Sinister new blackmailing email phishing scam making waves

There’s a new email phishing scam making the rounds and it’s not a nice one. Based on blackmail and reading quite sinisterly, this recent email is scaring some users. We have seen a few examples of this email here at Dave’s Computers in New Jersey and we don’t like it. The email is scaring those that see it which is never a good thing.

The email has your own account address as the sender and reads something like:

‘I placed malware on the porn website you visited the other day. While you were watching the video and having fun (if you know what I mean), your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

I now have video of what you were doing and what you were watching (nasty!). What should you do now?

I think $1000 is a fair price to keep your secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and everyone you know.

If I get paid, I will erase the video immediately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.’

As you can see this is quite sinister. I have heard from a couple of customers who have received this email and want to know what to do.

What to do when you receive phishing or scam emails

The short answer to that is do nothing. Delete the email and think no more of it. Even though it looks like the email has been sent from your own account, it hasn’t. It just uses an old vulnerability in email to make it look that way. It is called spoofing and tells the email to display your address in the From field instead of the real one.

Even though it offers the opportunity to verify, don’t. This is a ‘live email’ check and will verify that your email address is a real one and will encourage more of this kind of spam.

If you’re concerned, add your email address into Have I Been Pwned. This website looks at databases from all the breaches recently to see if your email address was on one of the lists. And the list is long!

Yahoo suffered a data breach in 2017 that compromised 3 billion accounts. Other companies have also lost your data including Marriott International (500 million customers), LinkedIn (164 million), Adobe (153 million), eBay (145 million), Sony’s PlayStation Network (77 million), Uber (57 million) and Ashley Madison (31 million).

Have I Been Pwned can give you a good idea of your email address is one of them.

It is important to never reply or perform any action other than hitting delete when you receive spam or phishing emails. This particular email is insidious in how it tries to strike fear and then make you act on that fear. Don’t fall for it and delete it right away!

If you want more help handling security, hacking or email, visit Dave’s Computers in New Jersey. We would be happy to help!