‘Security Alert!’ email sent from your own account is just a scam
A sextortion email scam sends you an email from your own account, claims they hacked your device, and tries to blackmail you for a Bitcoin payment.
Another day, another sextortion email scam arises. Just about every week a new spam campaign appears out of the blue. The latest sextortion email that might appear in your inbox appears to be sent to you from your own email address and says that a hacker cracked your email and devices a few months ago.
The purpose of this scam is to fraudulently blackmail you, They want to make you think that they hacked your account and took images and videos of you while you visited adult websites. They say that they will send the videos to your contacts if you do not pay them $1000 (or other amount) in Bitcoin.
Before we go any further. I need to make it 100% clear that this is a scam. Your email account was not cracked and no one sent an email to you from your own account. A third-party email spoofing service was used to send you the email message. This has been confirmed. Also, there are no images or videos of you.
This is not a new scam. There have been many like it in the past. Other email scams like this will provide you with the password to your email account and other info such as your phone number in order to seem realistic.
Unfortunately, your information was leaked online following breaches that occurred on websites in the past (like LinkedIn and Adobe). Scammers use information leaked about you (such as your email address, email account password, and telephone number) against you in order to attempt to blackmail you, as we previously mentioned. We recommend that you immediately change your password.
To locate a breach where your information may have been leaked from check out https://haveibeenpwned.com/. You can input your email address to locate where your information was leaked.
Transcript from email message:
Subject: Security Alert!
From: [your email address]
To: [your email address]
Date Today 04:30You may not know me and you are probably wondering why you are getting this e mail, right?
I’m a hacker who cracked your email and devices a few months ago.
Do not try to contact me or find me, it is impossible, since I sent you an email from YOUR hacked account.I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean).
While you were watching videos, your internet browser started out functioning as a RDP (Remote Control) having a keylogger which gave me accessibility to your screen and web cam.
After that, my software program obtained all information.You entered a passwords on the websites you visited, and I intercepted it.
Of course you can will change it, or already changed it.
But it doesn’t matter, my malware updated it every time.What did I do?
I backuped device. All files and contacts.
I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.exactly what should you do?
Well, in my opinion, $1000 (USD) is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
My Bitcoin wallet Address:
1NVLbQ7mpJvcdepyJtxDKuNA7GN7epRFJo
(It is cAsE sensitive, so copy and paste it)
Important:
You have 48 hour in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message).
To track the reading of a message and the actions in it, I use the facebook pixel.
Thanks to them. (Everything that is used for the authorities can help us.)
If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on.
Having said that, if I receive the payment, I’ll destroy the video immidiately and uninstall my software with your device.
If you need evidence, reply with “Yes!” and I will certainly send out your video recording to your 6 contacts.
Although this might sound frightening and seem real, it is just a scam. Your account was not hacked and no one took pictures of you. The same exact message has been sent to many people and there have been many campaigns like it in the past. For example, a previous email claims that a spyware software developer hacked your account and shows you the past or current password to your email account.
If you have never visited an adult website, you will still receive the same message. If your device does not have a camera, they will still claim to have taken pictures of you through your camera.
Since this is a scam and you are not in danger please DO NOT PAY THE SCAMMER. They have not accessed your email account and they have not taken photos or videos of you. The only thing that you need to do is change the password to your email address and other accounts you have to ensure your safety.
The email message does not mean that your computer is infected with malware if you received this email message or one like it; However, if you would like to scan your computer for malware and other potentially malicious files to make sure that your computer is clean we recommended to use Malwarebytes.
Here are some instructions to scan your computer for malware and remove malware if found:
1. Download Malwarebytes Anti-Malware software to scan your computer and remove malicious files and potentially unwanted programs.
2. To install the program, click the file you just downloaded. It can usually be located in the Download folder.
3. A window that says “Welcome to the Malwarebytes Setup Wizard” will appear. Click Agree and Install to begin the installation. Once complete, click Finish.
4. Now the Malwarebytes is installed, open the program and click the Scan Now button – or go to the Scan tab and click the Start Scan button.
3. When the scan is complete click the Quarantine Selected button.
4. If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.