There has been a recent surge in a widespread sextortion email scam, where individuals are being targeted with threatening emails containing a PDF attachment.
The scammers assert that they have secretly inserted malware on adult websites, which purportedly infected your computer while you were viewing explicit content.
After that, they proceed to blackmail you by threatening to share a compromising video with your contacts unless you comply with their demands.
This is one of the biggest sextortion campaigns we have seen yet and is impacting a significant number of individuals daily.
The email pretends to have private information about you, but it's all part of a scam.
According to the email, while you were watching inappropriate videos, they supposedly took control of your device's camera and audio through something called “remote access.”
They also claim to have access to your Wi-Fi network and other connected devices, such as your phone or tablet.
The scammers go on to claim that this malware has provided them with access to all of your personal information, such as contacts, photos, and videos.
How this scam tricks people into thinking it's real
They use the threat of sharing this information unless you send them money, usually in the form of cryptocurrency.
This scam bears a striking resemblance to other email scams that aim to intimidate you by threatening to expose your passwords or credit card information.
One alarming feature of this scam is how personal the email seems. The subject line includes your first name, which makes it feel more targeted.
The attached PDF file will also have your first name as the file name (such as john.pdf or michael.pdf), which can scare people into thinking the threat is real and encourage them to open the email.
When open opening, they will be met with a bolded message showing your mobile phone number as a threatening attempt to cause panic within the recipient.
Once opened, the email will try to convince you that they have serious evidence of you visiting adult websites and using malware to record your activities.
The remainder of the email adheres to a common format used in sextortion scams, where the scammer requests payment to prevent the release of personal videos.
The scammers' requested amounts can vary, with some asking for as little as $900 and others demanding as much as $8,000.
The email is simply a scam intended to frighten people into making payments, despite its apparent credibility.
Contents of the PDF email scam attachment
Subject: Is calling XXX-XXX-XXXX a better way to have a chat with you in case you don't take action?
So I suggest you read this message carefully. Take a minute to relax, breathe, and really dig into it. We're talking about something serious here, and I need you to be on point. You do not know anything about me whereas I know alot about you and you must be thinking how, correct?
You've been a bit careless lately, scrolling through those videos and clicking on links, stumbling upon some not-so-safe sites. I placed a Malware on a p*** website and you visited it to watch(if you know what I mean).
When you were watching those videos, your device began operating as a RDP (Remote Device) which provided me total accessibility to your system. I can look at everything on your display, switch on your camera and mic, and you wouldn't even suspect a thing. Oh, and I have got access to all your emails, contacts, and social media accounts too.
What I want?
Been keeping tabs on your pathetic existence for a while now. It is just your bad luck that I got to know about your misadventures. I gave in more time than I probably should have exploring into your personal life.
Extracted quite a bit of juicy info from your system. and I've seen it all. Yeah, Yeah, I've got footage of you j****** off in your room(nice setup, by the way). I then developed videos and screenshots where on one side of the screen, there's the videos you were enjoying, and on the other part, its someone jerking off. With simply a single click, I can send this filth to all of your contacts.
What should you do?
Your confusion is clear, but don't expect sympathy. In good faith, I am willing to wipe the slate clean, and let you move on with your daily life and forget you ever existed. I am about to present you two alternatives. Either disregard this email (not recommended) or pay me a small fee. Let’s explore these two options in more detail.
Alternative one is to turn a blind eye to my email. Let us see what is going to happen if you select this path. I will send your video to your contacts. The video was straight fire, and I can't even fathom the embarrassment you'll endure when your colleagues, friends, and fam check it out. But hey, that's life, ain't it? Don't be playing the victim here.
Other Option is to pay me, and be confidential about it. We’ll name this my “confidentiality tip”. Now Lets see what will happen when you choose this choice. Your dirty secret will remain your secret. I will wipe everything clean once you send payment. You'll transfer the payment through Bitcoin only. I want you to know I'm aiming for a win-win here. My word is my bond.
Amount to be paid: $6000 My B'TC Address: ILtpeJXXXXXXXXXXXXXXXXX (Here's OR code, scan it carefully)
Note: You now have one day in order to make the payment. (I've a specific pixel within this e mail, and now I know that you have read this e mail).
Here's another version of the email scam:
Subject: Is calling XXX-XXX-XXXX a better way to reach you if you don't cooperate
So it's important you pay attention to this message right now. Take a moment to chill, breathe, and analyze it thoroughly. We're talking about something serious here, and I need you to be on point. You do not know me however I know you very well and you must be wondering how, right?
You've been treading on thin ice with your browsing habits, scrolling through those videos and venturing into the darker corners of cyberspace. I actually installed a Malware on a pxxx website and you accessed it to watch(you get my drift).
And when you got busy watching those videos, your system started out working as a RDP (Remote Protocol) which allowed me total control over your device. I can peep at everything on your display, flick on your cam and mic, and you wouldn't even suspect a thing.
Oh, and I've got access to all your emails, contacts, and social media accounts too. What have I done? Been keeping tabs on your pathetic life for a while now. It is just your hard luck that I noticed your bad deeds. I gave in more days than I should have investigating into your personal life.
Extracted quite a bit of juicy info from your system. and I've seen it all. Yeah, Yeah, I've got footage of you jxxxxxx off in your room (nice setup, by the way).
I then developed videos and screenshots where on one side of the screen, there's whatever garbage you had been enjoying, and on the other half, it is you doing nasty things. With simply a click, I can send this video to all of your contacts.
What can you do? I feel your worry and confusion. Actually, I am willing to wipe the slate clean, and allow you to move on with your daily life and forget you ever existed. I am going to give you two alternatives.
Either turn a deaf ear to this email (not recommended) or pay me a small amount. Let us examine these two options in details. Alternative one is to disregard my mail. Let us see what is going to happen if you choose this option.
Your video will get sent to your contacts. The video is lit, and I can't even fathom the embarrasement you'll endure when your colleagues, friends, and fam check it out. But hey, that's life, ain't it? Don't be playing the victim here.
Option 2 is to pay me, and be confidential about it. We'll call it my “privacy tip”. let me tell you what will happen when you pick this path. Your secret remains private. I will destroy all the data and evidence once you send payment.
You'll transfer the payment through Bitcoin only. Pay attention, I'm telling you straight: ‘We gotta make a deal'. I want you to know I'm coming at you with good intentions. I am a man of my words.
Amount to be sent: $5000 My BTC Address: 1JZZu V3fMQiNSKmXIDGSoMcBVHPg5BXRPs Or, (Here's Bitcoin QR code, you can scan it):
Let me tell ya, it's peanuts for your tranquility.
Important: You got one day to sort this out. (I've a special pixel within this email, and at this moment I know that you've read through this e mail). My system will catch that Bitcoin payment and wipe out all the dirt I got on you.
Don't even think about replying to this, it's pointless. The email and wallet are custom-made for you, untraceable. I don't make mistakes, A 1.
If I catch that you've shared or discussed this mail with anyone else, the shitty video will instantly start getting sent to your contacts. And don't even think about turning off your phone or resetting it to factory settings.
It's pointless. Let's get this sorted out within 5-6 hours, I'm waiting for the payment. Honestly, those online tips about covering your camera aren't as useless as they seem. Don't dwell on it. Take it as a little lesson and keep your guard up in the future.
Here's why the scam is fake
The scam causes people to panic as it involves personal data that they would assume is not publicly available. The scammers in this case use individuals' phone numbers and first names.
Your phone number and first name were discovered by scammers due to a data breach database that was accessible on the dark web.
Our website provides extensive coverage of data breaches, giving us a deep understanding of the alarming frequency at which websites are being breached on a daily basis.
One of these might be a form where you enter your email, name, and phone number.
Scammers have found a way to streamline their email scamming process. Instead of manually sending emails to thousands of users every day, they take advantage of stolen data from breached websites.
How it works: They carefully filter the data they can use and insert it into custom fields within email attachments which get sent automatically.
These attachments are then sent directly to the individuals' email addresses whose data has been compromised.
What should you do about your data?
Our team has been tracking these sextortion emails for a long time, and we frequently receive emails and messages from site visitors asking what they should do next after disregarding the email.
Having your private data floating around the corners of the internet can make you feel vulnerable and exposed.
As a result, we recently partnered with DeleteMe, a privacy service that can help you remove your private information from the internet.
DeleteMe removes your personal information from over 750 data brokers (full list) and offers custom removal requests, automatic routine removal, and detailed reporting to give you peace of mind.
Right now, Hackerdose visitors can get 20% off DeleteMe, allowing you to get your data off the internet and stop receiving these scary emails for good.
Email scams in general
Numerous email scams are circulating on the internet, targeting thousands of individuals. This scam wherein a hacker attached a PDF file that includes your phone number is not entirely new.
There have been numerous iterations of this scam, including credit cards, passwords, and even computer hardware specifications.
We have also seen a much trickier case with scams where the main fear is due to the email being sent from the user's iCloud or Microsoft account which is the result of spoofing.
To be clear, email scams have been around for a while and they are not new, but cybercriminals and scammers are constantly improving their tactics to make these scams more deceptive to users.
Now that you have a clear understanding, it would be wise to simply delete the email and move forward to avoid any negative impact on your day.
I also received an email almost identical to one of the above, but it also contained my full name, cell phone, address, and a picture of my house. It also said Pegasus had been installed on my phone.
It sounds like your full name, phone number, and home address might’ve been caught in a data leak, I’d guess probably from a site or e-commerce platform you’ve used. Scammers often use that info to send fake blackmail emails. Don’t worry, though; the emails are fake. You can disregard them and you’ll be fine. Stay safe!