Today, when I opened outlook to check my mailbox, there was an email with the subject “Your account is being used by another person”. I was shocked and opened that email, and when I read, it seemed more shocking to me for a second. This is not a normal occurrence for me, which is why I was alarmed the moment I read the email. A lot of questions were going on in my head but most of these were about whether or not my identity and security were breached.
This was the full email:
Subject: Your account is being used by another person!
I hacked your device, because I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.
You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (p**nography) of some websites, and you know that you visited these websites to enjoy (you know what I mean).
While you were watching video clips, my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.
Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.
What I’ve done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes … but strange for me and other normal people), and the second part shows the recording of your webcam.
What should you do?
Well, I think $693 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don’t know, look for “how to buy bitcoins” on Google).
BTC Address: 1GjZSJnpU4AfTS8vmre6rx7eQgeMUq8VYr
(This is CASE sensitive, please copy and paste it)
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).
If I don’t get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.
If you want to get proof, answer “Yes!” and resend this letter to youself.
And I will definitely send your video to your any 18 contacts.
This is a non-negotiable offer, so please do not waste my personal and other people’s time by replying to this email.
But, within a second, I thought one thing whether I clicked any p**n or spam links recently from my email? What was the basis of this person to send me an email like this? Am I no longer safe online? What other information were they able to get based on my online history? The questions went on but, for sure, I felt scared and clueless about what was going on.
I was not sure because being a blogger; I get a lot of marketing emails, guest posting emails, and so on. So, I was not sure if I had clicked any such link. However, I don’t click any links in general until I am sure if the link is safe. I have been using the internet for decades and I am confident that I always check the links I am clicking. Regardless of how enticing (promos, discounts, freebies) the links are, if these are not related to my search online, I would always opt not to click any. I understand how prevalent scammers are in the World Wide Web today.
As you can see in the email that the scammer said that he recorded my webcam, that is what made me realize that this is nothing but a scam email because when I was writing about Dark Web a long ago for this blog, I had to test to access dark web, so I covered my webcam just for security purpose. Since then my webcam is covered only. So, there is no way that my laptop’s webcam gets recorded. And, even the web camera is disabled from Device Manager.
So, there is no way of webcam recording. But, still, the email says it is recorded. So, it says itself that it is nothing but a scam blackmail email. I opted to read resources online and went through reputable websites, such as websafetyadvice.com, and learned that these emails are actually common among scammers.
Now, the thing made me think that the email came from my own email address only. That is a thing to think over. But, I heard a bit about email address spoofing, so I thought it might be a spoof email. But, looking at the Email headers, it was not looking like the spoofed message. But, I was still not sure.
Then, I asked my hosting partner One.com about this, they told me that there might be two cases, either it is spoofed, or your email address is compromised. Regardless, both of these problems can worsen over time and can become the reason why I’ll lose my identity and security online. The mere fact that someone got my email address without my consent is already alarming, much more telling me that they were able to record my online activities as I am watching p**n.
I was only concerned about the email thing, and then they asked me to check my email address on https://haveibeenpwned.com/ this website to know if your email address is compromised?
I did, and it surprised me that, yes, it was.
You can check your email address on this site if you want. If there is no problem, it will show a green signal like this:
I immediately changed my password to a stronger one. Moreover, you can use any good Password manager such as Dashlane, LastPass or any good one as the password manager. Most of the password manager will automatically check your passwords to see if they have been revealed in a breach and help you create unique, secure passwords for every site.
However, there is a bitter truth that “There is nothing safe online”. Anything can be hacked. It is you who has to be careful from clicking links, accessing spam sites, etc.
How they actually do it?
Most of the times such emails are a scam, and there is no relation with the reality, but the thing is, most of the population does watch p**n at times, and when they get such emails, they are frightened that scammers might have actually recorded their video while they were watching p**n. And, that is why they threaten you by writing such emails in the anticipation to get money from people who are frightened after reading the email.
If you don’t have any idea about the prevalence of this scam, you will likely fall victim to this modus and provide anything the scammer asks you to. If they tell you to send them money in exchange for your “recorded video”, you will probably follow their instruction to ensure that your safety online is not compromised.
Actually, they do it either by email spoofing or by hacking your email address. In other cases, these scammers make use of the breached data that are published on many sites. Yes, when there are some data breaches, hackers mostly upload them to some sites, and these scammers make use of those data to do such scams. That is the reason; it is advised to change your passwords regularly so that even if your data is compromised years ago, it cannot be used later to exploit you if you have changed the passwords.
If you want to avoid experiencing this kind of problem, spend some time changing your password as often as possible. Ideally, all of your online accounts should have different passwords every month. This will make it very challenging for scammers to track your online activities and breach any of your data, as well.
By the way, I am not alone, such emails are being sent to millions of users, and that I found while I started researching about it. There are some reports shared by TechCrunch, Krebs on Security, and many more websites. Though there is nothing there to worry, you must be careful about your email credentials.
As per Krebs on Security, there are some shady password lookup sites available where compromised data are sold. Thus, changing passwords regularly is important.
While choosing passwords make sure you make strong password every time you change it. You can read more about passwords here.
Moreover, when you get such emails, make sure to scan your PC for Malware once just to be sure there is nothing such on your PC. Malwarebytes seems to be a great tool for Malware scanning and fixing them.
When you get such emails, don’t worry. This is a scam email to trick people to rob money. Ignoring such emails is good but still, do try changing your email password and scan your PC for malware.
One thing I would advise, if your laptop/PC’s webcam is not in use, keep it covered. That is a safe practice for everyone. You can cover the cam with anything like tape, or even there are webcam covers being sold online.
So, don’t fall for it if you get such emails. Email subject might be different than what I received. There are different people term this scam as Sextortion emails, P**n Blackmail emails, etc.
Just don’t get fooled of these!