‘Hacking Alert! You account was hacked’ email scam tries to blackmail you

Hacking Alert! You account was hacked email scam

A sextortion email scam sends you an email from your own account, shows you your password, and claims a spyware developer hacked your account.


There seems to be a new sextortion email scam campaign every week. The latest sextortion email scam campaign sends you an email from your own address, shows you your past or current password, and says that your account was hacked by a spyware software developer.

hacking alert email

The email message claims that the hacking was carried out by using “a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).”

The email claims that the hacker went around the security system in the router and installed an exploit there. When you went online the exploit downloaded a malicious code (rootkit) to your device.

Furthermore, the email claims that the hacker has been following you and can see absolutely everything that you do. The hacker claims that they can view and download your files and all of your data and have saved all your messages and history of the sites you visit.

The alleged hacker also claims to have access to the camera on your device. The email says that they take photos and videos of you.

The scammer sent the email to you in order to scare you into paying them in Bitcoin. The email says that they have “harvested solid dirt on you” and they have taken photos and videos of your “most passionate fun with adult content.”

The email further states that if you do not pay them in 48 hours they will send photos, videos, and all your data to all of your contacts.

Don’t be alarmed though. This is just another sextortion email scam that has been in circulation. Do not pay the scammer because they have not accessed your email account, they have not taken photos and videos of you, they do not have your data, and there is no real threat.

The email can be frightening because it shows the past or current password to your email account and the message appears to be sent to you from your own account; However, the email was not sent from your own account. A third-party email spoofing service was used and this can be proven by the IP address used to send the email.

Email message campaigns like this are becoming popular following breaches that occurred on websites like LinkedIn and Adobe. They use information leaked about you against you in order to attempt to blackmail you. To see where your email information may have been leaked from check out https://haveibeenpwned.com/. You can input your email address to locate where your information was leaked.

Here’s what is written in the email message:

Subject: Hacking Alert! You account was hacked (your password:[password])
From [email]
To [password]

Dear user of [email server]!

I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.
– Password from account [email]: [password] (on moment of hack).

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.

Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.

At the moment, I have harvested a solid dirt… on you…
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

I know what you like hard funs (adult sites).
Oh, yes .. I’m know your secret life, which you are hiding from everyone.
Oh my God, what are your like… I saw THIS … Oh, you dirty naughty person … 🙂

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!

So, to the business!
I’m sure you don’t want to show these files and visiting history to all your contacts.

Transfer $871 to my Bitcoin cryptocurrency wallet: 1Bt4psBJmjfVTcW6eYiJZ6HEbpFgKkBSX4
Just copy and paste the wallet number when transferring.
If you do not know how to do this – ask Google.

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am “working” with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my server).

Good luck!

As you can see, the email can appear legitimate to many people. But, the same exact message has been sent around the internet to many people and there have been many campaigns like it in the past. For example, a previous email claims that a hacker cracked your email account. If you have never visited an adult website, you will still receive the same message. If your device does not have a camera, they will still claim to have recorded you through your camera.

In conclusion, do not pay BTC to the scammer and do not reply to the fraudulent email message. The only thing you need to do is change the password to your email address and other accounts you have for safe measure.

The email message does not mean that your computer is infected with malware; However, if you would like to scan your computer for malware and other potentially malicious files from your computer we recommended to use Malwarebytes. Here are some instructions to do so:

1. Download Malwarebytes Anti-Malware software to scan your computer and remove malicious files and potentially unwanted programs.

2. To install the program, click the file you just downloaded. It can usually be located in the Download folder.

install malwarebytes

3. A window that says “Welcome to the Malwarebytes Setup Wizard” will appear. Click Agree and Install to begin the installation. Once complete, click Finish.

scan now

4. Now the Malwarebytes is installed, open the program and click the Scan Now button – or go to the Scan tab and click the Start Scan button.

quarantine selected

3. When the scan is complete click the Quarantine Selected button.

4. If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.

Sean Doyle

Sean Doyle is an experienced tech author with experience in cybersecurity, privacy, malware, and more. He has written for numerous online publications.