Beware: Hackers Blackmailing Computer Users by Leveraging Porn Watching Habits in Terrifying Spam Email Campaign

Apparently, hackers have found a new groove in their line of work in the many extortion tactics that they present to the masses. A new kind of scam has broken out where attackers leverage stolen passwords in a way that they formulate an email message with one of your passwords in the subject line only to claim that your webcam was hacked while you were watching porn on the Internet.

The email campaign, as terrifying as it may seem, is yet another clever technique hackers are using to ultimately make demands for bitcoin, which is a fundamental method of extorting money from computer users. Commonly, Bitcoin is the choice currency for hackers to collect as it gives them an avenue to, in a sense, launder money without leaving a trail for law enforcement to follow. In fact, hackers are long been proponents of cryptocurrency in their standings when attacking computers with popularized ransomware threats from the early CryptoLocker threat to modern-day threats like GandCrab Ransomware.

The specialized spam emails are ones that may be customized depending on who they specifically attack. However, most of the emails have a commonality of using a hacked password in the subject line to gain notoriety and attract the undivided attention of the victim. Usually, the email will make claims that the hacked password was used to hack your computer, install spyware, and record videos of you through your webcam while you were allegedly watching pornography.

Money is the Game Played by Hackers Who Blackmail Computer Users

Using the rather clever email tactic, hackers can make away with upwards of $1,200 to $1,600 worth of Bitcoin, which is equal to about 0.15 to 0.20 BTC at the current exchange rate.

Looking deep into an example of the emails being circulated, as shown in Figure 1 below, the hackers provide BTC address to direct the funds to once the computer user has fallen for the vicious scam. Moreover, the email claims to give victims only one day to make the payment and then make threats of sending out the videos supposedly recorded through the user's webcam to family, friends and colleagues. Such a dirty gesture is sure to pressure a number of victims to fork over the money in hopes that any dirty deeds that they may have acted on in the past will not come to light amongst family, friends, and colleagues as the scam email suggests.

Figure 1. - Blackmailing password porn activity campaign email example - Source: Business Insider

Poor Password Usage Habits Makes You a Victim

Most will wonder how hackers are able to get their passwords and use them in such a vicious email campaign. In a simple answer, hackers were able to scour computer user passwords in many of the previous data breaches that rank from ones that attacked Yahoo, eBay, and even LinkedIn in the sell-off of 117 million customer login credentials. Such data breaches were ones where just enough information was exploited and sold off to the highest hacker-bidder that those who scored the data could extract password data and later use it against victimized computer users.

Remember all of those times in our countless data breach reports and news stories that computer users should change their passwords often? Well, as it turns out, those warnings were not done as a light suggestion, but rather a strong recommendation that if not done could come back and bite some computer users where the sun doesn't shine.

As it turns out, some of the scammers utilizing this new blackmail email campaign scheme have made out with over $50,000. Reportedly, the scam has been automated in a way that every victim that had their password compromised in previous data breaches is being targeted.

The good part about the data breaches and compromised passwords is that those who took the recommended action to change their passwords need not worry about the scam and if they ever received such an email that they can simply ignore it and not worry about their password being exploited – because the exploited password no longer belongs to them. However, the FBI is still recommending that computer users turn off their web cameras when they're not in use, just in case the scam is using legitimate imagery captured through maliciously installed spyware or malware. The FBI found that the email scheme was one that rooted from a blackmail letter scam that took place in Jacksonville, FL in the recent weeks. Moreover, law enforcement and security experts are suggesting that victims never resort to sending the perpetrators bitcoin, as it will only empower them more to conduct additional hacks and malicious activity.