Weird blackmail email - what to follow?

[Zorgothslugofdoom]

I've received an email today, sent to my work email address. I've pasted most of it below:

It appears that, (xxxxxxxx), is your password. Will possibly not know me and you are most likely wondering why you're getting this e-mail, right?

actually, I put in place a viruses on the adult videos (adult porn) web-site and guess what happens, you visited this web site to have fun (you know what I am talking about). During the time you were watching videos, your internet browser started off operating like a RDP (Remote Access) which gave me accessibility of your screen and web camera. after that, my software programs obtained your complete contacts from your Messenger, Microsoft outlook, FB, along with emails.

What did I actually do?
I made a double-screen video. 1st part shows the recording you were watching (you have got a good taste haha . . .), and 2nd part shows the recording of your web camera. exactly what should you do?

Well, in my opinion, $1000 is really a reasonable price for our little secret. You will make the payment by Bitcoin (if you do not know this, search "how to purchase bitcoin" in Google).Bitcoin Address: 1HTFEUC6kXAmrt9Dyazbvmg4ahdwSG41KE
(It's case sensitive, so copy and paste it)

Very important:
You've some days in order to make the payment. (I've a special pixel in this e-mail, and at this moment I am aware that you've read this email message). If I don't get the BitCoins, I will certainly send out your videos to all of your contacts including family members, coworkers, and so forth. Having said that, if I receive the payment, I'll destroy the recording immidiately. If you'd like evidence, reply with "Yes!" and I will definitely mail out your video recording to your 6 contacts. It is a non-negotiable offer, that being said don't waste my personal time and yours by responding to this message.

I'd normally completely ignore this sort of thing as spam, particularly as I have never watched porn on the computer, and have definitely not visited any porn sites (not that there's anything wrong with that - it's just not my thing). But, the password, while not being one I currently use, is one I used in the past, and would be very hard for someone to guess. Really don't know what to do? Was thinking of contacting my work IT department on Monday, but know I will be worrying all weekend. What if this person puts together a fake video and sends it to all of my business contacts? I couldn't afford to pay, even if I wanted to! Any ideas, wise ones of mums Net?

It is spam, just ignore it

Don't click on any links. Screenshot and report to IT department (don't forward to anyone) and don't worry. It's a scam, but your IT dep need to know.

Its a scam. Dont panic, they don't have any images or film of you.

Dont reply.
Forward it to your IT department.
Report it to Action Fraud.

Run an anti spyware on your machine, such as Malwarebytes. The free one is fine;

www.malwarebytes.com/

Report to your work IT - their servers should be able to block phishing scams.

Report to Action Fraud online, not your local police force. They deal with these reports.

Delete and ignore the email.

Change all passwords anyway.

Surely your work have a policy on this? Follow that don't do anything else or speak to your line manager or IT if unsure.

You must have used that password and email combination on a website that has been hacked in the past, maybe even mumsnet. The hackers released all the data on the internet for anyone to buy!

I had exactly that, just let IT know.

It's a scam, not one word of it is real. I've seen it posted elsewhere, word for word. Ignore it. The other person was able to place which site they'd harvested her password from.

I’ve also seen that exact email shared on fb. Don’t panic, they’ve got nothing on you!

Ignore - don’t send an email response .... not even Fuck You as you are confirming the email address is live and will open th floodgates for a million more emails which your IT Department won’t thank you for. It’s an old password probably from a company website you used years ago that got hacked.

It’s a scam email. Ignore it but report to IT.

www.hoax-slayer.net/fake-blackmail-sextortion-scam-emails-using-real-passwords/

It's a hoax.

Reminds me a bit of that black Mirror episode. Anyway, it's a scam as pp. Screenshot for IT and delete.

We've received warnings about this scam on the local news and at work. They do appear to have gotten access to old passwords from past breaches mostly attached to disused email or social media accounts. They have nothing else, no access to your contacts or personal files. Report to relevant IT dept then delete.

It's spam, ignore and delete.

Unless you really have been watching the mentioned videos...

Were you have put "xxxxxxx", was your actual password in the e-mail??

As a PP said th3 password will have come from a previous data breach.

Websites like www.haveibeenpwned.com allow you to search across multiple data breaches to see if your email address / password has been compromised in the past (mine has been about 4 times - this is why it's important to practise good "password hygiene" i.e. don't use the same password for multiple sites - otherwise a breach of one website or service can leave you vulnerable in other areas).

Sorry I missed reading the bit where you said that the password was an old one.

Here is what I would do -

1. Do not delete e-mail as you will need it for 2 & 3

1. Report to IT department at work

1. Report to www.actionfraud.police.uk/

1. Do not call local police as they will only refer you to 3

1. Forget all about it

Load of crap, ignore and don't give it anymore head space.
A friend at work had one, she came in crying she was that worried

police now get advice: do not open/click any attachments or connections/

Identical to one that my BIL received 2 weeks ago.

I've just found this on the Action Fraud website:

Alert: Cyber criminals send victims their own passwords in new sextortion scam
13th July 2018

Cyber criminals are sending victims their own passwords in an attempt to trick them into believing they have been filmed on their computer watching porn and demanding payment.

There have been over 110 of reports made to Action Fraud from concerned victims who have received these scary emails.

In a new twist not seen before by Action Fraud, the emails contain the victim’s own password in the subject line. Action Fraud has contacted several victims to verify this information, who have confirmed that these passwords are genuine and recent.

The emails demand payment in Bitcoin and claim that the victim has been filmed on their computer watching porn.
An example email reads;
I'm aware, XXXXXX is your password. You don't know me and you're probably thinking why you are getting this mail, right?

Well, I actually placed a malware on the adult video clips (porno) web site and guess what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your internet browser started out working as a RDP (Remote Desktop) with a key logger which gave me access to your display screen as well as web camera. Just after that, my software program gathered every one of your contacts from your Messenger, Facebook, and email.

What did I do?

I made a double-screen video. First part shows the video you were watching (you have a nice taste omg), and 2nd part displays the recording of your webcam.

Exactly what should you do?

Well, I believe, $2900 is a fair price tag for our little secret. You'll make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).
BTC Address: 1HpXtDRumKRhaFTXXXXXXXXXX

(It is cAsE sensitive, so copy and paste it)

Important:

You now have one day to make the payment. (I have a special pixel within this email message, and now I know that you have read this e mail). If I do not receive the BitCoins, I will definately send out your video recording to all of your contacts including close relatives, co-workers, and many others. Nevertheless, if I receive the payment, I'll destroy the video immidiately. If you need evidence, reply with "Yes!" and I will send your video to your 10 friends. It is a non-negotiable offer, therefore do not waste my time and yours by responding to this message.
Suspected data breach
Action Fraud suspects that the fraudsters may have gained victim’s passwords from an old data breach.

After running some of the victim’s email addresses through ‘Have i been pwned?’, a website that allows people to check if their account has been compromised in a data breach, Action Fraud found that almost all of the accounts were at risk.

Last month, fraudsters were also sending emails demanding payment in Bitcoin, using WannaCry as a hook.
How to protect yourself
Don’t be rushed or pressured into making a decision: paying only highlights that you’re vulnerable and that you may be targeted again. The police advise that you do not pay criminals.

Secure it: Change your password immediately and reset it on any other accounts you’ve used the same one for. Always use a strong and separate password. Whenever possible, enable Two-Factor Authentication (2FA).

Do not email the fraudsters back.

Always update your anti-virus software and operating systems regularly.

Cover your webcam when not in use.

If you have receive one of these emails and paid the fine, report it to your local police force. If you have not paid, report it as a phishing attempt to Action Fraud.

www.actionfraud.police.uk/news/alert-cyber-criminals-send-victims-their-own-passwords-in-new-sextortion-scam-jul18

I had that this week , followed by another one that was slightly more threatening.
I just deleted them
The password they quoted was one I had only used on an internet animal feed site so I have changed my password.
You can forward the email to a police internet scam department re phishing.

I’ve had this too. Definitely a scam. Just ignore it.

Ignore.

I watched an interview with Rami Malek talking about Mr Robot and he said after working with real life hackers in the role he now puts a plaster over his webcam on his laptop. Sound advice.

This is a scam however they have nothing. They would send the video or images they had to you.