Don't Worry About This Email Scam - Even If You See Your Password In The Subject

With the evolution of all kinds of scams, we have reached a point in time where sextornionist is really a term that is being used for cyber-criminals who do extortion with new twists and turns for the sake of involving sex into it.

Normally people have seen them via email where sextortionists have tried blackmailing people in the following words “I know you did naughty/prurient thing X, pay me Y or I will tell Z.”

More often, some have also seen:
  • X claim they have evidence of what you have done via screenshots from your browser and your webcam
  • Y asks about $1,000 to be paid in a few days
  • Z goes in between ‘your closest friends’ and ‘everyone in your contacts
However, the details of the version of the scam we are talking about here goes something like this:

Beware a new Blackmailing email scam is making rounds, that claims to have your old hacked Password in the subject line

As you can see above that the crook is adamant about the fact that they have both browser screenshots and stolen webcam footage, along with how they have planted remote control over your computer, first of all such a malware does exist. It is known with the term RAT (Remote Access Trojan).

However, if you get any of such warning, most of the time this isn’t real. Crooks are just making up a story to scare you and make you pay.

You may also see crooks claiming to have infected your computer through the website you have visited once, that theoretically again is not possible, but that is just not the reality in your case.

The Biggest Trap - “Proof”

With everything stated above, the last evidence that crooks give to prove their point is the most dangerous. They convince you about having access to your computer by fooling you that they have password of yours. But the password they show is always the one that is years old or you might have changed more recently. In either case, you’re still safe.

Security researchers have explained it before and we would recommend the same, if you really want crooks to prove that they have the sneaky evidence then ask them to share the clip of alleged video with you, which we bet they won’t do because they don’t really have anything.

That password which you have changed long ago or is no longer valid is all that they have to scare you. The rest all is a bluff so don’t get trapped.

A Brief of How The Scam Works

Your old password becomes the subject line - the crooks want your attention and want to make sure that the mail shouldn’t be considered as spam.

The entire email is composed as an inline JPEG image with text spread inside it - Crooks again here ensure that they don’t get caught by anti-spam filters which analyze the textual context.


The Bitcoin Address where the crooks ask you to send the money is only a QR code and not the text string you might just be expecting - We assume that as crooks might have figured out that you can’t copy-and-paste text from an image, therefore they provide it as an image which you can scan with your phone.

Majority of the English Letters Get Replaced With Wrong Equivalents, Just With The Help of Accent or Modifiers - They might just be trying to make life harder for any optical character recognition software to be used along the way.

Crooks say they will send you the real video as a proof, but only to your 11 closest friends - A simply absurd offer that would occur simultaneously to make sure that you stop them from spreading the so-called video by paying them.

How To Save Yourself?

Delete And Forget The Email - While of course we do understand that such an email can scare anyone, your job is to delete and then ignore it. You can’t control what other people send you but you can control what you receive and how you react to it.

Never Send Any Money - The Bitcoin address in the email has received five payments but none of them corresponded to amount demanded and as per the BTC exchange rates.

Don’t Respond At All! - You shouldn’t indulge yourself into testing the genuin-ness or credibility of crooks. They are bluffing from the word go and you should not play with them.

Change the Password That Has Come Out In The Subject Line - If you think you have the same password on any of your social media account or you have just superficially changed it then it’s time to revise your attitude towards password and go for unique ones for each platform. You can also go for password managers for further ease.

Never Follow the Instructions In The Email Out of Fear - If you are unsure about any link, a demand or an attachment, you should ask someone in person for advice.

Read next: The Significant Increase In Social Media Impersonation Attacks And How To Protect Yourself From Them

Hat Tip: Naked Security by Sophos.

Featured photo: Shutterstock

No comments:

Post a Comment