Sextortion is extortion through sexual means. The scammer falsely claims to have hacked into your device and recorded your sexual activities of self-pleasure as you are watching porn websites. Of course, this is all a huge scam and it has been going around for many years now. Here are several that I have received (and blocked) on my mail server over the past month.

Basically, the scam goes like this:

• Your computer was hacked
• The hacker installed a trojan on your computer
• The hacker used the trojan to steal your contacts
• The hacker turned on your webcam and recorded you, well, they recorded you masturbating while watching porn
• They threaten to upload the video(s) if you don’t pay them in bitcoin
• They give you a couple of days to pay and that is the scam

Here are a couple of real-world examples from my email server.

I also checked out how much money each bitcoin wallet (which I have redacted) has in it:

• The first example has two different wallets associated (two separate emails with the same content, just different wallets, and different subjects) with it, and combined they have a total of $11,761.28 in them
• The second example has only one wallet associated with it and it has $2,840.01 in it
• The third example has three wallets associated (three separate emails with the same content, just different wallets, and different subjects) with it and they have a combined $2,660.72 in them
• There were two other emails, identical to the second example, just with different bitcoin wallets, one had $2,281.01 and the other had $2,373.53.
• That is six different emails with eight different wallets and a total of $21,916.55 in them. Sadly that is some big money for little work and that is just a small sampling of what is out there in the wild.

——————
EXAMPLE #1
——————

Received: from [141.164.151.236]
by redacted.redacted.net with esmtp (Exim 4.95)
(envelope-from <okazosp@adsd.mailerokdf.com>)
id 1n6u2z-00059f-3e
for redacted@redacted.com;
Mon, 10 Jan 2022 07:45:13 -0500
From: <okazosp@adsd.mailerokdf.com>
To: <redacted@redacted.com>
Subject: Don’t forget to pay the tax within 2 days!
Date: 10 Jan 2022 17:11:27 +0200
Message-ID: <002f01d80638$01e13c1a$da6f0a9d$@adsd.mailerokdf.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset=”windows-1250″
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Ac276ythuu410lwb276ythuu410lwb==
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.17514

Hi. How are you?

I know, it’s unpleasant to start the conversation with bad news, but I have no choice.
Few months ago, I have gained access to your devices that used by you for internet browsing.
Afterwards, I could track down all your internet activities.

Here is the history of how it could become possible:
At first, I purchased from hackers the access to multiple email accounts (nowadays, it is a really simple thing to do online).
As result, I could easily log in to your email account (redacted@redacted.com).

One week later, I installed Trojan virus in Operating Systems of all devices of yours, which you use to open email.
Frankly speaking, it was rather straightforward (since you were opening the links from your inbox emails).
Everything ingenious is quite simple. (o_0)!

My software enables me with access to all controllers inside devices of yours, like microphone, keyboard and video camera.
I could easily download to my servers all your private info, including the history of web browsing and photos.
I can effortlessly gain access to all your messengers, social networks accounts, emails, contact list as well as chat history.
Virus of mine constantly keeps refreshing its signatures (because it is driver-based), and as result remains unnoticed by your antivirus.

Hence, you can already guess why I stayed undetected all this while.

As I was gathering information about you, I couldn’t help but notice that you are also a true fan of adult-content websites.
You actually love visiting porn sites and browsing through kinky videos, while pleasuring yourself.
I could make a few dirty records with you in the main focus and montaged several videos showing the way you reach orgasm while masturbating with joy.

If you are still uncertain regarding the seriousness of my intentions,
it only requires several mouse clicks for me to forward your videos to all your relatives, as well as friends and colleagues.
I can also make those vids become accessible by public.
I honestly think that you do not really want that to happen, considering the peculiarity of videos you like to watch,
(you obviously know what I mean) all that kinky content can become a reason of serious troubles for you.

However, we can still resolve this situation in the following manner:
Everything you are required to do is a single transfer of $1370 USD to my account (or amount equivalent to bitcoin depending on exchange rate at the moment of transfer),
and once the transaction is complete, I will straight away remove all the dirty content exposing you.
After that, you can even forget that you have come across me. Moreover, I swear that all the harmful software will be removed from all devices of yours as well.
Make no doubt that I will fulfill my part.

This is really a great deal that comes at a reasonable price, given that I have used quite a lot of energy to check your profile as well as traffic over an extended period of time.
If you have no idea about bitcoin purchase process – it can be straightforwardly done by getting all the necessary information online.

Here is my bitcoin wallet provided below: redacted

You should complete the abovementioned transfer within 48 hours (2 days) after opening this email.

The following list contains actions you should avoid attempting:
#Do not try replying my email (email in your inbox was generated by me alongside with return email address).
#Do not try calling police as well as other security forces. In addition, abstain from sharing this story with your friends.
After I find out (be sure, I can easily do that, given that I keep complete control of all your devices) – your kinky video will end up being available to public right away.
#Do not try searching for me – there is absolutely no reason to do that. Moreover, all transactions in cryptocurrency are always anonymous.
#Do not try reinstalling the OS on your devices or throwing them away. It is pointless as well, since all your videos have already been uploaded to remote servers.

The following list contains things you should not be worried about:
#That your money won’t reach my account.
– Rest assured, the transactions can be tracked, hence once the transaction is complete, I will know about it, because I continuously observe all your activities (my trojan virus allows me to control remotely your devices, same as TeamViewer).
#That I still will share your kinky videos to public after you complete money transfer.
– Trust me, it’s pointless for me to continue troubling your life. If I really wanted, I would make it happen already!

Let’s make this deal in a fair manner!

Owh, one more thing…in future it is best that you don’t involve yourself in similar situations any longer!
One last advice from me – recurrently change all your passwords from all accounts.

——————
EXAMPLE #2
——————

Received: from [187.86.165.49]
by redacted.redacted.net with esmtp (Exim 4.95)
(envelope-from <redacted@redacted.com>)
id 1n7G7h-0000Ds-7X
for redacted@redacted.com;
Tue, 11 Jan 2022 07:19:33 -0500
Message-ID: <032D82470AACE8CFE14E8BC66024032D@IFYRX7Q6Y>
From: <redacted@redacted.com>
To: <redacted@redacted.com>
Subject: Do You Do Any of These Embarrassing Things?
Date: 11 Jan 2022 00:47:32 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”—-=_NextPart_000_003A_01D806BB.06AC9180″
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3328
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3328

I am sorry to inform you but your device was hacked.

That’s what happened. I have used a Zero Click vulnerability with a special code to hack your device through a website.
A complicated software that requires precise skills that I posess.
This exploit works in a chain with a specially crafted unique code and such type of an attack goes undetected.
You only had to visit a website to be infected, and unfortunately for you it’s that simple for me.

You were not targeted, but just became one of the many unlucky people who got hacked through that webpage.
All of this happened in August. So I’ve had enough time to collect the information.

I think you already know what is going to happen next.
For a couple of month my software was quietly collecting information about your habits, websites you visit, websearches, texts you send.
There is more to it, but I have listed just a few reasons for you to understand how serious this is.

To be clear, my software controlled your camera and microphone as well.
It was just about right timing to get you privacy violated. I have made a few pornhub worthy videos with you as a lead actor.

I’ve been waiting enough and have decided that it’s time to put an end to this.
Here is my offer. Let’s name this a “consulting fee” I need to get, so I can delete the media content I have been collecting.
Your privacy stays untouched, if I get the payment.
Otherwise, I will leak the most damaging content to your contacts and post it to a public website for perverts to view.

You and I understand how damaging this will be to you, it’s not that much money to keep your privacy.

I don’t care about you personally, that’s why you can be sure that all files I have and software on your device will be deleted immediately after I receive the transfer.
I only care about getting paid.

My modest consulting fee is 1700 US Dollars to be transferred in Bitcoin. Exchange rate at the time of the transfer.
You need to send that amount to this wallet: redacted

The fee is non negotiable, to be transferred within 2 business days.

Obviously do not try to ask for help from the law enforcement unless you want your privacy to be violated.
I will monitor your every move until I get paid. If you keep your end of the agreement, you wont hear from me ever again.

Take care and have a good day.

——————
EXAMPLE #3
——————

Received: from server.yil.azg.mybluehost.me ([162.214.198.157])
by redacted.redacted.net with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
(Exim 4.95)
(envelope-from <redacted@redacted.org>)
id 1n6MXX-0001SO-27
for redacted@redacted.org;
Sat, 08 Jan 2022 19:58:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=matgry.aksapp.com; s=default; h=Content-Type:MIME-Version:Date:Subject:To:
From:Reply-To:Message-ID:Sender:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=MHslLZLBtcR6Jfkp7H+LdK8Oux3uG+2matgv6qyXdyI=; b=WVfcLfIwm+TuWMyk6BfYfLxhz8
aNf6nIpdWzqw01Cx/eBff8a//hDy1fjc0mCnyQZHFbgM5nt9FcP9q4t7R3Dxobgc/NPSSz7RcTAVy
CIWUVXI3o7acixAHPh+jGQk+pBcq7nZD9USaRgo5WIJQNNL5BvPMc/RtyBGH7COj48l1fsTEs/x6V
+s/qFZfWsiOsbbITruk4wfczIqRQbsN7gPXYztJeYV7hkQRpU0ED9FKBwpweuxooVhbblnymdK+Wb
CktHyYMFdUub5RYErwJoGISjQiP6+wDAjEXqrm9RGowcnyweJ//2LTDf1jqsGE8WML/0hwu5H06Tl
MErujMzg==;
Received: from ec2-3-17-157-27.us-east-2.compute.amazonaws.com ([3.17.157.27]:54656 helo=ip-172-31-9-94.us-east-2.compute.internal)
by server.yil.azg.mybluehost.me with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.94.2)
(envelope-from <redacted@redacted.org>)
id 1n6MXW-00008K-2D
for redacted@redacted.org; Sat, 08 Jan 2022 17:58:29 -0700
Message-ID: <872a7dd150f0dad6f1c47221d5106a66471b0bf5@redacted.org>
Reply-To: Me <redacted@redacted.org>
From: Me <redacted@redacted.org>
To: redacted@redacted.org
Subject: You have to pay a debt.
Date: Sun, 9 Jan 2022 00:58:28 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=”82aee73ebe6a4048a4a117bb5edaf0fe080d71″
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – server.yil.azg.mybluehost.me
X-AntiAbuse: Original Domain – redacted.org
X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain – redacted.org
X-Get-Message-Sender-Via: server.yil.azg.mybluehost.me: authenticated_id: no-reply@matgry.aksapp.com
X-Authenticated-Sender: server.yil.azg.mybluehost.me: no-reply@matgry.aksapp.com
X-Source:
X-Source-Args:
X-Source-Dir:

Hi, I’m sorry but You’re going to have a bad day:

Approximately few months ago I have gained access to your devices, which you use for internet browsing. After that, I have started tracking your internet activities.

Here is the sequence of events:
Some time ago I have purchased access to email accounts from hackers (nowadays, it is quite simple to purchase such thing online). Obviously, I have easily managed to log in to your email “redacted@redacted.com” account, if you don’t believe me, just see header of this email 😉 One week later, I have already installed Trojan virus to Operating Systems of all the devices that you use to access your email.

In fact, it was not really hard at all (since you were following the links from your inbox emails).

This software provides me with access to all the controllers of your devices (e.g., your microphone, video camera and keyboard).
I have downloaded all your information, data, photos, web browsing history to my servers.
I have access to all your messengers, social networks, emails, chat history and contacts list.
My virus continuously refreshes the signatures (it is driver-based), and hence remains invisible for antivirus software.

Likewise, I guess by now you understand why I have stayed undetected until this email…

While gathering information about you, I have discovered that you are a big fan of adult websites. You really love visiting porn websites and watching exciting videos, while enduring an enormous amount of pleasure. Well, I have managed to record a number of your dirty scenes and montaged a few videos, which show the way you masturbate and reach orgasms. If you have doubts, I can make a few clicks of my mouse and all your videos will be shared to your friends, colleagues and relatives. I have also no issue at all to make them available for public access. I guess, you really don’t want that to happen, considering the specificity of the videos you like to watch, (you perfectly know what I mean) it will cause a true catastrophe for you.

I’ve also a good news!
You transfer $ 1800 USD to me (in bitcoin equivalent according to the exchange rate at the moment of funds transfer), and once the transfer is received, I will delete all this dirty stuff right away. After that we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me, I keep my word.

This is a fair deal and the price is quite low, considering that I have been checking out your profile and traffic for some time by now. If you don’t know how buy bitcoin:
1) https://buy.chainbits.com/?crypto=BTC OR 2) https://buy.moonpay.com/
Here is my bitcoin wallet: redacted

You have less than 48 hours from the moment you opened this email (precisely 2 days).

Things you need to avoid from doing:
– Do not reply me (I have created this email inside your inbox and generated the return address).
– Do not try to contact police and other security services. In addition, forget about telling this to you friends. If I discover that (as you can see, it is really not so hard, considering that I control all your systems) – your video will be shared to public right away.
– Don’t try to find me – it is absolutely pointless. All the cryptocurrency transactions are anonymous.
– Don’t try to reinstall the OS on your devices or throw them away. It is pointless as well, since all the videos have already been saved at remote servers.

Things you don’t need to worry about:
– That I won’t be able to receive your funds transfer.
– Don’t worry, I will see it right away, once you complete the transfer, since I continuously track all your activities (my trojan virus has got a remote-control feature, something like TeamViewer).
– That I will share your videos anyway after you complete the funds transfer.
– Trust me, I have no point to continue creating troubles in your life. If I really wanted that, I would do it long time ago!

Everything will be done in a fair manner!

One more thing… Don’t get caught in similar kind of situations anymore in future!
My advice – keep changing all your passwords on a frequent basis

My next post will be about what to do if you have received a sextortion email.