Blackmail with Bitcoin address: Caught on a porn website or "just" a scam?

A few days ago I received an email that initially puzzled me: The first line was “I changed your password - password123” (actual password changed), although there was actually a password that I probably used at some point . However, I quickly realized that this was a password that had not been used for a very long time. Even so, the clerk had first caught my attention. I have written this guide on how to deal with such e-mails or any other extortion mail with a payment request (in Bitcoin, BTC for short).

Have you received a blackmail email with a Bitcoin address? Have you been caught on a porn website and filmed with a webcam or is it all "just" a fraud? Here you can find information on the topic!
Have you received a blackmail email with a Bitcoin address? Have you been caught on a porn website and filmed with a webcam or is it all "just" a fraud? Here you can find information on the topic!

Fraudsters try to extort money with supposed recordings

Most people are familiar with spam e-mails. Here you can earn $ 10.000 an hour, there you get a fortune from a prince who lives far away or a never-before-seen product is advertised ... But sometimes the scammers behind the e-mail want to extort money directly and without further ado. The recipient of the blackmail with Bitcoin address then has to ask himself: Was he caught on a porn website and recorded with his own webcam or is he “only” the victim of a data theft?

Here is the mail written in English that I received a few days ago, so that you can get an insight into the topic:

The sender was my own email address
Subject: disgrace - password123 [actual PW changed]

Mail content:

Hello!

I have your password - password123

I hacked your PC through porn website which you visited some time ago with tro jan.

I've movie of you masturbating from webcam.

I have all of your personal data, contacts and friends lists.

2 options: either you pay me 625 $ in BTC (you can google how to buy it), or I am sending your movie to all your kins and friends.

It is going to be full disgrace / life ruine.

BTC Wallet: 1JGnxrXhyTRKGwX29oNYdNYJby9UpUqvVf

  

After payment is made, all your private information will be removed automatically.

You've twenty four hours, I am aware you just read this mail, clock is ticking.

Sincerely!

How do the fraudsters get their email address and password?

In the above email there is hardly any indication that the blackmailers actually have anything against the recipient - apart from the email address and the mentioned password, which was actually used. If you receive such a ransom email, then ideally you will know where the fraudsters got the data from, as you will use a different password for each online service that could be hacked. Because this is probably what the Bitcoin extortionists do:

  1. Hack the database of an online service to read user data
  2. Alternatively: buy up user data that has already been stolen from other hackers
  3. Write down the e-mail addresses with the associated password as "proof"
  4. Make compromising statements in the mail and threaten to publish embarrassing / harmful content
  5. Sometimes it is even threatened with forged material that shows the recipient of a crime that has never actually been committed and that is to be circulated if payment is not made

Recommended reading: Top 10 passwords that you shouldn't use

Porn Blackmail - Real threat or “just” a scam?

Of course, it is a shock for every recipient of the e-mail when the passwords actually used are shown. However, the blackmailers did not provide any other evidence. If they really wanted to get as many people as possible to pay, then they would each include a webcam image or a screenshot of the hard drive folder (or something similar) in the mail (as in the Netflix series "Black Mirror" in season 3, Episode 3). If nothing of the kind is sent, then 99,99% of the time you have nothing against the allegedly hacked user.

Therefore you should never make a payment, even if the amount stated in the extortion email appears to you to be payable and "reasonable" for the protection of your reputation. Because once a payment has been made, the fraudsters know that their scam will work for you. Soon there will be more emails with new threats and higher amounts. The ruin that they threaten by publishing alleged webcam recordings then only results from your fear and the countermeasures that you are trying. In order not to get into it in the first place, you shouldn't pay a single cent - neither in euros nor in dollars nor in a crypto currency like Bitcoin (BTC). 

Update April 27.4.2019, XNUMX: A new variant of blackmail emails came in the days. This time the text was incorporated as a graphic, presumably so that the spam filters of the mail server would not hit and sort out the mail.
Update April 27.4.2019, XNUMX: A new variant of blackmail emails came in the days. This time the text was incorporated as a graphic, presumably so that the spam filters of the mail server would not hit and sort out the mail.

Received ransom mail with Bitcoin address - what to do?

However, there are a few steps that you can and should take if you receive a blackmail email with a Bitcoin address stating that you have been caught on a porn site, on another embarrassing (or even criminal) website - or in which it is threatened that pictures of you will be inserted into recordings of criminal acts via Photoshop or the like. Even if the blackmailers threaten to use your voice to falsify suspicious phone calls, do not transfer anything, just proceed as follows:

  1. Under no circumstances click on links in the mail or attachments to the mail
  2. Do you know the password? Change it wherever you use it!
  3. Scans your hard drive for malware (e.g. with Malwarebytes)
  4. To be on the safe side, tape off your webcam (e.g. with Webcam cover or Camsticker®) - on the other hand, nobody can do anything remotely
  5. Keep calm and just delete the mail;)

Conclusion on the fraudulent e-mail with Bitcoin payment request

The only thing that such emails reveal is that the recipient's data was stolen from some online service, forum, online game or elsewhere. That means you should change your password or delete your account as soon as possible. Otherwise, unless otherwise indicated, the fraudsters have nothing against you and you should under no circumstances transfer money, click a link or open an attachment. Just check the accounts with the password, scan your hard drive for malware, tape off your webcam and delete the email.

Have you ever received a blackmail email with a Bitcoin address whose writers allegedly got caught on a porn website or have material from you that they want to edit to your disadvantage? Feel free to leave a comment with your experiences; this way everyone can be helped who have also received such nonsense mail!

Update 11.11.2018/XNUMX/XNUMX: New mail template with “Security Scam Warning”

Today I received an email that is structured similarly to the previous one. Again, this is about blackmail with alleged webcam material that should have been recorded. However, the hack would have been carried out with a Cisco router at the provider. The mentioned Cisco bug ID “CVE-2018-0296” actually exists, but everything else is probably nonsense.

Here is the content of the mail, so that you may recognize it:

Subject: Security Scam Warning. (your password: PASSWORD123)

Dear user of icloud.com!

I love spyware software developers.
Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account.
- Password from account email Adresse@icloud.com: PASSWORD123 (on moment of hack).

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly update it, so your antivirus is silent all time.

Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.

At the moment, I have harvested a solid dirt ... on you ...
I saved all your emails and chats from your messengers. I also saved the entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like ... I saw THIS ... Oh, you dirty naughty person ... :)

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!

Okay, back to business!
I'm sure you don't want to show these files and visiting history to all your contacts.

Transfer $ 823 to my Bitcoin cryptocurrency wallet: 1Bt4psBJmjfVTcW6eYiJZ6HEbpFgKkBSX4
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am “working” with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my server).

Good luck!

Further examples: Here

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership would support.

11 Responses to “Ransom mail with Bitcoin address: Caught on a porn website or “just” a scam?”

  1. About 1 month ago I also got a blackmail mail like this (see below).
    Usually I delete this kind of junk right away, but this time I was really shocked because I actually knew the password, but hadn't used it for a long time.
    So it occurred to me that this information must have come from an old user database (web shop or forum).

    So always remember: always use different passwords for all online accounts and use a password manager tool!

    Greeting
    CP

    ---
    Hello!
    I'm a member of an international hacker group.

    As you could probably have guessed, your account * my email address * was hacked, because I sent message you from it.

    Now I have access to you accounts!
    For example, your password for * myEmail address * is * myUraltPasswort *
    Within a period from July 17, 2018 to October 3, 2018, you were infected by the virus we've created, through an adult website you've visited.
    So far, we have access to your messages, social media accounts, and messengers.
    Moreover, we've got full damps of these data.

    We are aware of your little and big secrets ... yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know ..

    But the key thing is that sometimes we record you with your webcam, syncing the recordings with what you watched!
    I think you are not interested show this video to your friends, relatives, and your intimate one…

    Transfer $ 800 to our Bitcoin wallet: 14bXUoPwruptLamUfKTuMW39Qy1q4ohX9w
    If you don't know about Bitcoin please input in Google “buy BTC”. It's really easy.

    I guarantee that after that, we'll erase all your “data”

    A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

    Your data will be erased once the money is transferred.
    If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

    You should always think about your security.
    We hope this case will teach you to keep secrets.
    Take care of yourself.
    ---

    1. Yes, you did right too. But the blackmailer types are getting more and more creative and shrewd. I am sure that a lot of people take it for granted. Unfortunately…

  2. I got such an email today and after a first shock I remembered your article. For me it wasn't a password, but an older alias email address that was only used for very few things.
    I have printed out the mail and, on the advice of my web provider, filed a complaint with the police against unknown persons for blackmail ...
    Thank you for your blog, it is always helpful!

    1. Hello Heinz! Thank you for your feedback signal. I would be happy if you could tell me if the police found out anything. I don't even expect them to be able to determine anything. Most of the time these guys work through multiple proxies so you can only trace them back to some intermediate server in Bolivia or something. But maybe more will come out of it! LG! Jens

  3. “5. Keep calm and just delete the mail."

    Hm. Didn't iIeso also give the tip to inform the mail server and forward the extortion mail to it?

    1. These mails are usually sent via five corners and via foreign servers. If you write to someone there, it ends up in the rubbish bin anyway. You can save yourself that. It is difficult to defend yourself against companies that send advertising emails in Germany. You can imagine how good the chance is with these blackmail emails, which are primarily based on writing to millions of people. I see little chance ...

  4. It is well known that there is little chance of an explanation.
    I got the mail (ultimately) from my German server GMX.
    ... and shouldn't I inform them?

    1. They surely already know that they receive such emails. If a GMX address appears there as the sender, it does not mean that the mails were actually sent from there. Unfortunately, you can pretend a lot about what is not.

  5. A good colleague received an email like this yesterday evening and has been very insecure since then, because she was actually on a page with adult content.
    At first glance, the mail was sent from her own account (on second glance it was noticed that the name is spelled slightly differently) and was also provided with an old password.
    I took a picture of the mail and forwarded it to the police.
    They are mainly interested in the content of the mail and the BTC address, as that could be the only way to find out something ...
    We hope is real a fake…!
    Can she be 100% sure that she is safe?
    Greetings Daniel

    1. Hi Daniel! I think you can be sure. If the blackmailer really had something in hand, he would probably have sent along a little “proof”. But of course I can't give a 100% guarantee that it's "safe". You would have to examine the mail more closely. LG! Jens

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.