An email says that a hacker who sent it has compromised your security and taken control of your webcam, so they say that they recorded video of you. Often, blackmail scams will say that they have a compromised video of you, which they threaten to send to your contacts.
Netsafe has received multiple reports about email scams in which scammers allegedly claim that they hacked into a device of the victim, recording an intimate audio recording of them using pornography websites. The scammer has provided an intimate audio recording of them using a pornography website. People received emails from them that had their intimate recordings, such as using a porn website, played back.
The scammer emails his or her would-be victims a real password the victims used, then attempts to blackmail them, saying that he or she has broken into their computers and recorded them watching pornographic videos. In addition to using the recipients password in a blackmail email, scammers will also use the recipients own email address in order to appear as though they are the sender. Scammers use this trick (writing your password on an email) to get you scared and to believe the contents of a blackmail email are genuine, ultimately leading to the payment of the ransom.
The usage is called spoofing, and makes it appear as though a recipients own email address sent you a blackmail email, making you believe the scammer has access to your email account. Once you open a lot of the blackmail emails, pixels capture the images hosted on the remote server, which serves to alert the scammer they have landed on an active email address. The email tells you the sender has tracking software installed on your device, and it makes some vague claim to knowing that you visited a porn site. The way this usually works is you get an email, often from what appears to be your own email account.
What you should do is change the password on the email right away, because the scammer might have already compromised your email account. The first thing you should do is change your password, if you are still using the password mentioned in the email that was sent with the scam, on any of your accounts. Once you change your passwords if needed, and you delete the emails (after reporting the email for being extorted), make sure that your computer is secure and protected with anti-virus software, and that it is updated regularly so you have the latest security updates for your system. If you have different passwords for all of your various accounts, it is very likely you will not get any blackmail emails.
Whereas blackmail emails usually use small details like the old passwords to trick you into believing that the sender has something more compromising in them, or about you. Most English-language extortion emails typically disclose something vague about what you are guilty of, but which can be applied to a lot of people, almost like a star sign. The emails are often a bit long, contain many threats, and the sender attempts to appear authority. Most of extortion emails go into peoples spam folders automatically, but occasionally, some find their way into inboxes.
Email systems or clients that perform junk mail (spam) filtering may be helpful at catching some of these types of extortion messages, but cannot be relied upon to catch them all. Otherwise, they cannot really harm you…as long as you have secured your accounts, so that they cannot use one of your passwords against you. Unfortunately, a tiny percentage of extortion emails are successful at convincing victims to wire money.
Depending on when you make the large leap, you might be getting one of these bitcoin extortion scams, as your email was exposed in the recent data breach. The context for scam emails has been the same pattern for a while, usually with the only change being a Bitcoin address to which you can send any requested sum. The emails may seem especially convincing as they usually include the victims password.
Most often, threatening emails are what we would consider to be extortion emails, since they allege malicious software on the computer has captured embarrassing photos of you via a webcam, but other variations of the same theme may exist. This kind of email is called a sextortion email, and is almost always a Phishing attempt filled with fake threats. A hoax sextortion email includes claims about perceived inappropriate behavior, usually including claims that the scammer has proof of your affairs, has compromised your webcam in order to capture compromising photos or videos of you, or has proof of pornographic materials that you have seen.
Extortion scammers spout threats indiscriminately, using large batches of email addresses and associated passwords they have probably obtained on the black market after major company data breaches. Scammers purchase old dumps of email accounts and passwords from the dark web, which were distributed during data breaches. What happens is a site that you had an account with gets hacked, and somebody is able to pull out a pile of email addresses and passwords.
Some versions of this scam include a persons online account password, or it can look like it was sent from that persons email address. In some versions of this scam, the scam emails subject lines have also included the targets password, which he/she uses (or has used in the past) for his/her online accounts.