Got a ransom note from a bitcoiner?

Anyone get a ransom note from someone, asking for bitcoin? I just got one from a mailer at, claiming that if I don’t pay up, he will send a video to all the names in my contact list, showing all the porn I have been watching, and showing my face from my computer’s cam.

Since my computer doesn’t have a cam, at least part of this is fake. And if he sends out that video, I hope he sends me a copy so I can see what I have been supposedly watching.

He does supply one piece of info that would be hard to find out or guess. That makes me a bit unnerved. However this fucker ain’t gettin’ no bitcoin from me.

Anyone else deal with this?

Yeah, I’ve been getting these emails for a week or so.
Since they are clearly a scam, I’m ignoring them.
ETA: they have an old password of mine that must have been compromised years ago.

But the fact that they have any password, even an old one, suggests that some of their claims might be true, like installing a password logger on a porn site.

Since I don’t use the same name or same password for most sites, knowing one isn’t going to get this dude very far, but…

Do you actually have an account on a Porn site?
If so, that might be cause for concern.
But, really, the whole email sounds like a scam to me, and the fact that I have received it several times already from different email addresses and with different bitcoin addresses just screams “Scam!”

This is an old password, right? It comes from a hacked site and you changed that password, didn’t you?

Send copies here:

FBI cybercrime tipline

Seems to be common enough; the IT people at the Department of Commerce (whose umbrella I’m under) sent a warning to all employees under their umbrella this morning. The email references this article:

Here’s an excerpt from the email.

The only porn sites I have visited do not use this name or this password, although in 25 years of Internet use, who knows what was used and what sites were hacked.

Does any of his text make sense as a possible operation, like “Browser initiated operating as a Remote Desktop that has a key logger…”? Or is that simply scare ware?

A Malware scan of two of my computers shows nothing amiss.

First googing turned up nothing, but further googling shows this as a likely culprit.

Weird, somehow a letter got dropped out of that link. Here’s the correct one:

I would laff it off except for the password data. Here’s how that might have happened, from the same site I referred to previously:

I dropped LinkedIn about >5 years ago, but it’s possible that password was used on it. I dropped it not for security reasons, but because it was a great timewaster. Unfortunately, I don’t have a record of my login and password from the old LinkedIn account, but this one is a possibility.

I got pretty much the same email that you did, Musicat, earlier this week. It contained a reference to a password I’d used several years ago, as well.

Someone at work got one the other day. Here’s the text.

It was funny in it’s blatant over-the-top scare tactics. I contacted Outlook and they shut down the account.

Brian Krebs is the go-to guy for online security and scams.

[INDENT]KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.[/INDENT] Emphasis added.

To sum up what I think I have learned:

Multiple data breaches from the past are now stored for scammer uses. This data may contain names and passwords used long ago.

Automated scammer programs access these databases and generate extortion emails, claiming to have found your password from a malware injection on an unspecified porn site. This is not true, but since almost everyone has visited a porn site sometime in their life, and might be embarrassed to admit it, this claim has some scare-merit.

The claim to have recorded your porn site visits and/or an image of you while doing it is just another bogus scare tactic.

If you ignore this email, nothing will happen. I doubt if the scammers want to spend the possibly unrewarding time making other connections from your data. However, if the specified password is one you still use, it would be wise to change it on all sites where it is used.

Since no one can count on finding out about a data breach, most of us sign on to many web commercial and other web sites, and a data breach may happen without even the site owner knowing about it, it would be wise to change your passwords everywhere periodically, just in case.

Does that sound like a good wrapup?

Too bad there’s no way for you to send this douche an email from a fake gmail account telling him to go fuck himself.

He’s too busy counting his bitcoins to care about that.

Tell them to send you the video they claim to have.

I like that these rely on the assumption that I’d be horrified if my friends and family were to learn that I sometimes watch some pretty standard porn. Likewise, if I got some random email saying “Watch your brother-in-law jerk off to ‘Horny Stepdaughter seduces her Dad’!!!” I’d delete it with zero interest in viewing that. Or care.

With so many people here getting the same email, I got it too, I wonder if the straight dope message board was hacked.

Also most webcams are configured so that the light is powered by the same circuit as the camera making it impossible to turn the camera on without the light coming on. This is a safety feature to prevent this sort of thing.