Thousands of users from various social media and communities have reported receiving a sextortion email that reads, “I know that calling *phone number* or visiting *address* would be a convenient way to contact you.”
As of this writing, sextortion emails have reached an all-time high, with many people receiving fraudulent emails in their inbox.
This is also related to the latest scam campaign, which claims to have your personal information, including your name, phone number, and home address, as well as a photo.
The sender of this email claims to have full access to your accounts and passwords.
According to their statement, they had access to a variety of devices and accounts, including Messenger and social media platforms.
The hacker may also provide an old password as proof of possession, obtained through an old database leak.
The hacker will claim that they gained access by placing Pegasus malware on the recipient’s computer and recording the victim engaging in explicit activities and watching explicit videos.
These so-called “professional hackers” will demand a large sum of money to keep your personal information from being disclosed to anyone, including family members.
They claim to have seen inappropriate videos of the victim and are attempting to extort money from them.
These emails are widely distributed and referred to as scam or phishing emails. They belong to the same category as the Pegasus email scams and their counterparts.
Content of the email
Here is the full content of the email scam:
**Full Name**,
I know that calling **Phone Number** or visiting **Home Address** would be a convenient way to talk to you in case you don’t cooperate. Don’t try to hide from this. You’ve no idea what I’m capable of in **City**.
I suggest you read this message carefully. Take a minute to relax, breath, and really dig into it. We’re talking about something serious here, and I ain’t playing games. You don’t know anything about me however I know EVERYTHING about you and right now, you are thinking how, correct?
Well, you’ve been treading on thin ice with your browsing habits, scrolling through those videos and venturing into the dark corners of cyberspace. I placed a Malware on a pxxx website and you visited it to watch (if you know what I mean). When you were watching those videos, your system initiated operating as a RDP (Remote Protocol) which allowed me complete control over your device. I can peep at everything on your screen, flick on your camera and mic, and you wouldn’t even notice. Oh, and I have got access to all your emails, contacts and social media accounts too.
Been keeping tabs on your pathetic existence for a while now. It is just your hard luck that I accessed your bad deeds. I invested in more time than I should’ve digging into your life. Extracted quite a bit of juicy info from your system. and I’ve seen it all. Yeah, Yeah, I’ve got footage of you doing filthy things in your room (nice setup, by the way). I then developed videos and screenshots where on one side of the screen, there’s whatever garbage you had been playing, and on the other half, it is your vacant face. With simply a single click, I can send this garbage to every single of your contacts.
I see you are getting anxious, but let’s get real. In good faith, I want to wipe the slate clean, and let you move on with your life and forget you ever existed. I will give you two options.
Option 1 is to turn a deaf ear this e-mail. You should know what will happen if you choose this option. I will send your video to all of your contacts. The video is lit, and I can’t even fathom the embarrasement you’ll endure when your colleagues, friends, and fam check it out. But hey, that’s life, ain’t it? Don’t be playing the victim here.
Option 2 is to pay me, and be confidential about it. We’ll name it my “privacy fee”. Now Lets discuss what happens if you opt this option. Your secret remains private. I will destroy all the data and evidence once you come through with the payment. You’ll send the payment by Bitcoin only. I want you to know I’m aiming for a win-win here. I am a man of my words.
Amount to be paid: USD 1950
BTC Address: XXXXXXXXXXXXXXXXXXXXXX
Once you pay up, you’ll sleep like a baby. I keep my word.
And of course: You got one day to sort this out and I will only accept Bitcoins (I’ve a specific pixel in this mail, and right now I know that you have read this message). My system will catch that Bitcoin payment and wipe out all the dirt I got on you. Don’t even think about replying to this or negotiating, it’s pointless. The email and wallet are custom-made for you, untraceable. If I suspect that you’ve shared or discussed this message with someone else, the shitty video will instantly start getting sent to your contacts. And don’t even think about turning off your phone or resetting it to factory settings. It’s pointless. I don’t make mistakes, ____.
Beautiful neighborhood btw (then google maps photo).
Honestly, those online tips about covering your camera aren’t as useless as they seem. I am waiting for my payment..”
Another version of the scam email
I know that calling US or visiting would be a effective way to have a chat with you if you don’t take action. Don’t try to hide from this. You have no idea what I’m capable of in.
It’s important you pay attention to this message right now. Take a moment to chill, breathe, and analyze it thoroughly. ‘Cause we’re about to discuss a deal between you and me, and I ain’t playing games. You do not know me however I know ALOT about you and right now, you are wondering how, right?
Well, you’ve been a bit careless lately, clicking through those girlie videos and clicking on links, stumbling upon some not-so-safe sites. I placed a Malware on a pxxx website and you visited it to watch(you get my drift). When you were watching videos, your device started out operating as a RDP (Remote Device) which allowed me complete control over your device. I can look at everything on your display, flick on your camera and mic, and you wouldn’t even suspect a thing. Oh, and I’ve got access to all your emails, contacts, and social media accounts too.
Been keeping tabs on your pathetic existence for a while now. It is simply your bad luck that I found your misadventures. I put in more days than I should’ve exploring into your data. Extracted quite a bit of juicy info from your system. and I’ve seen it all. Yeah, Yeah, I’ve got footage of you doing embarrassing things in your room (nice setup, by the way). I then developed videos and screenshots where on one side of the screen, there’s whatever garbage you were watching, and on the other half, it is your vacant face. With simply a click, I can send this video to all of your contacts.
Your confusion is clear, but don’t expect sympathy. Genuinely, I want to wipe the slate clean, and let you continue with your regular life and wipe your slate clean. I will provide you two options. First Alternative is to turn a blind eye to this message. You should know what will happen if you opt this path. Your video will get sent to your contacts. The video is straight fire, and I can’t even fathom the embarrasement you’ll endure when your colleagues, friends, and fam check it out. But hey, that’s life, ain’t it? Don’t be playing the victim here.
Second option is to pay me, and be confidential about it. We will call it my “keep the secret fee”. Now let me tell you what happens when you pick this way out. Your secret remains your secret. I’ll wipe everything clean once you send payment. You’ll transfer the payment via Bitcoin only. Pay attention, I’m telling you straight: ‘We gotta make a deal’. I want you to know I’m coming at you with good intentions. My promises are non-negotiable.
Required Amount: $2000
My BTC Address: 1A5STkbwdUfgmE42KxxxxxxxxxxxxxxxxxOnce you pay up, you’ll sleep like a baby. I keep my word.
Notice: You now have one day in order to transfer the amount and I will only accept Bitcoins (I’ve a specific pixel in this mail, and right now I know that you have read this email). My system will catch that Bitcoin payment and wipe out all the dirt I got on you. Don’t even think about replying to this or negotiating, it’s pointless. The email and wallet are custom-made for you, untraceable. If I notice that you’ve shared or discussed this email with anyone else, your video will instantly start getting sent to your contacts. And don’t even think about turning off your phone or resetting it to factory settings. It’s pointless. I don’t make mistake Can you notice something here? Honestly, those online tips about covering your camera aren’t as useless as they seem. I am waiting for my payment..
Scam emails in general
We’ve seen many scam emails on the internet, and this isn’t the first one. Not to mention that the email scam has been rephrased several times.
- Isn’t calling or visiting too personal to contact you
- Isn’t calling or visiting too personal to reach you
- I know that calling or visiting is better way to contact you
- I know that calling or visiting is better way to talk to you
- I know that calling or visiting is better way to reach you
- Isn’t calling or visiting is too personal to talk to you
The malicious sender employs scareware tactics to instill fear in the recipient, allowing them to manipulate and coerce him into complying with their malicious demands.
These emails attempt to trick the user into sending money by threatening to reveal a secret to the public.
The email claims that the sender has accessed your accounts and personal information. However, this claim is unfounded and has no merit against the recipient.
Cybercriminals will go to any length to make these emails appear legitimate; in some cases, scammers will even spoof the user’s email address, convincing them that the email was sent directly from their Microsoft or iCloud account.
How these scams trick you into thinking they are real
Curious as to how the hacker obtained your private information, as described in the email’s content?
It is possible that cybercriminals obtained your phone number after finding it on the dark web.
This is most likely the result of a data breach on another website, potentially one where you previously purchased or provided information for two-factor authentication.
For example, an ecommerce website will most likely keep your full name, shipping address, and phone number for delivery messages. If a merchant is hacked, all three of these details may be leaked.
The threat actors behind this email will then access these via the dark web, programmatically entering the fields for each user in an automatic leak. This explains why thousands of users are now receiving this message.
But what about the image of the home address? This is easily explained. They use Google Maps and any location 3D software to take a screenshot and send it via email.
Summary | |
---|---|
Subject line | I know that calling or visiting would be a convenient way to reach you |
Threat type | Phishing scam, deceptive email, sextortion |
Fake claim | Hackers have gained access to your computer & accounts |
Asking amount | Each email varies (in cryptocurrency) |
Damage | Potential loss of personal data & money |
Now that you’ve confirmed that the email isn’t genuine, delete it and get on with your day.
The use of PDF files in the email raises concerns, as the hacker could have used the email instead.
There is a very slim chance of malware infection within PDF attachments, so scan the file with VirusTotal and, if the results are positive, check for malware.
Running a virus scan on your computer can provide extra security and reassurance for those who experience anxiety. Stay safe!
Scan for malware (Optional)
You’ve come to the right place if you need help getting rid of malware risks on your computer.
In the steps that follow, you’ll learn how to get rid of harmful risks and make sure your system is malware-free.
We considered the technical skills of the people who use the internet, so we made sure the steps are simple enough that even those who aren’t tech-savvy could follow them.
Before you continue, make sure you have a copy of your data saved somewhere else. If you don’t, your files could get damaged or lost while you follow the steps below. These kinds of things don’t usually happen, but we suggest doing it just in case.
To remove malware from your computer, you only need to follow a simple three-step procedure:
Step 1: Run malware scans
Step 3: Use the Tron script
Step 1: Run malware scans
New threats might not be found by antivirus engines in the early stages of an infection because their signatures are still being researched and put to a database for detection. It might be found in the end, but it may be too late for the computers that were infected.
However new malware threats can have some strings and signatures of some older malware in a database of other security software. Therefore it might get detected by other antivirus and not by others.
Since people who aren’t tech-savvy might have trouble finding the malware, we will need more than one piece of security software to help us find the malicious threat.
Please run the software individually. You can do so in any particular order.
- Removal Tool
- Emergency Kit
- ESET Scanner
- Malwarebytes
Kaspersky Virus Removal Tool is an excellent tool for scanning and disinfecting malware-infected computers. Please note that this tool is separate from the mainstream Kaspersky security applications, so worry not about the company’s controversies.
1. To start, download the Kaspersky Virus Removal Tool.
2. Once the download of the executable file (KVRT.exe) is complete. The program doesn’t need to be installed on the computer, so you may begin running it straight away.
3. After reading the KSN Statement, Privacy Policy, and End User License Agreement, check the box indicating your agreement to the terms and conditions. To continue, click Accept.
4. Please wait for the system initialization process to finish, as the program will first check if your system is compatible.
5. Before we start scanning, we will have to set the scope of the scan. Click the Change parameters option to do so.
6. Check all the boxes to allow the computer to search through all of the disks and directories for malware. After that, click OK to return to the main screen.
7. We can now begin the scan; simply click the Start scan button, and the Virus Removal Tool will begin.
8. Await the scan’s completion with patience. If there are any risks within the computer system, a notification will be displayed.
9. To completely remove the risks that the program has identified, click Delete from the drop-down menu of each discovered object.
10. Click Continue to remove the identified malware threats from your computer.
As the name implies, the Emergency Kit software by Emsisoft is a must-use in your malware scanner arsenal. It features the same powerful scanning technology used by their flagship software, Emsisoft Anti-Malware.
1. Download the Emsisoft Emergency Kit portable software.
2. You can launch the executable program (EmsisoftEmergencyKit.exe) directly from your downloads folder after downloading it.
3. Click Yes to let the program start on the computer when the User Account Control window appears.
4. Choose your program’s destination folder and accept the license and maintenance terms. Next, click Install to continue.
5. Click Malware Scan on the homepage of the Emergency Kit application to start the scanning process. The amount of time it takes for the program to scan your computer will depend on how many files you have and the hardware capabilities of your system.
6. Emsisoft Emergency Scanner will display a list of the files that the program has detected when the scan is complete. To get rid of threats from your computer, click on Quarantine selected.
7. To complete the malware removal procedure, Emsisoft Emergency Scanner may also ask you to restart your computer. Simply click Reboot your system to finish the process.
ESET Online Scanner is a program that is designed only to remove malware threats from your computer for free. It is simple to use and features an advanced malware detection system. There is no need for registration, free trials, or anything else. Simply download, execute, and remove the malware.
1. Download the most recent version of ESET Online Scanner.
2. After pressing the download button, the file (Esetonlinescanner.exe) should have been downloaded to your computer. It does not require any installations so you can simply run the aforementioned file.
3. Before using ESET Online Scanner, it must be initialized. Choose your preferred language and click Get started. Continue as directed by the screen until the homepage appears.
4. Click Computer scan from the homepage, then select Full scan from the three options available.
5. Give ESET Online Scanner the permission to detect and remove potentially unwanted apps by ticking the Enable option. After that, click Start scan to begin the scanning process.
6. Await the completion of the malware scan for your machine by the ESET Online Scanner. ESET Online Scanner would have automatically removed the threats it found after the scan. To complete the malware cleanup process, click Proceed.
Malwarebytes Anti-malware is well-known in the security field; they have helped many people with malware issues through their software, and downloading it will help you as well.
Note: We will only use the free version of Malwarebytes because it includes all of the capabilities we require.
1. Download the latest version of Malwarebytes Anti-malware.
2. Malwarebytes will start downloading (MBSetup.exe) the installation file. Run the executable after the download is complete.
3. To allow the program to execute, simply click Yes in the User Account Control window that may appear.
4. The Malwarebytes setup wizard will now open; select Install to continue.
5. You will be prompted by Malwarebytes to install the Browser Guard extension. Depending on whether you want it on your browser or not, you can choose to download it (the extension is completely free).
6. Please wait as the Malwarebytes Setup installs itself. Follow the on-screen instructions until you have successfully installed Malwarebytes.
7. Start by launching Malwarebytes Anti-malware for the first time after it has been installed. If you’re installing Malwarebytes for the first time, you’ll get a 14-day free trial of the premium version.
8. After the program takes you to the main dashboard, click the Scanner box in the middle to start scanning the computer.
9. You won’t click Scan just yet when you get to the Scanner page. Rather, select Advanced scans as shown below.
10. In the Custom scan section, click Configure scan. We will be able to alter the way the software scans the computer as a result.
11. To detect hidden malware, click the box next to Scan for rootkits on the Configure Custom Scan screen. Additionally, to enable Malwarebytes to scan every drive on your computer, check the boxes next to each one.
12. Once the Custom Scan options have been adjusted, click the Start Custom Scan button to get started.
13. A side window displaying the computer scan’s progress will appear. Please wait until Malwarebytes has completed its malware scan of the entire system.
14. Following the completion of the scan, a list of threats found will appear. Check the boxes near all the malicious files and get rid of them from the computer by clicking the Quarantine button.
If prompted, please restart your computer since Malwarebytes may require it.
Step 2: Uninstall unrelated software
You may discover programs on your computer that you did not install yourself and that you do not recognize. Since they might be the source of the malware infection, we should delete them as a result.
While the most recent version of Windows settings allows you to accomplish this through the Add & Remove Programs section, it is far simpler to use the Programs and Features page in the Control Panel.
The publisher name, the installation date, and the version number will all be displayed on a single grid screen, making it simpler to locate the virus. Here’s how to do so:
1. Click on the Windows key to open the Start menu.
2. Type Control Panel in the provided search bar and select the first item from the search results.
3. Click on Programs and inside, select Programs and Features.
4. You will be presented with a list of programs currently installed on your computer.
5. Find programs you do not recognize and right-click the item then select Uninstall/Change from the dropdown menu.
We’ll need to use a powerful uninstaller to do the dirty work for us if the software is stubborn and won’t go away with normal approaches.
Fortunately, there are tools for this; Revo Uninstaller is a good uninstaller program made to tackle and remove uninstallable programs.
1. To start, download Revo Uninstaller by clicking here. Avoid downloading from third-party sources as they may contain additional bloatware upon installation.
2. On the download page, opt for the free version of Revo Uninstaller as it has all the features we need. Click on Free Download to begin downloading the setup file.
3. The revosetup.exe file would have started downloading. Click on it to start installing the software.
4. Revo Uninstaller setup would now begin and follow the typical setup procedure such as selecting your setup language, accepting the license agreement, and selecting the installation location. Once setup is ready click Install.
5. After the setup is finished, check the Launch Revo Uninstaller option to open the program upon closing the installer.
6. Once Revo Uninstaller has opened, it will show you the list of applications currently installed on the computer. Find the program/s you do not recognize, right-click it, and select Uninstall from the drop-down menu. (We will be using PC App Store to demonstrate.)
7. A confirmation message stating if you are sure you want to uninstall the said program, click Continue.
8. Follow the uninstallation instructions and this time, Revo Uninstaller would have forced the program to continue with the uninstallation compared to the previous attempt via Control Panel.
9. You will be notified that the software has been uninstalled, Revo Uninstaller will now conduct a preliminary examination and get rid of additional files and registries related to the program.
10. On the selection of Scanning modes, select Advanced to make sure everything is scanned without leaving a single directory unnoticed.
11. Wait for the scan to finish as Revo Uninstaller is checking for residual files and registries related to the program.
12. Revo Uninstaller may have found leftover Registry items, click Select All and proceed to delete them by clicking the Delete button next to it. After that, click Next.
13. It may have also found some leftover files and folders, simply do the same by clicking Select All and deleting them. Now click Finish and the uninstallation of the unwanted program is done.
Step 3: Use the Tron Script (Optional)
The Tron script fights for the user, therefore it is one of our all-time favorites; it uses practically every removal and optimization method known to man, all with the touch of a single button.
It automates functions and programs for removing malware and bloatware, as well as cleaning up the computer, so the user behind the screen doesn’t have to do any work at all.
With that being said, let us proceed and use the Tron script to clean the system:
1. To start, download the Tron script.
2. Extract the downloaded Tron file, with the use of an archiver like 7-Zip. Please keep in mind that you will not run the Tron script exactly as it is downloaded. You’ll need to extract the.exe first.
3. After extracting the compressed file, open the Tron folder, right-click the Tron script, and run it as administrator.
4. The Tron script would have opened up and initialized by updating the database and checking the repo.
5. Once the initialization is finished, the disclaimer will be shown on the screen. Read it and type I AGREE in all caps to continue.
6. After agreeing to the disclaimer, it will show your current settings, as well as the Runtime estimate on how long the script may run. Press any key to begin running the Tron script on the system.
7. It will create a system restore point before beginning the process so if you run into any issues after running the script, you can always restore to the point it created before it started.
8. Please wait for the whole process to finish. You may see Tron script download and run multiple programs on the computer but it will uninstall them after finishing the process. This might take a long time as shown on the Runtime estimate.
9. Once everything has finished, the CMD window will have turned green which indicates that the process is a success. Press any key on your keyboard to close the Tron script.
10. To finalize the Tron script process, we recommend that you restart your computer.
After restarting your computer, you should no longer see the presence of malware threats. You can always use the Tron script as a last option if you believe your machine is infected and there is no chance of detecting the malware.
Tips to protect your PC from malware
As the saying goes: “The biggest vulnerability is the person behind the screen“
So, here are some tips and what you need to know in order to keep your device safe and malware-free in the long run.
Keep every software installed up to date
Make sure that all of the programs in your computer is up-to-date with the latest version released by the developer. The reason behind this is that these updates frequently tackle bugs and issues that malware actors often exploit.
The same goes for your computer’s operating system, make sure Windows is up-to-date with the latest software update to prevent malware from exploiting a hidden vulnerability.
Avoid downloading files from unknown sources
One of the biggest sources of malware infection in a computer system is third-party installations. This happens when a user downloads a certain program from sources that are not the official download links. Some of the common types of sources where malware is present are torrent files, cracked software, and games.
Be careful with opening email attachments
Malware often disguises itself as resumes and quotations and threat actors often send thousands of these infected emails to company employees around the world in order to infiltrate their network.
Always check where your emails are coming from as there may be a chance that the project attachment you received via email did not actually come from a co-worker.
Do not visit unreputable websites
Avoid visiting websites that contain unfiltered advertisements such as illegal streaming websites, cracked software platforms, and links sent out to you by somebody you do not trust.
These sites are often linked to redirect chains that load once you click on an ad element on the page. Following this chain often leads to drive-by malware and phishing pages that an average user may eventually fail to notice.