Sextortion scam email – “I hacked this mailbox more than six months ago”
You may have received an email recently appearing to be from a ‘darknet’ hacker claiming that they have hacked your email account and mailbox. They are scam emails attempting to extort Bitcoin from you with the threat of exposing your browsing history to your contacts.
The worrying thing about these emails is that they contain a password and this might actually be one of your passwords. This is possible due to large scale data breaches such as LinkedIn, Playstation, Yahoo, Adobe, Tumblr where email addresses and passwords were obtained. You can see a list of the largest data breaches here.
The sender address of the sextortion email may also appear to be from your email account. This is easy to fake and does not mean your email account has actually been hacked
What Can You Do?
- Do not reply to the email
- Delete the email(s)
- Scan your computer or device for viruses and malware – there are many free antivirus programs and https://www.malwarebytes.com/ have a free version
- Change your email password to random characters
- Change other critical passwords (see below)
- Check your email address(es) on https://haveibeenpwned.com/
If you’re still worried about your IT security, you may want to contact your local IT support company and have them confirm you are secure.
How Secure Are Your Existing Passwords?
If you use the same password for lots of sites you increase the risk of being hacked. If your password is a simple word, even with numbers attached, you are at even higher risk. Many high profile sites have been hacked and your email/password may be available to hackers as part of large datasets.
Often these passwords will be stolen in encrypted form. Decrypting simple passwords is easy, and many have been decrypted already and the encrypted passwords can be crosschecked against those.
Using random characters or four words in a row will increase password security. Using a password manager like 1Password or Lastpass will make it easy to store and use all these random passwords across your computers and devices.
Don’t leave it until it’s too late – make sure your passwords are secure.
Example Sextortion Email
My nickname in darknet is USERNAME.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.
So, your password from YOUR EMAIL ADDRESS is A PASSWORD
Even if you changed the password after that – it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.
I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.
I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!
During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!
I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $839 is quite a fair price to destroy the dirt I created.
Send the above amount on my BTC wallet (bitcoin): XXXXXXXXXXXXXXXXXXXXX
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.
Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!
Since reading this letter you have 48 hours!
After your reading this message, I’ll receive an automatic notification that you have seen the letter.
I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere!