How to Fix: Hackers Hacked My Email, Demand Bitcoin (Scam)

Dennis Faas's picture

Infopackets Reader Sam G. writes:

" Dear Dennis,

I get emails from hackers a few times a week saying that they have cracked my email account. As proof, they have supplied me with the correct password for the account. The message goes on to say that they have planted a Trojan on my computer which allows them to spy on me.

Here's where it gets interesting. The hackers say I have been visiting websites of people in the buff. They are demanding I pay them bitcoin (worth $831) to keep this quiet, otherwise they will send images from the purported site I've visited and also a picture of me on my webcam.

The English used in the messages is strange to say the least. I get the same message from other 'hackers', but the bitcoin wallet is different.

What do you think? "

My response:

This is a scam, similar to the Facebook blackmail scam I mentioned a few weeks ago.

Here's how it works:

At some point in the past, you visited a website and created a user account using your email and password. Later, real hackers compromised the site, then downloaded the database of user accounts (including your name, email, and password used on the site). They then used this information to mass email all the people in the database with the same scam message - just like the one you're describing.

In order to legitimize their "masterful hacking techniques" they supply you with your email password. This is icing on the cake and will frighten most people into believing the next line, where they claim to have planted a Trojan on your computer capable of spying on your every move. However, this is nothing but a fabrication. As such, anything the "hackers" say to you in their email is simply a lie, no matter how convincing it may appear!

The fact is: it's not uncommon for regular users to visit raunchy websites of 'people in the buff'. It's also not uncommon that users use the same password on multiple sites. Scammers realize this fact, then play the numbers game by mass emailing all the people in the database with these claims, hoping that someone is frightened enough to hand over their hard earned money.

Even if 1 person out of 3 million possible user accounts pay the ransom, that's still $800 in the scammer's pocket.

Related: How to Fix: Hackers Hacked My Phone, Demand Bitcoin (Scam)

How to Fix: Hackers Hacked My Email, Demand Bitcoin (Scam)

Now that you know how the scam operates, you can safely ignore the message.

Instead, change your passwords on all the sites you visit, making sure they are strong and unique. Never, ever use the same password on more than one site - otherwise hackers (and scammers) can use this information to gain access to other sites, or send you scam emails like the one you mention.

If you use different passwords on all the sites you visit, you severely limit the potential attack vector.

Update 20190330: I receive at least 10 or more emails a week from people who aren't sure if they have been hacked and whether their systems are compromised. If you are concerned your computer has been hacked, I suggest you hire a professional - like myself - to look over the system. My contact link is here; you can review my credentials here. I am a senior systems administrator and can provide you with a full security audit (using my remote support service - read about it here) and answer any and all questions you may have. I have over 30 years computing experience, 18 years in the IT field, and have written 6 books on MS Windows and security, plus published over 2,000 articles online. To put it simply: no one else on the Internet is going to take the time to offer you this quality or level of service and with affordable rates!

Scam Message from Hackers Claiming to Have Hacked Your Email (and PC)

For the record, here is the scam message that Sam sent me:

" Hello!

I'm a hacker who cracked your email and device a few months ago. You entered a password on one of the sites you visited, and I intercepted it. This is your password from abc[at]example.com on moment of hack: abcPassword. Of course you can will change it, or already changed it. But it doesn't matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account. Through your email, I uploaded malicious code to your Operation System. I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources. Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom. But I was struck by the sites of intimate content that you often visit. I am in shock of your fantasies! I've never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!) I made screenshot with using my program from your camera of yours device. After that, I combined them to the content of the currently viewed site. There will be laughter when I send these photos to your contacts! BUT I'm sure you don't want it. Therefore, I expect payment from you for my silence. I think $831 is an acceptable price for it!

Pay via Bitcoin. My BTC wallet: 1GcwYRfWesiSe2fBmsVSpNG2K11zDMhksG

If you do not know how to do this - enter into Google "how to transfer money to a bitcoin wallet". It is not difficult. After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system. My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment. If this does not happen - all your contacts will get crazy shots from your dark secret life! And so that you do not obstruct, your device will be blocked (also after 48 hours). Do not be silly! Police or friends won't help you for sure ...

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.

Farewell. "

A few things to note:

  1. The English used throughout the message is atrocious. This is a big tip-off that the message was written (poorly) by someone in a third-world country.
     
  2. Scammers use the fact that they have your email password as "proof" of their hacking abilities, then claim to have uploaded malware to your computer. Nothing could be further from the truth. Your email password has nothing to do with hackers being able to magically connect to your machine, even if you used the same password to login to Windows (for example). Hackers can't gain access to your machine just because they say so. The fact is, they stole your password from another site (which was in fact hacked) and are using this information to legitimize their false claims.
     
  3. Another big tip-off that this is a scam is the fact that the bitcoin wallet changes. This should be a big red flag that the message is simply a template being mass emailed to thousands, hundreds of thousands, or even millions of people.
     
  4. If you are concerned your computer has been hacked, I suggest you hire a professional - like myself - to look over the system. My contact link is here; you can review my credentials here. I am a senior systems administrator and can provide you with a full security audit (using my remote support service - read about it here) and answer any and all questions you may have. I have over 30 years computing experience, 18 years in the IT field, and have written 6 books on MS Windows and security, plus published over 2,000 articles online. To put it simply: no one else on the Internet is going to take the time to offer you this quality or level of service and with affordable rates!
     
  5. If you are tired of receiving these scam emails, you will need to sign up for another email account and stop using the old one.

I hope that helps.

Got a Computer Question or Problem? Ask Dennis!

I need more computer questions. If you have a computer question - or even a computer problem that needs fixing - please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 4.5 (11 votes)

Comments

ronangel1's picture

This happened to me a few weeks ago with very simlar message.The first thing I did was to change email account password although it was not the one for the account shown on email.Then checked sent mail in account which there was none. The mail from that account is automaticly forwarded to outlook to an email account which is only used for contacting service provider not for sending mail and no one has it, then deleted.I also have no web cam on main computer and microphone is disconected by switch not software so I knew the email was a try on.I was hoping for a return email to ask them for the videos to be sent to me!( of course there were none.....Grin) )
I checked the headers on email that was supposed to have come from my uk email address but discovered that the IP address was from an account in brazil! So I attached a copy of the email with all headers and sent it to the abuse department of the senders service provider,who will be able to trace back to sending account.Heard nothing from them and email did not bounce.Did not get any more of the messages.

jloew_11500's picture

Over the past month I received several emails similar to the ones you mentioned, which I disregarded for the reasons you described, and because I have no webcam en have nothing to hide. However, today for the first time I received 2 differently worded but similar in content mails with my own mail as their sender address, one mail even showing the last 4 digits of my phone number. Clicking the From exposed my own mail address and phone numbers. What does this mean regarding hacking of my computer, mail, smartphone perhaps?

Dennis Faas's picture

All it means is that your data was extracted from a website that was breached. Data breaches happen all the time, unfortunately - google "world's biggest data breaches" for plenty of examples. It does not mean they have access to your machine or devices for the reasons I already stated in the article.

If you are still concerned that you may have been hacked, I suggest you hire a professional - like myself - to look over the system. My contact link is here; you can review my credentials here. You can also read this page which explains how to protect yourself from being hacked; here's another article explaining how to protect yourself against ransomware - both articles were written by me. If you're still not sure, consider hiring me to investigate.

jloew_11500's picture

Thanks for fast response

rubbersoul53_11521's picture

I received this in my E-mail account this morning. Looks similar

rubbersoul53@msn.com password is xyz

Hi

So I'm a hacker who broke your email as well as device a couple of weeks back. You entered your passcode on one of the sites you visited, and I intercepted this. Here is your password from rubbersoul53@msn.com on time of hack: xyz

Of course you can can change it, or perhaps already changed it. Nonetheless it won't really make a difference, my malware updated it every time. Do not really try to make contact with me or even find me, it is impossible, since I sent you email from your account.

Via your e-mail, I uploaded harmful computer code to your Operation System. I saved all of your current contacts together with friends, co-workers, relatives along with a complete record of visits to the World-wide-web resources.

Additionally I installed a Trojan on your device. You are not my only victim, I usually lock pcs and ask for a ransom.

Nonetheless I was hit through the internet sites of romantic content that you generally stop by. I am in great shock of your current fantasies! I've certainly not seen anything at all like this! Consequently, when you had enjoyment on piquant web-sites (you know what I am talking about!) I made screenshot with utilizing my program through your camera of yours device.

After that, I put together them to the content of the currently viewed web site. Now there will be laughter when I send these photos to your associates!

However I know you don't want it. For that reason, I expect to have payment from you with regard to my quiet. I believe $900 is an adequate cost regarding it! Pay with Bitcoins. My BTC wallet address: 1BCTXkDJtjJTYmXZBPR1qctWme3NxM7zWS

In case you do not understand how to do this - enter into Google 'how to transfer money to a bitcoin wallet'. It isn't difficult.

Following getting the given amount, all your data will be immediately destroyed automatically. My virus will ad ditionally clear away itself through your computer. My Trojan have auto alert, so I know when this e-mail is opened. I give you two days (48 hours) in order to make the payment.

In case this does not happen - just about all your connections will certainly get mad pictures from your dark secret life and your device will be blocked as well after 48 hours. Don't end up being silly! Police or pals won't aid you for sure ...

p.s I can present you with advice for the future. Do not type in your passwords on risky internet sites.

I wish for your discretion.

Hasta la vista.

I would be pretty sure there is no trojan on my computer as I use McAfee. It's also possible the trojan could have been on my old computer though it seems this clown probably would have gotten this in 2016 according to the Have I been pawned site. Someone did try to hack into my Facebook page last year, but I just changed my E-mail address there hoping that won't happen again.

I guess I'm more concerned what he means by blocking my device. Does he mean making my computer unusable or does he mean blocking my sites such as Facebook. I doubt he has any photos because I haven't seen my webcam flashing. Anyhow, Thought I'd add to the discussion.

Dennis Faas's picture

What you posted is word for word almost identical to the other email. It is not necessary to post the email notices here - in case anyone else is interested in doing the same.

This is nothing but a template used by scammers, plus information extracted from a database (your password). Do not bother to contemplate what is being said (threats or otherwise) because it's all a lie. Change your passwords on all the sites you visit as I've already suggested in the article and you should be fine.

If you are still concerned that you may have been hacked, I suggest you hire a professional - like myself - to look over the system. My contact link is here; you can review my credentials here. You can also read this page which explains how to protect yourself from being hacked; here's another article explaining how to protect yourself against ransomware - both articles were written by me. If you're still not sure, consider hiring me to investigate.

Please note: I will not be posting any more updates on this or replying to any more questions on the subject, no matter how "scary" or "unique" the emails may seem. They are all the same for reasons I have already pointed out in the article. If it is still not clear, please take a few minutes to re-read the article.

mjtgough_11953's picture

Dennis--thank you for your insight/expertise on this. I recently received the email copied below, which seems to follow the pattern you've laid out...though the English is much more 'cleaned up' and the whole thing seems more aggressive and threatening:

"Hi! As you may have noticed, I sent you an email from your account. This means that I have full access to your devices and accounts. I've been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence. Why your antivirus did not detect malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts. If you want to prevent this, transfer the amount of $755 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin"). My bitcoin address (BTC Wallet) is: 12yCNJHAwda8Kgxv9DswpS9k16XnstSqcJ After receiving the payment, I will delete the video and you will never hear me again. I give you 48 hours to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed."

I imagine there could be all kinds of credit card/bank account problems if someone were to go ahead and actually make a bitcoin payment? Thanks again and keep up the good work.

Dennis Faas's picture

It's the same scam, different wording, same idea.

If you are still concerned that you may have been hacked, I suggest you hire a professional - like myself - to look over the system. My contact link is here; you can review my credentials here.

marlene.ymasa_12054's picture

How shall i blocked that email, when he is sending from my same email? Could you help? And the message or email body is full text but could not be copied as it is on image, hence i could not post it here. I will try to type the first intro..

Hi. this account is infected! It will good idea to change the password right this moment! You might not know me and you really are probably wondering why you are getting this message, is it right?
Imhacker who openedyour emailand devices and gadgetsome time ago. (yes on those words he didnt use the spaces)

Never make an attempt to msg me or alternatively try to find me, it is hopeless, considering that I forwarded you a letter from YOUR own hacked account.........

We already changed the password, but just today, i got this mail again. Could you please help?

Thank you.

Dennis Faas's picture

I am more than happy to look into this for you using my remote support service (read about it here). To book an appointment, contact me here. You can review my credentials here.

ajwhite21_12124's picture

Dennis, Here's one I revived this morning. Obviously it went to my spam folder. But this one chaps my hide. I have teenagers. A .xyz email is a tip off and the bitcoin prices aren't even right either. Plus the different P's in the word porn and perverted.

Hi there, The last time you visited a Ƿorn website with teenagers, you downloaded and installed the vίruş I developed. My program has turned on your cam and recorded the act of your ʍasturbation.. My software also downloaded all your email contact lίsts and a list of your friends on Facebook. I have the - Info.mp4 - with you jerkίng off to teens, as well as a file with all your contacts on my computer. You are very Ƿerverted! If you want me to delete both files and keep the secret, you must send me the Bitcoin payment. I give you 72 hours only to transfer the funds.

If you don't know how to pay with Bitcoin, visit Google and search - how to buy bitcoin. Send 2.000 USD (0.400678 BTC) to this Bitcoin address as soon as possible:

37dFLsbeEVmAHJnLP7d3AP1d57SbRvWE9A (copy and paste)

1 BTC = 5.060 USD right now, so send exactly 0.400678 BTC to the address above. Do not try to cheat me! As soon as you open this Email I will know you opened it. I am tracking all actions on your device.. This Bitcoin address is linked to you only, so I will know when you send the correct amount. When you pay in full, I will remove both files and deactivate my program. If you choose to not send the transfer... I will send your ʍasturbation vίdeo to ALL YOUR FRIENDS AND ASSOCIATES from your contact lists that I hacked. Here are the payment details again: Send 2.000 USD (0.400678 BTC) to this Bitcoin address: 37dFLsbeEVmAHJnLP7d3AP1d57SbRvWE9A (copy and paste)

You саn visit police but nobody can help you. I know what I am doing. I don't live in your country and I know how to stay anonymous. Don't try to deceive me - I will know it immediately - my spy software is recording all the websites you visit and all your key presses. If you do - I will send this ugly vίd to everyone you know, INCLUDING YOUR FAMILY MEMBERS. Don't cheat me! Don't forget the shame and if you ignore this message your life will be ruined. I am waiting for your Bitcoin payment. You have 72 hours left. Anonymous Hacker

P.S. If you need more time to buy and send BTC, open your notepad and write '48h more'. This way you can contact me. I will consider giving you another 48 hours before I release the vίd, but only when I see that you are really struggling to buy bitcoin. I KNOW you can afford it - so don't play around...

Dennis Faas's picture

It's the same scam, different wording, same idea.

If you are still concerned that you may have been hacked, I suggest you hire a professional - like myself - to look over the system. My contact link is here; you can review my credentials here.

cnorris_12245's picture

I received one of the same type of emails as shown above using my own email address but instead of telling me they had my email password it was connected to an old email (2016) from a client that contained confidential information from the Canada Revenue Agency. I usually would not be concerned about a scam email but the fact that this old email was attached is troubling. Does this mean that they have access to all my email? Is it possible that they got access to my clients email account first and then sent their scam email to me? I have many accounting clients who send me confidential info via email. I tried to copy the email but was unable. Do I need to notify my clients that their info may have been accessed by an outside source?