The scam blackmails you into sending bitcoin: if you send $1,200 or $1,600 worth of bitcoin to an anonymous address as requested, then the hackers will not release an illicitly-obtained video recorded from your webcam.
The email-based scam is frighteningly effective. In fact, it has already reportedly raised over $50,000. You can see for yourself by checking bitcoin blockchain addresses linked inside the scam emails on a blockchain explorer.
One of the most attention-grabbing things about the scam is the initial email. The first email sent from the hackers will include one of your old passwords in the subject line.
The email claims your computer has been hacked. The hackers will post an old password as proof. These old passwords may have been obtained from any number of leaks over the years. The leaks are connected to your email, so you naturally think your computer has been hacked.
Here’s where things get nasty: the hackers will claim to have hacked your computer and secretly recorded a video of you watching porn. The hackers will release that video to your friends, relatives, and anyone else in your contact list – unless you send a large amount of bitcoin.
The disturbing hacking attempt was recently discussed by Business Insider. Some of the key details of the scam include:
- The subject line will include a password you have probably used at some point in the past
- That password will have been obtained from a leaked list of email addresses and passwords, like any one of the millions of records leaked every year by websites like Yahoo
- The email will claim to reveal your adult website-viewing habits and send videos to all your contacts unless you send them $1,200 to $1,600 worth of bitcoin
- The email will feature a bitcoin address
In the email, the attacker will claim that he or she created “a double-screen video”; the two screens of the video show the video you were watching (the pornography) as well as a clip of yourself from the webcam
The email will contain sentences like, “I believe $1200 is a fair price for our little secret. You’ll make the payment through bitcoin.”
The attacker will tell you that you have one day to make the payment. If you don’t make that payment within 24 hours, according to the hacker, the video will be leaked to your contacts.
In reality, nothing will happen if you miss the deadline.
Obviously, the attackers don’t have “double screen video” of you, nor do they have access to your contacts. All they have is a copy of your email address and your password. They’re leveraging that information into convincing you that they’ve hacked your computer. In reality, they don’t have any dirt on you – but it’s a convincing attack nonetheless.
And yes, people have already fallen for the scam. Bleeping Computer reports that some bitcoin wallets linked to the scam have already received over $50,000.
The scam appears to be automated. This isn’t a spear phishing operation. Instead, the attackers are sending emails en masse to people who have had their passwords leaked in recent data breaches.
If someone approaches you demanding money in exchange for not releasing an email, then ignore it: unless your computer has really been hacked or your neighbour has a really good telephoto lens, it’s unlikely anyone has a video of you enjoying some adult entertainment on your computer.