Sextortion scam demands USD 2000 to not "ruin your life"
Updated at: Feb 08, 2021
Sextortion campaigns continue to flood email boxes of several people. These scams generally have the same modus operandi.
To understand how this type of threat works, check out the example of a sextortion scam that was detected by Gatefy's email security solution.
In the scam, the attacker claims that, if the payment of about USD 2,000 isn't made in bitcoins, he'll leak confidential user images.
More precisely, he's talking about adult content videos that were allegedly hijacked after the victim’s device was hacked.
Check below for more details of the message, how to identify this crime and what are the prevention methods for this type of attack!
The blackmail used by the hacker
In this sextortion attack, the crook starts the message in a debauchery and threatening tone.
“I think you will not be happy, because I have a very bad news for you. Just a few months ago I hacked your operating system and I have full control of your device”.
Many people get scared because of the email content. But it's important to know that sextortion scams are old.
In the case we're talking about in this post, the attacker explains how he infected the device, saying that he exploited a router flaw or vulnerability and then used a malware or a malicious code to spy the user.
“Later I made a full copy of your hard drive (I have all your email contact lists, list of websites you visited, phone numbers, your passwords etc.)”, says the cybercriminal.
Then the attacker begins to intimidate the victim.
He claims that the content he has from the victim is unusual, "crazy" and "ugly”, and threats to send the material to the victim's entire contact list, which we can understand as friends, family, and coworkers.
“I am from Russia and nobody will help you if you report this email. Before they find me your life will be ruined! If you do not cooperate with me - I will release this ugly material immediately”.
In an interview for CNBC, a spokesperson said that most of the extortion attacks are sextortion campaigns.
How to fight sextortion and other email threats
In the cases of suspicious emails, the first thing to do is take it easy and analyze the message content carefully.
The vast majority of email attacks are targeted scams for many people. I mean, they're generic attacks.
Having this in mind, the most important tip is: never interact with the message. This means not replying to emails and not clicking on suspicious links or attachments.
Another important tip is to adopt protection and awareness tools, especially in the case of companies.
Take a look at how the malicious email looks like
The email content is reproduced as we detected it, including any grammatical errors.
“Hi. I think you will not be happy, because I have a very bad news for you. Just a few months ago I hacked your operating system and I have full control of your device. I implanted a small application into your device which sends me your current IP address and allows me to connect to your device just like remote desktop. Even if you change your password, it won’t help.
How I infected you? The router that you used to connect to Internet had a security hole. You can read about this problem by searching for CVE-2018-10562. I hacked your router and I put my code into it, and when you tried to connect to Internet, my program infected your device.
Later I made a full copy of your hard drive (I have all your email contact lists, list of websites you visited, phone numbers, your passwords etc.). A little while later, when I was searching your web browsing history I was shocked by what I saw!! The sites for adults you are visiting... you know what I mean... I just want to say - your fantasies are shifted far away from the normal course!...
For the last 2 months I have been spying on you through your device camera.. especially when you visited those sites to have fun... Those videos show clearly you having fun and the content for adults you were watching.. this is pretty nasty and I would be very worried if I were you.
I have secured 4 videos:
xxxxxx_1557707776.mp4 (35.2 MB)
xxxxxx _1556400859.mp4 (117.3 MB)
xxxxxx _1556111933.mp4 (54.1 MB)
xxxxxx _1557907897.mp4 (39.2 MB)
You can verify that the timestamps correspond to the moments you were enjoying yourself... Now, because I do not like at all what I saw (that’s pretty crazy and ugly) I ask you to send me a donation through Bitcoin network. 2000 US dollars is a fair price (considering your perversions).
If you want me to forget about the whole case, remove the files and disable the nasty app that is spying you, send me the Bitcoin payment within 72 hours. Yes, I give you 72 hours only. Here is my wallet:
Send exactly 0.294762 BTC to my address: 351zYWaP7pwq1gvPmYHREmLdb6Hkk3R9NT
(copy it and paste - it’s case sensitive)
0.294762 BTC = 2000 dollars
If you do not send me the Bitcoin, I promise you - I will send those 4 files with you enjoying yourself to all your contact lists, associates and social network friends. I still have access to your device and I know when you read this message. When you opened it, time started ticking. You have 72 hours only!
I am from Russia and nobody will help you if you report this email.. Before they find me your life will be ruined! If you do not cooperate with me - I will release this ugly material immediately.
This is why I advise you - send me the Bitcoin and let’s forget about the whole situation. I know you can afford it. If you do not know how to send bitcoin, go to google and search how to do it. There are plenty of options like coinbase.
Here is my address again:
Send exactly: 0.294762 BTC to my address: 351zYWaP7pwq1gvPmYHREmLdb6Hkk3R9NT
Remember to send the exact amount as above! This way I will know it’s from you. Do not be angry at me. This is just my job, and you are not the only person I caught. Be angry at your fantasies - if you didn’t visit those sites for adults you would have no problem.. but now... I am waiting for your bitcoin. Remember, time is ticking..”