Blackmail scam going around
I occasionally receive emails to two or three
different email addresses with the message below.
The threat is
same in all cases except the email and passwords stated are unique to
the recipient. In both cases the passwords were, in fact,
actual passwords I sometimes used. But since I always use an
email alias the address they claimed to have hacked was given as the
alias which does not exist as an actual email account. The
compromised passwords were only used on unimportant sites such as to
post a comment to a forum or news article. All logins of any
critical value each have strong and unique passwords. Basically
I know I have no worries.
If you use a password manager using unique passwords is easy. I suggest BitWarden for this as it is free and very secure.
Actual hacking is involved to
some extent given they had real passwords but only email alias used
as part of logins to inconsequential sites. It was not my machine that had been hacked, it was the forums I subscribed to that were hacked thus the emails and passwords they had. No loss to me.
If you can, you should always use an email alias
that is NOT used to log into your actual email account and never use
the actual account's email for this very reason. If you use a different password everywhere you will more easily spot these kinds of scams.
They are spoofing your email which is easy just by
editing the reply-to to make it appear as if it came from your own
email...chances are small it actually did. In each case the messages
I received came from forged IP addresses, not from the IP of my mail
server. Also note the reference to "my web cam"...I have no
web cam on my desktop computer and I disable webcame in laptop in
hardware settings. ( Do that...you can
always enable it if you need it )
Nothing in this
should concern you unless...well you really have something to hide
and they really did get into your accounts.
provider but don't send any money !
Use email alias only as your reply to
Consider a free, secure email account such as
Here is the text of the scam/blackmail threat complete with their typos and errors in English . Don't
fall for it.
I'm a member of an international hacker group.
As you could probably have guessed, your account [your email]
was hacked, I sent message you from it.
Now I have access to you accounts! You still do not believe it?
So, this is your password: [password] , right?
Within a period from July 5, 2018 to September 21, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.
We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..
But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...
Transfer $700 to our Bitcoin wallet: 1DzM9y4f___qpZZCsv___x4HupbE5Q5r4y
( The bitcoin key was altered to make it unusable)
I guarantee that after that, we'll erase all your "data" :D
A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.
Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.
You should always think about your security. We hope this case will teach you to keep secrets.
Take care of yourself.
An ounce of prevention folks.
Tips from the FTC on avoiding scams