This is a very nasty scam/blackmail attempt using email to get to people.
You receive an email with your password in the title.
The email starts ‘Let's get straight to the point. I know **** is your pass word. Most importantly, I'm aware about your secret and I have evidence of this. You do not know me and no one paid me to examine you. ‘
That sets the scene for the blackmail attempt and is intended to cause shock and fear.
The password quoted in the title may be your current password, or it may be an old password you previously used, or it may be incorrect.
If it’s genuine then change the password on your account immediately, then change the password for any other account that uses the same login and password.
If it’s an old password that you no longer use then it still may be sensible to change your current password.
If it’s an incorrect password that you don’t recognise then the scammer made a mistake and you are fortunate.
How did the scammer get my password?
The most likely answer in the case of these messages is that the scammer bought your details from a hacker who had access to the email and password data from a major data breach. It could have been through other methods including social engineering, but this is much less likely for these specific emails.
There is a website that maintains lists of all email addresses affected by data breaches. It is at https://haveibeenpwned.com/ and can be used safely. If your email address shows up as having been in a data breach then you know the likely source of email data used to send you the message.
The message continues, building up the shock factor – “It's just your misfortune that I came across your misadventures. The truth is, I placed a malware on the adult vids (pornographic material) and you visited this web site to have fun (you know what I mean). While you were watching videos, your browser began working as a Remote desktop that has a key logger which gave me access to your screen and also web cam. Just after that, my software obtained your complete contacts from Facebook, as well as email.
“I generated a double-screen video. First part displays the video you had been watching and other part displays the recording of your cam (its you doing inappropriate things)”.
“First Option is to ignore this e-mail. I definitely will send your video to all your contacts including close relatives, colleagues, and many others. It does not shield you from the humiliation your household will face when family and friends learn your dirty details from me. “
“Option 2 is to send me $ 2900. We will name this my “privacy fee”. Your secret remains your secret. I'll erase the recording immediately. You move on with your daily life that nothing like this ever occurred.”
Amount to be sent: $ 2900
Receiving Bitcoin Address: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
I've a specific pixel within this e-mail, and at this moment I know that you've read through this e mail. You now have 24 hours in order to make the payment. If I don't receive the BitCoin, I will, no doubt send out your video recording to all your contacts including friends and family, co-workers, and so on. You better come up with an excuse for friends and family before they find out. However, if I receive the payment, I'll erase the video immediately. It's a non-negotiable offer, so do not waste my personal time & yours. The clock is ticking.
Now you can see how the email threat is constructed to push people into reacting without thinking and to pay the money in hope that any such videos etc. will be deleted. Criminals don’t stick to agreements of course or they wouldn’t be criminals.
THIS IS ALL FAKE except for the email password specified in the email title.
The technical stuff about Remote Desktop etc. is all fake.
There are no videos.
The criminal does not have access to your PC
BUT, if that password is real then you must change it immediately and check if the scammer has used that password for any other criminal purposes.
What Can You Do?
1. Change your email password
2. Change the password for any accounts using the same password
3. Report the blackmail attempt to the Police and/or Action Fraud
4. Report the crime to your email provider
5. Report the crime to the email provider of the criminal e.g. if the message arrives from a Yahoo account then report the problem to Yahoo
If you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.