‘You’ve been watching porn’ scam
What’s the threat?
Criminals are emailing victims their own passwords hoping to trick them into believing they’ve been filmed on their computer watching porn online.
The ‘sextortion’ email contains your computer password in the subject line and the opening sentence (see screenshot). It claims to have used this to gain access to your PC, then install malware that captures you doing “nasty things” while watching porn.
It also boasts about gathering “every one of your contacts from your Messenger, Facebook, and email”, and threatens to send the video to them (“including relatives, coworkers, and so forth”) unless you pay $1,400 in Bitcoin within 24 hours, which it calls a “fair price for our little secret”.
The scammer promises to erase the video if you pay, adding “this is a non-negotiable offer, so don’t waste my time and yours by replying to this email”.
How can you stay safe?
You should immediately change the password included in the email. Some victims said the password mentioned in the email was for an old account they no longer use, and had never used on their current PC. Based on this, security experts think the attack draws on passwords and emails contained in a database stolen in a data breach around 10 years ago.
Action Fraud searched for some of the victims’ email addresses on ‘Have I been pwned?’ ( https://haveibeen pwned.com), which lets people check whether their online accounts have been hacked. It found almost all the accounts were at risk. It’s feared that the attackers will start using more recent passwords to convince victims the threat is real.
Scams like these get the blood boiling, so you may be tempted to reply to the email, telling the attacker where to go. Instead, seek another way to express your anger. Responding to scams just lets criminals know the email address is active, making it more likely you’ll be targeted in future.