A rash of sextortion scam emails has been making the rounds since August. There have been several articles from top security sites talking about it. However we have evidence that the list that these perps used was stolen Twitter data.
Here is what the scam email looks like:
I do know XXXXXX one of your pass. Lets get right to purpose. None has compensated me to check about you. You do not know me and you’re probably wondering why you’re getting this e-mail?
in fact, i actually placed a malware on the 18+ streaming (sexually graphic) website and do you know what, you visited this web site to have fun (you know what i mean). While you were viewing video clips, your web browser started functioning as a RDP that has a key logger which provided me with access to your display screen and also web cam. after that, my software gathered your entire contacts from your Messenger, FB, as well as email . and then i made a double-screen video. 1st part displays the video you were viewing (you have a fine taste haha . . .), and second part displays the recording of your cam, and its you.
You will have not one but two possibilities. We will understand each of these options in details:
First choice is to neglect this e mail. in this situation, i will send your actual video clip to almost all of your personal contacts and then think about regarding the disgrace you can get. and definitely if you are in a committed relationship, just how it is going to affect?
Second choice is to pay me $3000. We are going to regard it as a donation. in this scenario, i will immediately delete your videotape. You will carry on with daily life like this never occurred and you will not ever hear back again from me.
You’ll make the payment via Bitcoin (if you don’t know this, search for ‘how to buy bitcoin’ in Google).
BTC address: 1D6SA7CjM36Csd5Fr4Y2BpY7o4zWLepbLD
[CaSe SeNSiTiVe copy & paste it]
if you may be curious about going to the cop, well, this email message can not be traced back to me. I have taken care of my actions. i am not attempting to charge you very much, i want to be rewarded. You now have 48 hours in order to make the payment. i’ve a special pixel in this email, and right now i know that you have read through this e mail. if i do not get the BitCoins, i will, no doubt send out your video recording to all of your contacts including members of your family, co-workers, and so on. Having said that, if i do get paid, i’ll destroy the video right away. if you need proof, reply with Yes! then i will send out your video to your 9 friends. it’s a nonnegotiable offer and so don’t waste my time and yours by responding to this mail.
This email was sent to one of our users. He pointed out that the email was sent to an account he only used for Twitter and that the password was changed some time ago. No other account used this password.
Our advice if you get a sextortion email?
You can just forget it if you had changed your passwords or you can go on and get your password changed. No one has anything to extort from you and these jokers are just that, jokers. They play on your paranoia and hope for the best – a sort of shotgun approach using “a sucker born every minute” mime.
Another interesting note is that the emails are coded. While you think the email is normal if you look at the source and you will find it has used special characters to form characters. Another ploy to make you think your data is not safe.
Do not send them bitcoins! If you want to donate bit coins send them to me! I work FOR you.