Watch Out For This E-Mail Message Scam Using Your Old Password For Extortion — and What You Can Do

Sometimes legitimate e-mail messages wind up in my “spam” folder; so I check it regularly to ensure that they are not missed by me — and I found that the title of one of the messages in that folder contained an old password which I had used years ago and had since changed.

Watch Out For This E-Mail Message Scam Using Your Old Password For Extortion — and What You Can Do

Seeing that the password was indeed legitimate at one time, I opened the e-mail message and found the following text — and I manually changed the BTC address in it:

∧∧ is your password. You don’t know me and you’re thinking why you received this e mail, right?

I placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam.

Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account. What exactly did I do? I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address –>>

2QckujqX8Bbvt1srCrZon6foLtMFpY9SEd
(It is case sensitive, so copy and paste it)

Important:
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

“The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded”, according to this article written by Brian Krebs of KrebsOnSecurity. “Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims.”

What Krebs wrote can potentially be a cause for concern:

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

Given the plethora of major breaches of sensitive personal data which have occurred in recent years — such as with Equifax and Starwood Hotels and Resorts, each of which affected literally hundreds of millions of people — and the seemingly careless and apathetic attitudes by the corporate entities which were affected by them, the leap to the conclusion that these scams will get more sophisticated is a sobering thought to how the abuse of technology has spiraled out of control.

What Should You Do?

The Federal Bureau of Investigation of the United States defines sextortion in this video.

You are not alone if you are receiving threats of sextortion, according to the Federal Bureau of Investigation, which outlines what you can do to avoid becoming a victim — and I added a few items to the list:

  • Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
  • Do not open attachments from people you do not know.
  • Exercise caution when receiving attachments in e-mail messages from people who you do know, as you never know if someone has hijacked their e-mail accounts. Do not open those attachments until you are confident that the e-mail message is legitimate. I still receive e-mail messages from my father, who has been deceased for years.
  • Turn off your electronic devices and web cameras when you are not using them.
  • Cover your web cameras whenever you are not using them — such as with opaque tape which will not leave residue on the lens.
  • Whatever you do, never say yes — or no, for that matter — to a potential scammer.
  • If you believe that you are a victim of sextortion — or know someone else who is a victim — contact your local office of the Federal Bureau of Investigation or call toll-free at 1-800-CALL-FBI.

Summary

This message is to the lowlife who thought he or she could scam me with the aforementioned e-mail message: I did not realize that BoardingArea was a pornography site; and many people have already seen the footage you possess of me. It is the photograph of me at the top of The Gate; and I have already received more than my fair share of criticism and ridicule over the years as a result — so, in essence, I did all the work for you.

Also, some people may agree with you that the articles which I write are considered the nasty things which I do.

My contacts from my Messenger and Facebook accounts will certainly be surprised — simply because I never signed up for Messenger or Facebook.

Nice try, though — but I do agree with you that $1,400.00 is a fair price for our little secret. My only question is: when will I receive cash payment from you?

The original image of Penny Flame by Alan of Chicago and uploaded by Sodakan was used under the Creative Commons 3.0 license and is found here. Illustration and alteration of the image is by Brian Cohen.

2 thoughts on “Watch Out For This E-Mail Message Scam Using Your Old Password For Extortion — and What You Can Do”

  1. AnotherRecepient says:

    Phew, glad you wrote about it. I thought I was the rare one who received it.
    It freaked me out.

    FYI, the source of my password was an old password of LinkedIn. I’m guessing it’s the password before the LinkedIn hack, after which LinkedIn forced everyone to change their passwords.

    1. Brian Cohen says:

      I believe the password which was used in the e-mail message which I received was used on LinkedIn as well, AnotherRecepient. Good point.

      We are far from the only people, as this version of the sextortion scam has been around for at least a year…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

BoardingArea