Scam Email Alert
We have had reports come into us over the past months regarding this SPAM mailer attempting to scare users. This scam has been around for a year or so, but has really seen a large increase since the Collection series of leaks (which you can read about in more detail here).
This scam email has the title:
Security Notice. Someone has access to your system.
So this scam, attempts to convince you that someone has access to particular account of yours or access to your computer system, by displaying an email address and a password that you would have used.
They then claim they accessed your computer while you were visiting an adult internet site and will publicly release a video of you watching adult material unless you pay a fee. By presenting you with “accurate” information; it is supposed to get your attention and lead you to think that they really do have access to one of your accounts. This is not necessarily the case.
This is a sample of one reported to us, yours may look very similar:
Hi! As you may have noticed, I sent you an email from your account. This means that I have full access to your account: At the time of hacking your account(XXXX@XXXXX.XXX) had this password: XXXXX You can say: this is my, but old password! Or: I can change my password at any time! Of course! You will be right, but the fact is that when you change the password, my malicious code every time saved a new one! I've been watching you for a few months now. But the fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence from e-mail and messangers. Why your antivirus did not detect my malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use. If you want to prevent this, transfer the amount of $794 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin"). My bitcoin address (BTC Wallet) is: 15G9wyGRDssFXsfwEm1ihdJs2xabVPDu68 After receiving the payment, I will delete the video and you will never hear me again. I give you 48 hours to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed. Bye!
With this scam, the fraudsters are trying to catch the low hanging fruit and do not have access to your account.
What they are doing is using information collected in hackers data files on the internet that come from a recent or hack on an application. These data files contain usernames and passwords that hackers use for Credential Stuffing – so thats why the password in the mail WILL be a password that you would have used somewhere before along with your email address.
The email lists a “Bitcoin Wallet” address for you to send money to.
DO NOT SEND ANY MONEY.
The first 3 things that you should do:
- Find every website and service where you have ever used that password and change it NOW on every single one of them
- When changing your passwords – use strong passwords, finding and using a password Manager should be something you should consider at this point
- Never reuse passwords, always have a different password for every website and service you use; this also means – NEVER use the password you have for your email account for anything else
If you have received any spam email like this – please let us know on our Facebook Group
If you do suffer from a hacked account, read more on your next steps on our advice article here.