Fake ‘Security Service’ email tries to blackmail you for Bitcoin

Fake 'Security Service' email tries to blackmail you for Bitcoin

If you received a questionable security service email message from your email service provider there’s a good chance that the message is part of a sextortion email spam campaign. One of the latest sextortion email messages has a subject that says “[Email service provider] security service. Third party accessed to [Email address]” and claims that a hacker hacked your mailbox months ago and has been spying on you ever since.

I hacked this mailbox more than 4 months ago,
through it I infected your operating system with a virus (trojan) created by me and have been spying for you a very long time.

The email message then goes on to say that the alleged hacker has access to all your accounts, social networks, email, browsing history and that they recorded you through your device while you were visiting ‘intimate content sites.’

The email also mentions that a ‘virus (trojan)’ has been placed on your device and this program was allegedly used to give the hacker access to your device.

More outstanding claims and threats are mentioned throughout the email message before the scammer asks for Bitcoin in order to have your content deleted. Furthermore, the message says that your files, history, and videos of you will be sent to your contacts.

Like nearly all email messages of this nature, the claims inside the message are not legitimate and you don’t put yourself at risk by disobeying any fraudulent commands. A hacker did not access your account, a virus was not placed on your device, a video of you was not recorded through your device’s camera, and you are not at risk of having your personal information sent to your contacts. This is a scam, do not send the scammer money or attempt to contact them in any way.

There are many email messages like this one and in some of the email messages, the scammer will send the victim their past or current password. The methods passwords are obtained by scammers is usually through the dark web or in other online channels. Personal data such as your email addresses, passwords, home address, name, location, marketing data, and much more may be leaked online following breaches that have occurred to third-party services and websites like Adobe, MySpace, LinkedIn, and much more.

I mention this because those who were sent an email message like the one we are reporting may have been a victim of a third-party breach and their information may have been leaked and gathered online.

To locate which breach your information may have been leaked from go to https://haveibeenpwned.com/ and submit your email address to receive a free detailed report.

To ensure that your email account and online information is secure it is advised to change your password. Follow these tips to create a secure password:

  • Do not reuse the same password for multiple accounts. Use unique passwords wherever possible.
  • Use strong passwords with numbers, letters, and special characters such as !@$#.
  • Use two-factor authentication to add an extra layer of security along with your password.
  • Use a reputable password manager if you have trouble remembering multiple passwords.

 

Sean Doyle

Sean Doyle is an engineer from Los Angeles, California. Sean's primary focuses include Cyber Security, Web Spam, and Online Marketing.