Scam warning – What should I do if I get an email like this?

05.02.19 | Cybersecurity & Internet safety

It seems that not a week goes by without a large website provider having to send out an apologetic email to their customer base informing them of a data breach. Cyberattacks are now so commonplace that studies from April 2017 showed that nearly half of all UK businesses had been subjected to some form of attack within the past year, so it’s important that you’re aware of what to look out for.

We’ve written about this subject before and a lot of the detail in that article remains true today, but the email scammers and phishers get cleverer by the day and have discovered a new means of getting people to fall for their scams.

The scam relies on the idea that the vast majority of people use the same password (or variations of the same password) on lots of different websites, and rarely change them.

So what is it?

The victim receives an email claiming to be from a hacker, who says they have hacked into your computer and installed some sort of software that either records video from your webcam or records your browsing history – or both. To try and add credibility, the email usually contains a password, and it will often be a password that the victim has used (or still uses) – thus scaring them into thinking that the email is true.

The email will then go on to ask the victim to send payment in Bitcoin to a particular Bitcoin address, usually around £1,000 worth, and threatens to make public video recordings from your webcam if payment isn’t received within one day.

One example of such an email is below – there may be slight variations but they all follow a similar pattern:

Hi, stranger!
I know the [your password would be here], this is your password, and I sent you this message from your account.

If you have already changed your password, my malware will be intercepts it every time.You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy (you know what I mean).
While you were watching video clips, my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.
Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.
What I’ve done?

I made a double screen video.

The first part shows the video you watched (you have good taste, yes … but strange for me and other normal people), and the second part shows the recording of your webcam.
What should you do?
Well, I think $795 (USD dollars) is a fair price for our little secret.

You will make a bitcoin payment (if you don’t know, look for “how to buy bitcoins” on Google).
BTC Address: 1JmMufLQMPrwvncWDKnKR3UQ3vpp7gDmbt

(This is CASE sensitive, please copy and paste it
Remarks:

You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).
If I don’t get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.

However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.
If you want to get proof, answer “Yes!” and resend this letter to youself.

And I will definitely send your video to your any 10 contacts.
This is a non-negotiable offer, so please do not waste my personal and other people’s time by replying to this email.
Bye!

How do they do it?

The fact that the email contains a password that may be known to the victim is the frightening part, but this is also not too much to worry about. The reason they have the victim’s password is simply because the victim used that password on a website that has suffered a data breach, and that website’s user list is available to cybercriminals. Knowing that many people re-use passwords, they use a scattergun approach to fire an email off to everyone on the user list – they don’t need many people to fall for it and pay the “ransom” to make it worth their while!

What should I do if I do get an email like this?

Well, first of all, if you have received an email like this – don’t worry. It’s incredibly unlikely that your computer has been hacked – although if you notice unusual behaviour on your computer, then doing a malware scan can’t hurt.

The best thing to do if you get an email that contains a password you’ve used before is simple – on any website/service that you use that password, login immediately and change it. Ideally, use a unique password for all websites or use a password manager to keep track of them all.

We’ve had our clients report this scam to us a couple of times within the past few weeks, so although it started out around the middle of last year it’s seemingly doing the rounds again – so be on your guard, and if in doubt, send us a message.

↞ Previous article Next article ↠

Cookie	Duration	Description
__stripe_mid	1 year	Stripe sets this cookie cookie to process payments.
__stripe_sid	30 minutes	Stripe sets this cookie cookie to process payments.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__atuvc	1 year 1 month	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
__atuvs	30 minutes	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_3253734_2	1 minute	Set by Google to distinguish users.
_gat_UA-3253734-2	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
at-rand	never	AddThis sets this cookie to track page visits, sources of traffic and share counts.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
uvc	1 year 1 month	Set by addthis.com to determine the usage of addthis.com service.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
m	2 years	No description available.
xtc	1 year 1 month	No description