In December 2018 and January 2019 I saw a flood of emails arriving in my spam folder that looked like the one below. I decided to share it here, since I also had a very nervous client ask about a similar message they'd received.
It's equal parts funny as it is disturbing. The disturbing part is that it plays on realistic security concerns. Email accounts do get hacked, keyloggers (malware) do get installed, and information does get stolen. Among the worst are the ransomware situations where all your files get held hostage, with very little recourse unless you've backed them up before the malware was installed.
In this case though, the message is technically a "phishing" attempt. They hope you'll panic and believe them, saving them the actual effort of hacking your system. What scares many people is the part about the email coming from themselves. What most people don't realize is that this is easy to fake. It's called "spoofing" and just means that an outgoing email message has it's headers edited to say it's coming from an address it's not actually coming from. (Read more about email headers.)
A message like this might attach malware as a supposed image or video file, which you might click to open if you think there's a chance they actually did what they're saying they did. Then you may actually end up getting infected. One of the biggest rules of thumb with email is to never click a link or open an attachment unless you're 100% sure it's from someone you trust and is something you'd normally expect to have received.
All that being said, here's the email:
You may not know me and you are probably wondering why you are getting this e mail, right?
I’m a hacker who cracked your email and devices a few months ago.
Do not try to contact me or find me, it is impossible, since I sent you an email from YOUR hacked account.
I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean).
While you were watching videos, your internet browser started out functioning as a RDP (Remote Control) having a keylogger which gave me accessibility to your screen and web cam.
After that, my software program obtained all information.
You entered a passwords on the websites you visited, and I intercepted it.
Of course you can will change it, or already changed it.
But it doesn’t matter, my malware updated it every time.
What did I do?
I backuped device. All files and contacts.
I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.
exactly what should you do?
Well, in my opinion, $1000 (USD) is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
My Bitcoin wallet Address:
(It is cAsE sensitive, so copy and paste it)
You have 48 hour in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message).
To track the reading of a message and the actions in it, I use the facebook pixel.
Thanks to them. (Everything that is used for the authorities can help us.) If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on.
For the most part you can ignore emails like this. However, if you feel like taking action (whether it makes a difference or not) you can report it to the FBI at https://www.ic3.gov/complaint/default.aspx