Fraudsters are continuing to send victims their own passwords in sextortion scam
A sextortion phishing scam, first identified by the National Fraud Intelligence Bureau (NFIB) in July 2018, continues to be reported to Action Fraud in high numbers.
Fraudsters are sending victims their own passwords in an attempt to trick them into believing they have been filmed on their computer watching porn and demanding payment.
In May alone, Action Fraud has received over 149 crime reports and 1,443 reports to our phishing reporting tool. Many victims report receiving multiple emails over a short period of time.
The emails contain the victim’s own password in the subject line and demands payment in Bitcoin after claiming that the victim has been filmed on their computer watching porn.
An example email reads;
I'm aware, XXXXXX is your password. You don't know me and you're probably thinking why you are getting this mail, right?
Well, I actually placed a malware on the adult video clips (porno) web site and guess what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your internet browser started out working as a RDP (Remote Desktop) with a key logger which gave me access to your display screen as well as web camera. Just after that, my software program gathered every one of your contacts from your Messenger, Facebook, and email.
What did I do?
I made a double-screen video. First part shows the video you were watching (you have a nice taste omg), and 2nd part displays the recording of your webcam.
Exactly what should you do?
Well, I believe, $2900 is a fair price tag for our little secret. You'll make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).
BTC Address: 1HpXtDRumKRhaFTXXXXXXXXXX
(It is cAsE sensitive, so copy and paste it)
You now have one day to make the payment. (I have a special pixel within this email message, and now I know that you have read this e mail). If I do not receive the BitCoins, I will definately send out your video recording to all of your contacts including close relatives, co-workers, and many others. Nevertheless, if I receive the payment, I'll destroy the video immidiately. If you need evidence, reply with "Yes!" and I will send your video to your 10 friends. It is a non-negotiable offer, therefore do not waste my time and yours by responding to this message.
Suspected data breach
Action Fraud suspects that the fraudsters may have gained victim’s passwords from an old data breach.
After running some of the victim’s email addresses through ‘Have i been pwned?’, a website that allows people to check if their account has been compromised in a data breach, Action Fraud found that almost all of the accounts were at risk.
How to protect yourself
- Don’t reply to the email, or be pressured into paying: it only highlights that you’re vulnerable and you could be targeted again. The police advise that you do not pay criminals. Try flagging the email as spam/junk if you receive it multiple times.
- Perform password resets as soon as possible on any accounts where you’ve used the password mentioned in the email. Always use a strong, separate password for important accounts, such as your email. Where available, enable Two-Factor Authentication (2FA).
- Always install the latest software & app updates. Install, or enable, anti-virus software on your laptops & computers and keep it updated.
- If you have received one of these emails and paid the fine, report it to your local police force. If you have not paid, report the email as a phishing attempt to Action Fraud.
ActionFraud is the UK’s national fraud and cyber crime reporting centre.
We provide a central point of contact for information about fraud and cyber crime.
The easiest way to report fraud and cyber crime is by using our online reporting tool.Report
Latest News from
Over £27 million reported lost to crypto and forex investment scams22/05/2019 10:20:00
New warning from The Financial Conduct Authority (FCA) and Action Fraud.
Action Fraud warns of Hajj fraud, as criminals target Muslims booking trips to Mecca16/05/2019 12:20:00
New Hajj fraud warning from Action Fraud and City of London Police.
NCSC advice following WhatsApp vulnerability15/05/2019 13:20:00
The National Cyber Security Centre (NCSC) has issued advice for users of WhatsApp following yesterday's vulnerability announcement.
Gang of fraudsters jailed for 43 years by the Metropolitan Police after reports to Action Fraud10/05/2019 10:20:00
A gang of fraudsters have been jailed for a total of more than 43 years for their parts in the theft of millions of pounds from businesses and individuals in the UK and abroad.
Action Fraud report reveals £7 million lost to holiday fraud08/05/2019 10:20:00
Fraudsters stole more than £7 million from unsuspecting holidaymakers and other travellers in 2018, a new report yesterday revealed.
42% of used hard drives sold on eBay still contain sensitive data26/04/2019 14:20:00
The findings will make worrying reading for anyone looking to make some extra cash by selling their old hard drives.
Springtime tax scams target young and vulnerable, warns HMRC25/04/2019 10:20:00
Young adults who may have less experience of the tax system should be especially vigilant against springtime refund scams, warns HM Revenue and Customs (HMRC).
Off-duty police officer steps in to prevent his elderly neighbour getting conned by fraudsters15/04/2019 10:20:00
An eagle-eyed off duty officer stepped in to stop his elderly neighbour becoming the victim of a fraud after she bought hundreds of pounds worth of gift cards.
Dedicated Cyber Crime Units Get Million Pound Cash Injection12/04/2019 13:10:00
The NPCC National Cyber Crime Programme yesterday (11/4) announced that every Police Force in England and Wales now has a dedicated Cyber Crime Unit in place thanks to a multi-million-pound investment from the Government.