“I know you are a such-and-such person. I know your password. To avoid jail time, send me $2000 in Bitcoin.” If you receive such an email, what’ll be your reaction? Sextortion is back in a new format!
Online sextortion has a new format. Earlier, you’d just get a threat saying that the hacker has compromised your computer and has a sex clip of you. Many hackers would lay a Phishing bait saying your social life is in danger because of a video clip that the hacker has taken via your laptop’s camera. When people called out the bluff, such messages decrease.
Today, cybercriminals use a new format to scare people. Such emails now list your password in the subject line of the email so that you panic and send the hackers some money to their bitcoin accounts.
Sextortion – I know your password
If a sextortion email saying I know your password comes to your inbox, there is no need to panic. Just change your passwords on sites you use. You might ask how they got your password. It is just a gimmick to make you pay.
In the last few years, there have been many breaches on secure sites like LinkedIn, Bitly.com, and Dropbox. Some information was accessed, copied by the hackers and posted to websites like Pastebin where anyone can check them out. The sextortion guys get your password from such a repository and claim that they’ve hacked your email to procure details of your email contacts.
To know if your email ID was breached, go to HaveIBeenPwned.com website and check there. Use all email IDs you use or have created. Most probably, the cybercriminals might be picking up data from data dumps of social media breaches.
I will post a similar email I received a few days ago.
Yeah. I know you are a blah-blah.
Actually I know way more about you than you think.
I am a computer scientist (internet security specialist) with affiliation with the Anonymous group.
Few months ago you downloaded an application. That application had a special code implanted purposely.
Since the moment you installed it, your device started to act like a Remote Desktop I was able to access anytime.
The program allowed me to access your desktop, your camera(s), your files, passwords and contact lists. I also know where you live and where you work..
I was observing you for quite some time and what I have collected here is overwhelming.
I know about your $$xual preferences and your interest in young bodies.
I have secured 4 video files clearly showing how you $$$bate (captured from your camera) to young teenagers (captured from your internet browser).
Glued together is a pretty overwhelming evidence that you are a $$$phile.
The timestamps on the video files indicate the exact times:
20_1562209548.mp4 (58.5 MB)
20_1562011121.mp4 (73.1 MB)
I am not here to judge the morality of your preferences, I am here to make money. Because I know you are a wealthy person and that you do care about your reputation, I am willing to give you a chance to atone and I will leave you alone.
You do know what Bitcoin is, right ? You must fund a special address with 5,000 ÙSD in Bitcoin, otherwise, I am going to se?d those video files to your family members, friends and your work buddies.
If you do not send the bitcoins in one week, I will also send those video recordings to your local police office. Your life will be ruined.
Do not reply to this email, it’s an untraceable one time message.
I will contact you. Remember, I am watching you.
Things you can do to avoid becoming a sextortion victim
- Use strong passwords for all your online accounts.
- Don’t send compromising images of yourself to anyone
- Turn off your web cameras when not in use.
What to do when I get an email saying I know your password?
- Don’t panic. It is just a fake threat. Cybercriminals depend on fear-mongering to make money. If you want, you can see if your email ID, password, and phone number by visiting “Have I Been Sold” or a similar website. That will give you an indication of where the cybercriminals got your information.
- Go directly to the website and change your password to something strong. You may use a password manager like Lastpass to manage all your passwords.
- Report it to your local law enforcement agency. US residents can call their local FBI office or toll-free at 1-800-CALL-FBI.
- Forward the email to FTC at email@example.com and Anti-Phishing Working Group at firstname.lastname@example.org.
NEVER PAY THE RANSOM. Just change your passwords and report it to law enforcement agencies in your area, if you can. Sextortion is a crime so these “I know your password” email senders are treated as criminals.