A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer’s webcam. The attackers then demand $1,900 in bitcoins or the video will be sent to family and friends.
BleepingComputer has been reporting on these scams since the summer of 2018 when they started to be sent by scammers.
While many would disregard these emails, some have been so concerned that a video would leak that they sent payments to the scammers. In the first week that these extortion emails began to be sent out, concerned recipients sent over $50,000 in bitcoin to the attackers.
Since then, threat actors have created different types of email extortion scams including one that pretends to be hitman contracts, bomb threats, CIA investigations, threats of installing ransomware, and just recently, threats to infect your family with the Coronavirus.
Today’s campaign revisits old campaign
In today’s email extortion campaign, the attackers have gone back to basics and have started emailing people stating that their computers were hacked, a video was taken using their webcam, and that they know their passwords.
The listed passwords are in many cases actual passwords used by the recipient in the past, but the attacker does not know them by hacking your account, but rather through leaked data breaches shared online.
Due to today’s campaign, BleepingComputer began to receive numerous emails from recipients where they shared samples of the extortion emails being sent.
These emails are very similar to our original article regarding these scams and below you can see one of the extortion emails that was sent to us today from a reader.
The text of these emails can be read below.
I know, xxx, is your password. You don't know me and you're thinking why you received this e mail, right? Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account. What exactly did I do? I made a split-screen video. First part recorded the video you were viewing (you've got a fine taste haha), and next part recorded your webcam (Yep! It's you doing nasty things!). What should you do? Well, I believe, $1900 is a fair price for our little secret. You'll make the payment via Bitcoin to the below address (if you don't know this, search "how to buy bitcoin" in Google). BTC Address: bc1qzl2qlywq8fzfm49e7mvsuz4yvpdwpzfqs5g85r (It is cAsE sensitive, so copy and paste it) Important: You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this...