Sextortion Email Scam

We have been contacted by a number of concerned customers in the last few weeks about a worrying email sent to them claiming their p.c. has been hacked and their activities been unknowingly monitored. The most alarming part of this email is that the sender typically includes a password which the person may have used in the past and unless they pay up all of their private online activities will be revealed to the World (have a guess what they mean?)

Let us say straight up that this is a scam.

They do not have software installed. They are not watching you. They probably dont have your actual password.

Here’s how the scam works.

The hacker buys a list of previously hacked email addresses and passwords for major online companies that were hacked in the past. We are not going to mention them specifically but just about every big bank, online TV service, department store has been hacked over the past few year and you can read more below :-

https://www.lifewire.com/the-greatest-computer-hacks-4060530

So after acquiring all of these details the hackers just generate an automated email to thousands of users claiming that they have installed remote monitoring software. The clever part is to include an old or not so old password (people dont usually have different passwords for different systems) as part of the email so the reader assumes their computer must be hacked … when in reality it’s just an old password from another online system … that they may not even be signed up to anymore. Clever … isn’t it? Well it might just be deadly as they type of scam has reported caused panic amoung users Worldwide with some reports of users taking their own lives as a result.

So what can you do?

  1. Always use different passwords for different systems – we know its difficult but ist necessary.
  2. Always keep your p.c. antivirus/security software up to date – we dont recommend the free versions.
  3. Change your passwords regularly – every 6 months is no harm.
  4. Enable extra security – alot of systems now have 2FA which uses your phone as part of a login process.
  5. Delete or report the emails – this is a crime after all and people do fall this scam and pay the randsom.

Hat tip to those guys @dash who first alerted us about this.