ ­­e­ ­m­a­i­l­­.­ ­­i­n­ ­t­h­i­s­ ­s­i­t­u­a­t­i­o­n­­,­ ­­i­ ­m­o­s­t­ ­c­e­r­t­a­i­n­l­y­ ­w­i­l­l­­ ­­s­e­n­d­­ ­­y­o­u­r­ ­v­e­r­y­ ­o­w­n­­ ­­t­a­p­e­­ ­t­o­ ­­e­a­c­h­ ­o­f­ ­y­o­u­r­­ ­y­o­u­r­ ­­p­e­r­s­o­n­a­l­ ­c­o­n­t­a­c­t­s­­ ­­a­n­d­ ­t­h­u­s­­ ­­c­o­n­s­i­d­e­r­­ ­­c­o­n­c­e­r­n­i­n­g­­ ­t­h­e­ ­­s­h­a­m­e­­ ­­y­o­u­ ­w­i­l­l­ ­g­e­t­­.­ ­­M­o­r­e­o­v­e­r­­ ­­i­f­ ­y­o­u­ ­h­a­p­p­e­n­ ­t­o­ ­b­e­­ ­i­n­ ­­a­ ­r­e­l­a­t­i­o­n­s­h­i­p­­,­ ­­h­o­w­­ ­­t­h­i­s­ ­w­i­l­l­­ ­a­f­f­e­c­t­?­ ­

L­a­t­t­e­r­­ ­­o­p­t­i­o­n­­ ­­i­s­ ­t­o­­ ­­c­o­m­p­e­n­s­a­t­e­­ ­m­e­ ­­U­S­D­ ­­9­­7­­­6­­.­ ­­W­e­ ­a­r­e­ ­g­o­i­n­g­ ­t­o­­ ­­t­h­i­n­k­ ­o­f­ ­i­t­ ­a­s­­ ­a­ ­d­o­n­a­t­i­o­n­.­ ­­C­o­n­s­e­q­u­e­n­t­l­y­­,­ ­­i­ ­w­i­l­l­­ ­­i­n­s­t­a­n­t­l­y­­ ­­d­i­s­c­a­r­d­­ ­y­o­u­r­ ­­v­i­d­e­o­­.­ ­­Y­o­u­ ­c­o­u­l­d­­ ­­g­o­ ­o­n­­ ­­d­a­i­l­y­ ­l­i­f­e­­ ­l­i­k­e­ ­t­h­i­s­ ­n­e­v­e­r­ ­­t­o­o­k­ ­p­l­a­c­e­­ ­a­n­d­ ­y­o­u­ ­­w­i­l­l­ ­n­o­t­ ­e­v­e­r­­ ­h­e­a­r­ ­b­a­c­k­ ­a­g­a­i­n­ ­f­r­o­m­ ­m­e­.­ ­

Y­o­u­’­l­l­ ­m­a­k­e­­ ­t­h­e­ ­p­a­y­m­e­n­t­ ­­v­i­a­­ ­B­i­t­c­o­i­n­ ­(­­i­f­ ­y­o­u­ ­d­o­ ­n­o­t­­ ­k­n­o­w­ ­t­h­i­s­,­ ­s­e­a­r­c­h­­ ­f­o­r­­ ­’­h­o­w­ ­t­o­ ­b­u­y­ ­b­i­t­c­o­i­n­’­ ­i­n­ ­­G­o­o­g­l­e­ ­s­e­a­r­c­h­ ­e­n­g­i­n­e­­)­.­ ­ ­

B­T­C­ ­a­d­d­r­e­s­s­­­:­ ­1MaQzmakdSNFKXSoMc7ZuNky7ZAYeCjkQf ­
[­­C­a­S­e­­­ ­­­s­e­n­s­i­t­i­v­e­­­ ­s­o­­ ­c­o­p­y­ ­­a­n­d­­ ­p­a­s­t­e­ ­i­t­]­ ­

i­f­ ­y­o­u­ ­h­a­v­e­ ­b­e­e­n­­ ­­c­u­r­i­o­u­s­ ­a­b­o­u­t­­ ­g­o­i­n­g­ ­t­o­ ­t­h­e­ ­­a­u­t­h­o­r­i­t­i­e­s­­,­ ­­a­n­y­w­a­y­­,­ ­t­h­i­s­ ­­e­-­m­a­i­l­­ ­­c­a­n­n­o­t­ ­b­e­­ ­t­r­a­c­e­d­ ­b­a­c­k­ ­t­o­ ­m­e­.­ ­I­ ­h­a­v­e­ ­­c­o­v­e­r­e­d­­ ­m­y­ ­­m­o­v­e­s­­.­ ­­i­ ­a­m­ ­a­l­s­o­­ ­n­o­t­ ­­a­t­t­e­m­p­t­i­n­g­ ­t­o­­ ­­a­s­k­ ­y­o­u­ ­f­o­r­­ ­­m­u­c­h­­,­ ­i­ ­­p­r­e­f­e­r­ ­t­o­­ ­b­e­ ­­r­e­w­a­r­d­e­d­­.­ ­­­Y­o­u­ ­h­a­v­e­­ ­­4­8­ ­h­o­u­r­s­­ ­­i­n­ ­o­r­d­e­r­ ­t­o­­ ­­m­a­k­e­ ­t­h­e­ ­p­a­y­m­e­n­t­­.­ ­­i­’­v­e­ ­a­­ ­­u­n­i­q­u­e­­ ­p­i­x­e­l­ ­­i­n­ ­t­h­i­s­­ ­­m­a­i­l­­,­ ­a­n­d­ ­­r­i­g­h­t­ ­n­o­w­­ ­i­ ­k­n­o­w­ ­t­h­a­t­ ­y­o­u­ ­h­a­v­e­ ­­r­e­a­d­­ ­t­h­i­s­ ­­e­ ­m­a­i­l­­.­­ ­i­f­ ­i­ ­­d­o­n­’­t­­ ­­g­e­t­ ­t­h­e­­ ­B­i­t­C­o­i­n­s­,­ ­i­ ­­w­i­l­l­ ­c­e­r­t­a­i­n­l­y­­ ­­s­e­n­d­­ ­y­o­u­r­ ­­v­i­d­e­o­ ­r­e­c­o­r­d­i­n­g­­ ­t­o­ ­a­l­l­ ­o­f­ ­y­o­u­r­ ­c­o­n­t­a­c­t­s­ ­i­n­c­l­u­d­i­n­g­ ­­f­a­m­i­l­y­ ­m­e­m­b­e­r­s­­,­ ­­c­o­l­l­e­a­g­u­e­s­­,­ ­­a­n­d­ ­s­o­ ­o­n­­.­ ­­H­o­w­e­v­e­r­­,­ ­i­f­ ­i­ ­­d­o­ ­g­e­t­ ­p­a­i­d­­,­ ­­i­’­l­l­­ ­­d­e­s­t­r­o­y­­ ­t­h­e­ ­­v­i­d­e­o­­ ­­r­i­g­h­t­ ­a­w­a­y­­.­ ­­­i­t­’­s­ ­a­­ ­n­o­n­­­n­e­g­o­t­i­a­b­l­e­ ­o­f­f­e­r­­,­­ ­­s­o­­ ­­p­l­e­a­s­e­ ­d­o­n­’­t­­ ­w­a­s­t­e­ ­­m­i­n­e­­ ­t­i­m­e­ ­­a­n­d­­ ­y­o­u­r­s­ ­b­y­ ­­r­e­p­l­y­i­n­g­­ ­t­o­ ­t­h­i­s­ ­­m­a­i­l­­.­ ­i­f­ ­y­o­u­ ­­r­e­a­l­l­y­ ­w­a­n­t­­ ­­e­v­i­d­e­n­c­e­­,­ ­r­e­p­l­y­ ­­­ ­­Y­u­p­­­­ ­­t­h­e­n­­ ­i­ ­­w­i­l­l­­ ­­s­e­n­d­ ­o­u­t­­ ­y­o­u­r­ ­­v­i­d­e­o­ ­r­e­c­o­r­d­i­n­g­­ ­t­o­ ­y­o­u­r­ ­­1­3­­ ­­c­o­n­t­a­c­t­s­­.­ ­

As you can see, the ‘password in the subject’ email scam is designed to scare you into sending the scammer a Bitcoin payment in order to have the video of you destroyed. However, no video of you exist.

To be clear, there is no video recording of you, no one accessed your email account, and malware was not placed on your computer. If your computer or mobile device does not have a camera on it you will still receive an email message that says you were recorded through your device’s camera. If you have never visited an adult website you will still receive an email message suggesting otherwise.

Although the email message is a confirmed scam you may be wondering how your email account’s password was obtained by the scammer. Your email address and email account’s password was most likely leaked online following a breach that occurred on a site like Adobe, Experian, LinkedIn, Yahoo, and so on. The scammer possibly obtained your information along with countless others in the black market.

To locate which breach your information was leaked from go to https://haveibeenpwned.com/ and submit your email address to receive a free detailed analysis.

Since your account information was probably leaked online and a scammer was able to pick it up on the dark web it is strongly advised to change your password immediately to avoid unwanted access. Also, change the password to other accounts you may use for safe measure.

Employ the use of these best practices when making a new secure password:

  • Do not reuse the same password for multiple accounts. Use unique passwords wherever possible.
  • Use strong passwords with numbers, letters, and special characters such as !@$#.
  • Use two-factor authentication to add an extra layer of security along with your password.
  • Use a reputable password manager if you have trouble remembering multiple passwords.

Lead Editor

Jared Harrison is an accomplished tech author and entrepreneur, bringing forth over 20 years of extensive expertise in cybersecurity, privacy, malware, Google Analytics, online marketing, and various other tech domains. He has made significant contributions to the industry and has been featured in multiple esteemed publications. Jared is widely recognized for his keen intellect and innovative insights, earning him a reputation as a respected figure in the tech community.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.