• Home >
  • Blog >
  • A New “Sextortion Scam” Uses Your Hacked Password

A New “Sextortion Scam” Uses Your Hacked Password

  • Updated on July 18, 2018

I think you’ll agree that one of the craziest and scariest things you can hear is that someone will post a sex video of you or expose a deep secret online unless you pay them money.

What!!! Me?!!

According to the FBI, sextortion (sex+extortion) is a serious crime that occurs when someone threatens to distribute private or sensitive material about you if you don’t provide them images of a sexual nature, sexual favors, or money.

Now, you’re probably thinking it can’t happen to you because you’re not into that sort of thing; but a new email scam might have just the right approach to make you believe there’s something to be worried about…especially if you ever dated someone who talked you into some provocative photos, X-rated or not—or if you have some reason at all to believe some unflattering information about you might be out there.

That’s how this new scam works.

How do I know?

Because someone tried to trick me into believing they had damaging information about me!

The sextortion scam in action.

I recently received an email that took me by surprise.

It said they had hacked into my computer and used my webcam to record a video of me while I was supposedly watching porn.

They also told me that and unless I paid a ransom in Bitcoin, the recording they made will be released to all my contacts.

The clincher? They claimed they had “proof” of my actions

The subject line of the email referenced a real (but very old) password I used for an online account.

The entire email was a hoax. It is a scam that this hacker will send to email addresses that have one thing in common: their email accounts were stolen sometime in the past…as mine was once.

Below is the copy of the scammer’s email:

SUBJECT: {name} - {redacted password}

It seems that, {redacted password}, is your pass word. You do not know me and you're most likely thinking why you're getting this e-mail, right?

actually, I actually setup a malware on the adult vids (pornography) site and there’s more, you visited this web site to have fun (you know what I mean). While you were watching videos, your web browser initiated operating as a RDP (Remote Desktop) with a keylogger which gave me access to your display screen and also web cam. Just after that, my software obtained your complete contacts from your Messenger, Facebook, and email.

What exactly did I do?

I made a double-screen video. First part displays the video you were viewing (you have a good taste lol), and second part displays the recording of your webcam.

exactly what should you do?

Well, I believe, $2900 is a reasonable price for our little secret. You will make the payment via Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address: {redacted bitcoin address}
(It is cAsE sensitive, so copy and paste it)

Note:
You now have one day to make the payment. (I’ve a unique pixel within this e mail, and at this moment I know that you have read this message). If I don’t get the BitCoins, I will send out your video recording to all of your contacts including family members, colleagues, and so on. However, if I receive the payment, I will destroy the video immidiately. If you want evidence, reply with “Yes!” and I will certainly send out your video to your 5 contacts. This is a non-negotiable offer, and so don’t waste my personal time and yours by replying to this mail.

A new wrinkle, but still a total scam.

Blog readers all over the internet have reported receiving different versions of this sextortion email – but always with the same format and Bitcoin element. They also confirmed that the password referenced in the email subject was previously linked to an online account associated with their email address and that the email sender used an Outlook account.

Now, some of us can take one look at this and easily spot the grammatical errors and misspellings that are the hallmark of email scams.

Additionally, we can recognize this for the scam that it is and dismiss the threat for the simple reason that we don’t visit porn sites.

But what about those who do happen to visit adult sites—which certainly isn’t news they would want the world to know.

You can imagine how real the threat seems for them. But they should know their knee-jerk fear is what the scammer is counting on.

There is no real threat.

Even though there is a reference to a pixel/image (“I’ve a unique pixel within this e mail, and at this moment I know that you have read this message”), that is actually not the case. There are no image pixels in the email I received.

The email isn’t based on anything the intended victim has actually done. There is no evidence. There was no webcam video, no proof of anything.

It’s all a lie.

At best, this is a semi-automated phishing scam. It’s very likely that your username and password was mined from a previous data breach of a popular website. In short, you’re receiving the same email as a million other users.

As this scam gets refined, it’s possible that more current username and password will be used, along with other personal information gathered from social media accounts, to make the hacking threat appear more credible.

How can you stay safe?

First, don’t fall for this sextortion scam. It is a total hoax and don’t let it scare you.

But it does bring up another issue that’s related—that is, be careful what you do share online.

Prevention is key.

  • Don’t take compromising images of yourself. If you do, never send them to anyone – not even your spouse or significant other. They are not hack-proof and traditional sextortion cases are usually perpetrated by bitter exes.
  • Turn off and/or cover any web cameras when you are not using them. They can be hacked.
  • When using social media apps for video chat, use security features like Viber’s secret chat, which doesn’t allow users to take screenshots. You can also set messages to “self-destruct” after a set period of time.

If you believe you’re a victim of sextortion or know someone who is, contact your local FBI office or call toll-free at 1-800-CALL-FBI.

You can check for user-credential breaches associated with your email addresses at https://whatismyipaddress.com/breach-check

If you find compromised accounts, change the password of the account that had the breach.

Finally, you should use password managers such as 1Password, LastPass, or Dashlane.

Update

According to an article on BleepingComputer over $50,000 has been paid to the scammer.

Picture of <span>About The Author</span>Chris Parker

About The AuthorChris Parker

Chris Parker is the founder of WhatIsMyIPAddress.com, one of the world’s most popular websites for online privacy and security with over 13 million monthly visitors. He is also the host of the Easy Prey podcast, where he interviews experts and survivors to uncover the tactics behind scams, fraud, and digital manipulation. Chris is the author of Privacy Crisis: How to Maintain Your Privacy Without Becoming a Hermit, a practical guide to protecting personal information in today’s surveillance-driven world. His work has been featured on ABC News and numerous podcasts, making him a trusted voice on how to stay safe, secure, and private online.
Share Post:

INSIGHTS YOU

MAY ALSO LIKE

Social Engineering – Don’t let anyone manipulate you

You play a role in preventing social engineering. So, just what is social engineering? It’s a vague term that’s used for online shenanigans and…

View Post

11 Ways People Can Get Your IP Address

If you think that only your Internet Service Provider (ISP), such as Cox Cable or Verizon, knows your IP address, think again. (Your IP…

View Post
APC AP9630 Network Management Card

How To Reset an APC AP9630 / AP9631 to DHCP Mode

This post was moved over from an old blog of mine that I’ve since taken down. Several years ago I purchased an APC AP9630…

View Post

WHAT PEOPLE SAY

ABOUT CHRIS

“In a world where your data is constantly mined, shared, and sold, Chris Parker delivers a tactical, empowering roadmap to take back control. This isn’t just theory. It’s a step-by-step manual for protecting your privacy, escaping the surveillance economy, and living with true autonomy.

If You’re a lifestyle investor or entrepreneur looking to protect your assests, your family, or your freedom, this book is your wake-up call.

I recommend these books to anyone who values freedom, legacy, and the power of living life on your terms.“

justin-donald
— Justin Donald, #1 WSJ and USA Today Best-Selling Author, 
Founder of The Lifestyle Investor, Host of The Lifestyle Investor Podcast

“In today’s AI-driven world, where so much of our communication is inauthentic, Privacy Crisis serves as an essential guide to reclaiming control over your personal information.Chris Parker confronts the unsettling reality of how our everyday details are used by companies 
to market to us, and worse, by hackers to spy on us and steal from us. Yet digital data is everyone’s reality, and Data Rightsdelivers a balanced message of empowerment without paranoia. The book’s core message – privacy isn’t about hiding; it’s about choosing what we reveal and to whom – is an essential message for everyone, making this book a must-read.“

sam Ritcher 1
— Sam Richter, World-Renowned Expert on AI-Powered Digital Information, Award-Winning Hall 
of Fame Speaker and Bestselling Author

“As the assaults on our privacy become more frequent and sophisticated, we need someone like Chris Parker to help us navigate the landscape of our new reality. In ‘Privacy Crisis,’ Chris dishes out valuable, common sense solutions everyone can understand and put to immediate use.

sam Ritcher 3
— Steve Lazarus, Retired FBI Agent and award-winning author

“In a world where everything we do online leaves a digital footprint, Privacy Crisis is an essential guide to reclaiming control. Chris Parker masterfully demystifies the complexities of data privacy with practical strategies and a refreshing, no-nonsense approach. This book doesn’t just warn you about the dangers—it equips you with the tools to protect yourself without living in fear.“

sam Ritcher 2
— Nir Eyal, bestselling author of Indistractable and Hooked

“The essential manual for protecting yourself in the digital age! Chris Parker masterfully breaks down complex privacy concepts into actionable steps for everyday users.

sam Ritcher 5
— Robert Allen, #1 New York Times Bestselling author of Creating Wealth, Multiple Streams of Income, and Nothing Down

We all need to protect our digital privacy. This book provides real-world examples and the guidance we need to protect ourselves and our loved ones.“

sam Ritcher 6
— John Lee Dumas, Author of The Common Path to Uncommon Success & Host of Entrepreneurs on Fire podcast

DOWNLOAD CHRIS’ BOOK

PRIVACY CRISIS

DOWNLOAD YOUR FREE PDF, MP3, and workbook by entering your details below.

We respect your privacy. 

Don’t want to share your email?

DOWNLOAD anonymously

Privacy Policy

Privacy Policy

This following document sets forth the Privacy Policy for this website.

Collection of your personal information

We collect Non-Personally Identifiable Information from visitors to this Website. Non-Personally Identifiable Information is information that cannot by itself be used to identify a particular person or entity, and may include your IP host address, pages viewed, browser type, Internet browsing and usage habits, advertisements that you click on, Internet Service Provider, domain name, the time/date of your visit to this Website, the referring URL and your computer’s operating system.

Free offers & opt-ins

Participation in providing your email address in return for an offer from this site is completely voluntary and the user therefore has a choice whether or not to disclose your information. You may unsubscribe at any time so that you will not receive future emails.

Sharing of your personal information

Your personal information that we collect as a result of you purchasing our products & services, will NOT be shared with any third party, nor will it be used for unsolicited email marketing or spam. We may send you occasional marketing material in relation to our design services.

What Information Do We Collect?

If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses.

Cookie Based Marketing

Some of our advertising campaigns may track users across different websites for the purpose of displaying advertising. We do not know which specific website are used in these campaigns, but you should assume tracking occurs, and if this is an issue you should turn-off third party cookies in your web browser.

How Do We Use Information We Collect from Cookies?

As you visit and browse Our Website, the Our Website uses cookies to differentiate you from other users. In some cases, we also use cookies to prevent you from having to log in more than is necessary for security. Cookies, in conjunction with our web server log files or pixels, allow us to calculate the aggregate number of people visiting Our Website and which parts of the site are most popular.

This helps us gather feedback to constantly improve Our Website and better serve our clients. Cookies and pixels do not allow us to gather any personal information about you and we do not intentionally store any personal information that your browser provided to us in your cookies.

IP Addresses

P addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as traffic data so that data (such as the Web pages you request) can be sent to you.

Sharing and Selling Information

We do not share, sell, lend or lease any of the information that uniquely identify a subscriber (such as email addresses or personal details) with anyone except to the extent it is necessary to process transactions or provide Services that you have requested.

How Can You Access and Correct Your Information?

You may request access to all your personally identifiable information that we collect online and maintain in our database by using our contact page form.

Changes to this Privacy Policy

We reserve the right to make amendments to this Privacy Policy at any time. If you have objections to the Privacy Policy, you should not access or use this website. You may contact us at any time with regards to this privacy policy.