A hacker emailed me and demanded I pay $900 otherwise they are going to share some horrible things on social media…apparently.
I think I’m a sensible enough person and take precautions when online.
I check websites are safe before browsing or buying, I make sure my passwords are unique and strong, and I’m always wary of email with dodgy broken English, but one of the latest emails caught me off guard.
A hacker emailed me
I got caught off guard the other day as it wasn’t one of the usual spammy emails I get. Instead of “Dear customer”, this one told me they had a password that I recognised, and I use.
This email made me wonder what on earth I did and how did they get my details?!
At first, I panicked. However much I know what they were saying about me were lies, but I was still worried they had access to my cameras and could see me.
I was worried they knew my email address and could get into an account, then find my address or connected bank card details.
And, I knew I didn’t have $900 to pay them to leave me alone. Even if I did pay, would that stop them?
Here’s what the hacker email said:
(We have removed password and bitcoin details)
———- Message ———
From: Recorded You
Date: Tue, 19 Nov 2019 at 17:23
Subject: I know everything – [PASSWORD REMOVED]
Hey, I know your password is: [PASSWORD REMOVED]
Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn’t updated / patched, in such case it’s enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more – Google: “Drive-by exploit”.
My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won’t even notice about it.
I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!
After that I removed my malware to not leave any traces.
I can send the video to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are, I can publish all I found on your computer everywhere!
Only you can prevent me from doing this and only I can help you out in this situation.
Transfer exactly 900$ with the current bitcoin (BTC) price to my bitcoin address.
It’s a very good offer, compared to all that horrible shit that will happen if I publish everything!
You can easily buy bitcoin here: [WEBSITE REMOVED] , [WEBSITE REMOVED] , [WEBSITE REMOVED], or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my address, or create your own wallet first here: [WEBSITE REMOVED] , then receive and send to mine.
My bitcoin address is: [BITCOIN ADDRESS REMOVED]
Copy and paste my address, it’s (cAsE-sEnSEtiVE)
I give you 2 days time to transfer the bitcoin!
As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it’s to make sure you read it, my mailer script has been configured like that and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.
Next time update your browser before browsing the web!
———- End of message ———
Is the hacker going to do it?
So they’ve already hacked you and then managed to remove all evidence from your computer (convenient that!).
Basically, they are not going to do anything.
They are not going to share anything as there is unlikely anything to share. Whoever sent this is lying to you.
If they had all this access, why did they not just hack into your online banking and transfer any money you have into their own bank?
This particular email was sent to me on 19 November, but I didn’t see it until a week later.
They gave me 2 days to pay them, which I didn’t, but they didn’t do anything. They didn’t share anything on my social media (because they don’t have any videos of me).
How did they do it?
It’s not me that got hacked, but another company.
Companies, unfortunately, get hacked for their data all the time. Why hack one person, when you can try for the data of millions?
Some of it you may hear about in the news as data breaches need to be reported, but some may not have got as much press if other big news has been going on.
The hacked data then gets sold on the dark web for a few quid at a time.
I’ve been able to find out exactly what personal data has been hacked.
Now, I’ve had my email address a long time, and I’ve been able to see that my data was compromised.
Some of the companies I’ve heard of, and I remember signing up with (even if it was back in 2008!), and I kinda recall getting emails from at least one of them suggesting I change my password after a data breach.
But, I had no idea I was my email and password was added to a spam list “Online Spambot” – whatever that is?
I checked other email addresses I use, and they’ve been compromised too.
Using the site Have I Been Pwned allows you to search any data breaches to see if your data/email has been compromised.
You may think you’re safe and you’ve protected yourself, but you may not know what has happened to another company.
This isn’t the only kind of email doing the rounds.
Other versions are saying even worse things like this email shared with us by our local computer repair shop.
This email leads you to believe they have a video of you after watching dodgy adult sites, and that they’ll share it unless you pay them Litecoin (similar currency to Bitcoin).
What can you do?
Had a similar “sextortion” email?
First up, do not panic and do not respond.
You have not been singled out – they would be sending this same email to however many people are on their list of targets.
1. Delete the email
Once you’ve got over the shock and realise it’s a shady scam, please just delete the email and don’t fret.
Don’t even think about sending them any money!
This is a scam email and you will lose money. The email belongs in the bin.
2. Use different passwords
If you’re still using the password in the email, then change it.
It’s also a good idea to not use the same password for all accounts, but have something different for all accounts.
If a hacker has multiple lists from the darknet, they will easily be able to link that you use the same password and may look to hack you.
3. Use a password manager
With a lot of passwords comes the complication of remembering them.
You can write them all down in a notebook (don’t forget the safe place you keep it!), or look to use an online password manager.
4. Run a security scan
It’s always a good idea to carry out a bit of admin on your devices regularly.
Whether you’ve got a date marked on your calendar to carry out a scan or not, it never hurts to run a full security scan on your computer to check for viruses or malware.
5. Report it
If you have not lost any money or given your details, then you can report it as a phishing attempt to Action Fraud. You may also be asked to forward the email on to the police.
If you ended up responding and sending them bitcoin, then I’m sorry you lost money, but you need to report it to the police. Sending these people money (whether that’s straight from your bank or by Bitcoin) means you need to report it as a crime.
Just because a hack may have happened recently, it doesn’t mean you’ll get targeted straight away – it could be years before you get anything targeting you directly.
This is not the only scam going around.