Sextortion By Email

[UPDATED BELOW 7-2-19] During the Summer of 2018, several men have sent us a series of emails they received from random and unknown email addresses.  Each email claims to have installed malware onto the victim’s computer and is monitoring and recording what the victim is doing.  Each email claims to have recorded the victim in sexual activity and threatens to expose (no pun intended) the victims actions on the Internet and to friends/family UNLESS the victim pays money in bitcoins to the extortionist.  Each of the men who sent us the emails below told us that he wasn’t worried and knew it was a scam because he hadn’t visited any adult-content websites! Also, one man received two of these emails just hours apart, from different email addresses and asking for different amounts of money.  This was a mass emailing trick hoping to find a victim.

During the months we’ve been hearing about this scam, this email scam has been evolving slightly.  The third email below, received on July 10, suggested to the recipient that the extortionist must be speaking the truth BECAUSE he knew one of the victims passwords.  While this may be true, it is just a very clever trick!  The extortionist has been on the “dark web” purchasing or looking up stolen passwords associated with email addresses, and then targeting those email addresses!  You can find out if any of your passwords are available for sale or free on the dark web by visiting “HaveIBeenPwned.com”

June 25, 2018:

 

June 29, 2018:

July 10, 2018:

UPDATE January 18, 2019:
On January 18, we logged into our TDS email to find seven emails waiting for us from various anonymized email addresses sent from servers in Mali, Central African Republic, Georgia (country), and Equatorial Guinea.  They were sent between 2:42 and 6:27 AM EST. (Because of the hours over which these emails were sent, we think the sender is likely telling the truth when he says that he doesn’t live in the United States.) The subject lines were all essentially identical, saying “Hi perv, I recorded you masturbating! I have captured ‘[email name].mp4’ !”  Each of the seven emails were also nearly identical, beginning with “THIS IS NOT A JOKE –  I AM DEAD SERIOUS!” but sent to different email addresses we’ve used for The Daily Scam. (We use many email addresses for different purposes.) . The emails came from…

charlsie747@j.anwjeritng.ml
felicia-999@f.anonym0u5hacked.ga
margit138@b.wertgewds.ml
marshall97@d.anonym0u5-hacked.cf
quinton.415@h.anonym0u5hacked.gq
seymour359@g.anwjeritng.ml
shin.337@e.anonym0u5hacked.ga

The website BitcoinAbuse.com has documented dozens of these anonymous email addresses being used by scammers to extort money from people and demanding payment via Bitcoins. Below is one sample of these seven emails. The “anonymous hacker” claims to have captured a very embarrassing video of one of us and is demanding $2,000 to be sent to his Bitcoin account within 72 hours or he will “send your masturbation video to ALL Your FRIENDS AND ASSOCIATES from your contact list.”  This is a nasty scam AND NONE OF IT IS TRUE…

Here is why this email is not true and just a very nasty trick…

  1. First of all, Mr. Anonymous Hacker claims to have a video that could not possibly exist.  You’ll have to take our word for it.  If he had such a video, he would post it and send us a link to show he can follow up on the threats he makes.  Sadly, we have heard from men who are being extorted for money by REAL extortionists who have REAL videos.  In every real case, the criminal shows the victim that he can make good on this threat by showing him the REAL video.  Anyone who has contacted us about these scary emails has NEVER been shown a REAL video.  These emails are bluffs!
  2. There is no malware installed on our computers.  Given the work we do every week investigating threats for our readers, you can imagine the many layers of up-to-date security we use to protect ourselves from exactly such threats. (However, according to the tech consumer site, BGR, and other sources, there has been malware dubbed “Fruitfly” (discovered in 2017) that was capable of turning on Apple’s built-in cameras and making recordings, until a patch was installed to remove that vulnerability.  Similar vulnerabilities have been discovered on Windows PCs as well. –USAToday article)
  3. If this hacker had truly compromised our computer and captured our “email contact lists and list of your friends on Facebook” then he would easily know our name rather than address us as “Hi perv.”  Also, as proof of what he had done, he could at least name a few folks on our contact list or Facebook account. We know this is total BS because we don’t keep any contact lists on our computer! Mr. Hacker has given us no evidence that he has any lists or contacts of ours.  It’s important to note that even IF he had named people, he could easily have found those names listed on our social media accounts (including LinkedIn or Facebook) if they are open to the public, or listed on websites of the places we work or have worked. Also, a quick search using a service like Spokeo.com can reveal who we are related to, likely phone numbers and even email addresses.  Anyone with mediocre search skills can find this information about anyone anyway! The hacker’s claim proves nothing!

Mr. Anonymous Hacker says that when we pay the extortion fee in full, he will remove the files and deactivate his program.  We presume he means the embarrassing video and the supposed malware used to capture them. And we’re supposed to trust him to do this?  From the HUNDREDS of extortion victims we’ve heard from, we’ve learned something very important and very consistent about these types of scams… Anyone who pays these bastards will be asked to pay again and again, until the victim stops paying.  We know of one man in early 2018 who paid his extortionist a total of $6000 over several months before he finally stopped on his own.  Don’t pay these scammers!  If you do, it is practically a guarantee that you’ll be paying again, and again…

True to his word, Mr. Anonymous Hacker contacted us 72 hours later from the ten email addresses below to say that our time was up, unless we needed another 48 hours to come up with the money.  How kind of him!  He’s offering an extension!

 

waltraud529@a.anonymous-observer.gq
kimi283@i.anonymous-hacker-group.cf
alexia.22@b.anonymous-hacker-groups.ml
hortense_885@e.anonymous-hacker-group.cf
shanice-195@b.anonymous-hacker-group.ga
virgina-98@d.anonymous-hacker-group.gq
barbara_701@i.anonymous-hackers-group.ml
joana.903@h.anonymous-hackers-group.gq
deandrea465@b.anonymous-hacker-group.cf
solomon922@a.anonymous-hackers-group.gq

Lawrence Abrams of BleepingComputer.com published an update about this extortion scam.  Apparently, at least $50,000 was paid to the scammer in one week alone.  Read the details here at Bleeping Computer.

Read about a new and similar form of extortion targeting people by tricking them into thinking their smartphones have been recording their activities: Phone Malware Recording You

UPDATE 3-11-19:
Apparently, Mr. Anonymous Hacker is back at it again!  On March 8 we received 4 identical emails from this scammer all threatening to expose a video of us that doesn’t exist.  And today, 72 hours later, he followed up with 3 more emails threatening to make good on his threat (which is redundant) BUT, once again, giving us a 48 hour extension if we need the time to get our money in order!  What a nice guy.

ATTN: snapleakstory@thedailyscam.com

Hi there,

The last time you visited a porn website with teens, you downloaded and installed the software I developed.

My program has turned on your camera and recorded the process of your masturbation.

My software has also grabbed all your email contact lists and a list of your friends on Facebook.

I have the – Snapleakstory.mp4 – with you jerking off to teens as well as a file with all your contacts on my computer.

You are very perverted!

If you want me to delete both the files and keep the secret, you must send me Bitcoin payment. I give you 72 hours for the payment.

If you don’t know how to pay with Bitcoin, visit Google and search.

Send 2.000 USD to this Bitcoin address as soon as possible: 39E7xdyFLFmLHnoceg75Uzxg7uRHFAXXWz
(copy and paste)

1 BTC = 3,850 USD right now, so send exactly 0.520973 BTC to the address provided above.

Do not try to cheat me!
As soon as you open this Email I will know you opened it.
I am tracking all actions on your device.

This Bitcoin address is linked to you only, so I will know when you send the correct amount.
When you pay in full, I will remove both files and deactivate my program.

If you don’t send the payment, I will send your masturbation video to ALL YOUR FRIENDS AND ASSOCIATES from your contact lists I hacked.

Here are the payment details again:

Send 0.520973 BTC to this Bitcoin address:

—————————————-
39E7xdyFLFmLHnoceg75Uzxg7uRHFAXXWz
—————————————-

You саn visit police but nobody can help you. I know what I am doing. I don’t live in your country and I know how to stay anonymous.

Don’t try to deceive me – I will know it immediately – my spy software is recording all the websites you visit and all keys you press. If you do – I will send this ugly recording to everyone you know,
including your family.

Don’t cheat me! Don’t forget the shame and if you ignore this message your
life will be ruined.

I am waiting for your Bitcoin payment. You have 72 hours left.

Anonymous Hacker

Below are the email addresses used by this scammer for this March threat:

tiffani996@a.aan0nymous.tk
willene-610@b.aan0nymous.tk
elease_136@g.aan0nymous.ga
evonne543@a.an0nymouss.cf
zackary-536@f.y0u4r3h4ck3d.gq
aleta.476@a.hacking4life.cf
renay.339@a.hackingtoday.ml
lenna.84@c.hackingtoday.ga

UPDATE 4-6-19:
These extortion threats are real but they continue to target people at random, including via text.  One woman sent us a series of texts she received early in April that we have consolidated into one long text.  The criminal who sent it seemed to have trouble completing this train of thought but you get the idea…

And then a few days later we received yet another extortion email similar to those above and coming from the email address “charleslehman “@” i.privprotect.ga.”  We just continue to ignore them!

UPDATED 7/2/19:
Here is another variation of this scam, sent to us by a TDS reader on July 2, 2019.  We are assured by our reader that this cannot be true and is just an empty threat beginning with “your computer was infected with my private malware, because your browser wasn’t updated / patched…”