An email scam sends you an email from your own account, claims your email was hacked and says to change your access data, then tries to blackmail you.
A new sextortion email scam sends you an email message from your own account and claims that your email was hacked. The subject of the email message says “your email was hacked” and “change your access data immediately.” However, your email account was not hacked and the message was not actually sent from your account. A third-party email spoofing service was used to make it appear as if someone sent you an email message from your own account.
The email message says that a spyware developer hacked your account in the summer of this year by exploiting a hardware vulnerability in your router and shows you your email address and password at the time of the alleged hack.
Furthermore, the email message says that they have been following you and can connect to your device via VNC protocol. They claim that they can see everything that you do on your computer; They can see the files you download, your email messages, chats from messengers, and adult websites you visit.
The message claims that they have recorded you through your camera while you were visiting adult websites and if you do not pay them within a certain amount of time they will send videos of you visiting adult websites to your friends, relatives, and colleagues.
To be clear, this is a scam and your email account was not hacked. There are no images or videos of you visiting adult sites.
If you have never visited an adult website, you will still receive the message. If your device does not have a camera on it, the message will still claim to have taken pictures and videos of you through your camera.
Unfortunately, if you received this email or one like it, it means that your information was leaked online following a breach that occurred on websites like LinkedIn or Adobe. Scammers use information leaked about you (such as your email address, email account password, and telephone number) against you in order to attempt to blackmail you.
To locate a breach where your information may have been leaked from check out https://haveibeenpwned.com/. You can input your email address to locate where your information was leaked.
We recommend that you immediately change your password if you have received this email or one like it.
Transcript from email message:
Subject: Security Notice. [Your email address] was hacked! Change your access data immediately!
From: [Your email address]
To: [Your password]Hello!
I’m a spyware software developer.
Your account has been hacked by me in the summer of this year.I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.
– Password from account [Your email address]: [Your password] (on moment of hack).Notice: That it is useless to change the passwords. My malware update passwords from your accounts every times when you changed it.
The hacking was carried out using a hardware vulnerability of your router (Cisco router, vulnerability CVE-2018-0296).
I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically made photos and videos with you.At the moment, I have harvested a solid dirt… on you…
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.I know what you like hard funs (adult sites).
Oh, yes .. I’m know your secret life, which you are hiding from everyone.
Oh my God, what are your like… I saw THIS … Oh, you dirty naughty person … 🙂I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!So, to the business!
I’m sure you don’t want to show these files and visiting history to all your contacts.Transfer $798 to my Bitcoin cryptocurrency wallet: 1BgphddTJvTjxkkk1zkksFKJaXfqfMZE4C
Just copy and paste the wallet number when transferring.
If you do not know how use Bitcoins – ask Google.My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am ‘working’ with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.Since opening this letter you have 48 hours (2 days).
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with link on compromising material.I advise you to remain prudent and not engage in nonsense (on this moment all files with your “dirty laundry” on my server).
Good luck!
Although the email message might sound frightening and seem like a real threat, it’s not. It is a confirmed scam and you have nothing to worry about. The same exact message has been sent to many people and there have been many campaigns like it in the past.
Since this is a scam and you are not in danger, DO NOT PAY THE SCAMMER. They have not accessed your email account and they have not taken photos or videos of you. The only thing that you need to do is change the password to your email address and other accounts you have to ensure your safety.
If you would like to make sure that your computer is clean, scan your computer for malware and other potentially malicious files with Malwarebytes using the instructions below:
1. Download Malwarebytes Anti-Malware software to scan your computer and remove malicious files and potentially unwanted programs.
2. To install the program, click the file you just downloaded. It can usually be located in the Download folder.
3. A window that says “Welcome to the Malwarebytes Setup Wizard” will appear. Click Agree and Install to begin the installation. Once complete, click Finish.
4. Now the Malwarebytes is installed, open the program and click the Scan Now button – or go to the Scan tab and click the Start Scan button.
3. When the scan is complete click the Quarantine Selected button.
4. If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.
Leave a Comment