Home » Blog » Scams » ‘Your email was compromised. Password must be changed’ email scam
Your email was compromised. Password must be changed

‘Your email was compromised. Password must be changed’ email scam

Your email was compromised. Password must be changed

An email scam sends you an email from your own account, claims your email was compromised and your password must be changed, then tries to blackmail you.


One of the latest sextortion email scams send you an email from your own account and claims that your email was compromised and your password must be changed. However, the message was not actually sent from your account. A third-party email spoofing service was used to make it appear that way.

security alert your email was compromised

The email message says that the sender hacked your OS and got full access to your email account. It claims that they hacked your router and placed malicious code on it and that a Trojan was installed on the OS of your device.

The message then goes onto say that they recorded you through the camera on your device as you were visiting adult websites and if you do not pay them within a certain amount of time they will send the images and videos to your friends, relatives, and colleagues.

To be clear, this is a scam and your email account was not hacked. There are no images or videos of you visiting adult sites.

If you have never visited an adult website, you will still receive the message. If your device does not have a camera on it, the message will still claim to have taken pictures and videos of you through your camera.

This type of sextortion scam is not new, there have been many like it in the past. Other email scams like this will provide you with sensitive information such as your account’s password or phone number. This one does not, it just makes it look like a message was sent to you from your own account.

Unfortunately, if you received this email or one like it, it means that your information was leaked online following a breach that occurred on websites like LinkedIn or Adobe. Scammers use information leaked about you (such as your email address, email account password, and telephone number) against you in order to attempt to blackmail you.

data breach

To locate a breach where your information may have been leaked from check out https://haveibeenpwned.com/. You can input your email address to locate where your information was leaked.

We recommend that you immediately change your password if you have received this email or one like it.

Transcript from email message:

Subject: Security Alert. [Your email address] was compromised. Password must be changed.
From: [Your email address]
To: [Your email address]

Hello!

I have very bad news for you.
09/08/2018 – on this day I hacked your OS and got full access to your account [Your email address]

So, you can change the password, yes… But my malware intercepts it every time.

How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I’m talk you about sites for adults.

I want to say – you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea….
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!

I’m know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $790 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins!
My BTC wallet: 1N2XZZDW5ofnyok6HawSaqzjBVFH5LNr74

You do not know how to use bitcoins?
Enter a query in any search engine: “how to replenish btc wallet”.
It’s extremely easy

For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.

I hope you understand your situation.
– Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
– Do not try to contact me (this is not feasible, I sent you an email from your account)
– Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.
Good luck.

Although the email message might sound frightening and seem like a real threat, it’s not. It is a confirmed scam and you have nothing to worry about. The same exact message has been sent to many people and there have been many campaigns like it in the past. For example, a previous email claimed that a spyware software developer hacked your account and shows you the past or current password to your email account.

Since this is a scam and you are not in danger, DO NOT PAY THE SCAMMER. They have not accessed your email account and they have not taken photos or videos of you. The only thing that you need to do is change the password to your email address and other accounts you have to ensure your safety.

If you would like to make sure that your computer is clean, scan your computer for malware and other potentially malicious files with Malwarebytes using the instructions below:

1. Download Malwarebytes Anti-Malware software to scan your computer and remove malicious files and potentially unwanted programs.

2. To install the program, click the file you just downloaded. It can usually be located in the Download folder.

install malwarebytes

3. A window that says “Welcome to the Malwarebytes Setup Wizard” will appear. Click Agree and Install to begin the installation. Once complete, click Finish.

scan now

4. Now the Malwarebytes is installed, open the program and click the Scan Now button – or go to the Scan tab and click the Start Scan button.

quarantine selected

3. When the scan is complete click the Quarantine Selected button.

4. If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.

Lead Editor

Jared Harrison is an accomplished tech author and entrepreneur, bringing forth over 20 years of extensive expertise in cybersecurity, privacy, malware, Google Analytics, online marketing, and various other tech domains. He has made significant contributions to the industry and has been featured in multiple esteemed publications. Jared is widely recognized for his keen intellect and innovative insights, earning him a reputation as a respected figure in the tech community.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.