Email phishing scam claims you were hacked by ‘jud83’
An email sextortion scam claims that a hacker nicknamed jud83 on the darknet has hacked your mailbox more than six months ago. The previous version claimed that the attackers nickname was ingram78.
If you received an email message that says “Hello! My nickname in darknet is jud83” and further states that they have infected your operating system with a virus and have been monitoring you, ignore it. It’s not true.
The email message might be frightening because it will appear as if it was sent from your own account and possibly failed to be delivered. The subject of the email might say “Mail delivery failed: returning message to sender.” The scammers additionally mention your password (current or previous) throughout the message. However, your email account was not hacked and jud83 has not been monitoring you.
The email also wants you to pay them in Bitcoin to have your data (that doesn’t exist) deleted. Don’t pay them since it is just a scam. The email claims that if you do not pay them that they will send everyone in your contacts screenshots through the camera of your device of you visiting “intimate content sites.”
Email message campaigns like this have been making circulation following recent leaks on websites like LinkedIn and Adobe. To see where your email information may have been compromised check out https://haveibeenpwned.com/. You can input your email address to locate where your information was leaked.
Here’s what is written in the current email campaign:
Subject: [your email address] is hacked
From [your email address]
To [your password/current or previous]Hello!
My nickname in darknet is jud83.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.So, your password from [your email address] is [removed]
Even if you changed the password after that – it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $892 is quite a fair price to destroy the dirt I created.Send the above amount on my BTC wallet (bitcoin): 1EZS92K4xJbymDLwG4F7PNF5idPE62e9XY
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!Since reading this letter you have 48 hours!
After your reading this message, I’ll receive an automatic notification that you have seen the letter.I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere!
As you can see, the email can appear legitimate to many people. But, the same message has been sent around the internet to many people (word-for word) and there have been many campaigns like it in the past. Even if you have never visited an intimate website, you will still receive the same message. Even if your device does not have a camera, they will still claim to have recorded you through your camera.
Do not pay the $892 BTC and do not reply to the scammers. The only thing you need to do is change the password to your email address and other accounts you have for safe measure.
The email message does not mean that your computer is infected with malware; However, if you would like to remove malware and other potentially malicious files from your computer we recommended to use Malwarebytes. Here are some instructions:
1. Download Malwarebytes Anti-Malware software to scan your computer and remove malicious files and potentially unwanted programs.
2. To install the program, click the file you just downloaded. It can usually be located in the Download folder.
3. A window that says “Welcome to the Malwarebytes Setup Wizard” will appear. Click Agree and Install to begin the installation. Once complete, click Finish.
4. Now the Malwarebytes is installed, open the program and click the Scan Now button – or go to the Scan tab and click the Start Scan button.
3. When the scan is complete click the Quarantine Selected button.
4. If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.
I have a client that received this email today with some minor differences. The name was thorn29 and it was for $801. It appears the name and dollar amount are generated by some sort of script that’s pumping these messages out, but the Bitcoin wallet seems to remain the same. The IP address that sent the email is held by Telmex in Xalapa, Mexico, but that’s probably a VPN.