Have you had an email claiming to be from someone who’s been watching you? That they’ve hacked into your computer, installed a keylogger and as proof, THEY’VE GOT YOUR PASSWORD AND IT’S BEING SENT FROM YOUR EMAIL ADDRESS

The first thing you should do in this situation is not panic, the second thing is delete the email and carry on with your day. It’s a scam, but you might want to check your password policy first…

Hi, stranger!

I know the uwfuwiiwuiwuri, this is your password, and I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.

You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy (you know what I mean).

While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.

Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.

What I’ve done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes … but strange for me and other normal people),
and the second part shows the recording of your webcam.

What should you do?

Well, I think $756 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don’t know, look for “how to buy bitcoins” on Google).

BTC Address: 1DrThpxYV7JtvrVkneuJMYtn8Fik8efSwn
(This is CASE sensitive, please copy and paste it)

Remarks:
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).

If I don’t get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.

If you want to get proof, answer “Yes!” and resend this letter to youself. And I will definitely send your video to your any 15 contacts.

This is a non-negotiable offer, so please do not waste my personal and other people’s time by replying to this email.

Bye!

I’ll begin with the most important.

I hacked your device and then got access to all your accounts… Including hbghgbh@ghghgbhghbhg.net.
It is easy to check – I wrote you this email from your account, and this is your password jknfkjjfnk.

Moreover, I know your intim secret, and I have proof of this.
You do not know me personally, and no one paid me to check you.

It is just a coincidence that I discovered your mistake.
In fact, I posted a malicious code (exploit) to an adult site, and you visited this site…

While watching a video Trojan virus has been installed on your device through an exploit.
This darknet software working as RDP (remote-controlled desktop), which has a keylogger,
which gave me access to your microphone and webcam.
Soon after, my software received all your contacts from your messenger, social network and email.

At that moment I spent much more time than I should have.
I studied your love life and created a good video series.
The first part shows the video that you watched,
and the second part shows the video clip taken from your webcam (you are doing inappropriate things).

Honestly, I want to forget all the information about you and allow you to continue your daily life.
And I will give you two suitable options. Both are easy to do.
First option: you ignore this email.
The second option: you pay me $750(USD).

Let’s look at 2 options in detail.

The first option is to ignore this email.
Let me tell you what happens if you choose this path.
I will send your video to your contacts, including family members, colleagues, etc.
This does not protect you from the humiliation that you and
your family need to know when friends and family members know about your unpleasant details.

The second option is to pay me. We will call this “privacy advice.”
Now let me tell you what happens if you choose this path.
Your secret is your secret. I immediately destroy the video.
You continue your life as if none of this has happened.

Now you might think: “I’ll call to police!”
Undoubtedly, I have taken steps to ensure that this letter cannot be traced to me,
and it will not remain aloof from the evidence of the destruction of your daily life.
I don’t want to steal all your savings.
I just want to get compensation for my efforts that I put in to investigate you.
Let us hope that you decide to create all this in full and pay me a fee for confidentiality.
You make a Bitcoin payment (if you don’t know how to do it, just enter “how to buy bitcoins” in Google search)

Shipping amount: $750(USD).
Getting Bitcoin Addresses: 16xg78KbZSR2TrcY3hR7ViMtJecyyZEoQJ
(This is sensitive, so copy and paste it carefully)

Don’t tell anyone what to use bitcoins for. The procedure for obtaining bitcoins can take several days, so do not wait.

I have a spetial code in Trojan, and now I know that you have read this letter.
You have 48 hours to pay.
If I don’t get BitCoins, I’ll send your video to your contacts, including close relatives, co-workers, and so on.
Start looking for the best excuse for friends and family before they all know.
But if I get paid, I immediately delete the video.

This is a one-time offer that is non-negotiable, so do not waste my and your time.
Time is running out.

Bye!

Scary isn’t it? Now there have been instances where people have had their computers compromised and victims have been recorded, but thankfully, these cases are rare and need quite a high degree of technical skill to pull off.

This recent scam is nothing more than a simple phishing campaign, using information that is freely available and sent out to millions of people in the hope that a few will fall for it.

The red flags are;

  1. Poor grammar, the wording changes with several variations, but they all follow the same general theme and are littered with spelling and grammar mistakes.
  2. The high amount of blackmail money requested, it only takes one person to actually fall for this to make it all worthwhile
  3. The fact that if I actually had video evidence that I thought was worth blackmailing you with, I wouldn’t be threatening to send it to your family and friends, I’d be sending you a clip to prove it was real.

There are some lessons we can take from this scam though, it’s quite easy to spoof an email to look like it’s from your address and easy to find out where it actually came from, but the most important lesson is if the password in the email is your actual password for anything, you need to change it.

Billions of emails and passwords have been leaked over the years including ones hacked from big corporations such as Adobe, Dropbox and Linkedin (I’ve checked and my work email has been breached more times than my personal email.) and are currently residing in huge online repositories, just waiting for someone to use them in scam emails, or much much worse, to use them to log into one of your accounts.

If you’d like to check yourself, go to https://haveibeenpwned.com/ and enter your email addresses (you may be very surprised at what comes up). This is a repository of millions of the more public breaches and has details of where your information has been stored. Make no mistake, if your current password is showing up on one of these data dumps or you use that password on multiple sites, now is probably a really good time to start thinking about a more secure password usage policy (using a strong password app like 1password, secret or dashvault for example) and change your password… now… why are you still here… go and change your password