Scam warning – What should I do if I get an email like this?

05.02.19  |  Cybersecurity & Internet safety

It seems that not a week goes by without a large website provider having to send out an apologetic email to their customer base informing them of a data breach. Cyberattacks are now so commonplace that studies from April 2017 showed that nearly half of all UK businesses had been subjected to some form of attack within the past year, so it’s important that you’re aware of what to look out for.

We’ve written about this subject before and a lot of the detail in that article remains true today, but the email scammers and phishers get cleverer by the day and have discovered a new means of getting people to fall for their scams.

The scam relies on the idea that the vast majority of people use the same password (or variations of the same password) on lots of different websites, and rarely change them.

So what is it?

The victim receives an email claiming to be from a hacker, who says they have hacked into your computer and installed some sort of software that either records video from your webcam or records your browsing history – or both. To try and add credibility, the email usually contains a password, and it will often be a password that the victim has used (or still uses) – thus scaring them into thinking that the email is true.

The email will then go on to ask the victim to send payment in Bitcoin to a particular Bitcoin address, usually around £1,000 worth, and threatens to make public video recordings from your webcam if payment isn’t received within one day.

One example of such an email is below – there may be slight variations but they all follow a similar pattern:

Hi, stranger!

I know the [your password would be here], this is your password, and I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.You may not know me, and you are most likely wondering why you are receiving this email, right?

In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy (you know what I mean).

While you were watching video clips, my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.

Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.

What I’ve done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes … but strange for me and other normal people), and the second part shows the recording of your webcam.

What should you do?

Well, I think $795 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don’t know, look for “how to buy bitcoins” on Google).

BTC Address: 1JmMufLQMPrwvncWDKnKR3UQ3vpp7gDmbt
(This is CASE sensitive, please copy and paste it

You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).

If I don’t get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.

If you want to get proof, answer “Yes!” and resend this letter to youself.
And I will definitely send your video to your any 10 contacts.

This is a non-negotiable offer, so please do not waste my personal and other people’s time by replying to this email.


How do they do it?

The fact that the email contains a password that may be known to the victim is the frightening part, but this is also not too much to worry about. The reason they have the victim’s password is simply because the victim used that password on a website that has suffered a data breach, and that website’s user list is available to cybercriminals. Knowing that many people re-use passwords, they use a scattergun approach to fire an email off to everyone on the user list – they don’t need many people to fall for it and pay the “ransom” to make it worth their while!

What should I do if I do get an email like this?

Well, first of all, if you have received an email like this – don’t worry. It’s incredibly unlikely that your computer has been hacked – although if you notice unusual behaviour on your computer, then doing a malware scan can’t hurt.

The best thing to do if you get an email that contains a password you’ve used before is simple – on any website/service that you use that password, login immediately and change it. Ideally, use a unique password for all websites or use a password manager to keep track of them all.

We’ve had our clients report this scam to us a couple of times within the past few weeks, so although it started out around the middle of last year it’s seemingly doing the rounds again – so be on your guard, and if in doubt, send us a message.