We have had some reports of people seeing a new email scam with subject: “Your account has been hacked! You need to unlock.“. It is a new variation on Bitcoin Email Scam. What is Bitcoin Email Scam? It is an email message claiming that the recipient has viewed adult web-sites (p*rn materials) and demanding ransom via Bitcoin to keep this from becoming public.
Recent version demands $750 ransom payment (BTC Wallet is: 18pKQ88ZpatLYmyeKpuCFwvRFcjHjwVB2u). The wording varies to some extent, but the email looks something like this:
Subject: Your account has been hacked! You need to unlock. I'll begin with the most important. I hacked your device and then got access to all your accounts... Including [EMAIL ADDRESS]. It is easy to check - I wrote you this email from your account. And at the moment of hacking your account ([EMAIL ADDRESS]) had this password: [PASSWORD] Moreover, I know your intim secret, and I have proof of this. You do not know me personally, and no one paid me to check you. It is just a coincidence that I discovered your mistake. In fact, I posted a malicious code (exploit) to an adult site, and you visited this site... While watching a video Trojan virus has been installed on your device through an exploit. This darknet software working as RDP (remote-controlled desktop), which has a keylogger, which gave me access to your microphone and webcam. Soon after, my software received all your contacts from your messenger, social network and email. At that moment I spent much more time than I should have. I studied your love life and created a good video series. The first part shows the video that you watched, and the second part shows the video clip taken from your webcam (you are doing inappropriate things). Honestly, I want to forget all the information about you and allow you to continue your daily life. And I will give you two suitable options. Both are easy to do. First option: you ignore this email. The second option: you pay me $750(USD). Let's look at 2 options in detail. The first option is to ignore this email. Let me tell you what happens if you choose this path. I will send your video to your contacts, including family members, colleagues, etc. This does not protect you from the humiliation that you and your family need to know when friends and family members know about your unpleasant details. The second option is to pay me. We will call this "privacy advice." Now let me tell you what happens if you choose this path. Your secret is your secret. I immediately destroy the video. You continue your life as if none of this has happened. Now you might think: "I'll call to police!" Undoubtedly, I have taken steps to ensure that this letter cannot be traced to me, and it will not remain aloof from the evidence of the destruction of your daily life. I don't want to steal all your savings. I just want to get compensation for my efforts that I put in to investigate you. Let us hope that you decide to create all this in full and pay me a fee for confidentiality. You make a Bitcoin payment (if you don't know how to do it, just enter "how to buy bitcoins" in Google search) Shipping amount: $750(USD). Getting Bitcoin Addresses: 18pKQ88ZpatLYmyeKpuCFwvRFcjHjwVB2u (This is sensitive, so copy and paste it carefully) Don't tell anyone what to use bitcoins for. The procedure for obtaining bitcoins can take several days, so do not wait. I have a spetial code in Trojan, and now I know that you have read this letter. You have 48 hours to pay. If I don't get BitCoins, I'll send your video to your contacts, including close relatives, co-workers, and so on. Start looking for the best excuse for friends and family before they all know. But if I get paid, I immediately delete the video. This is a one-time offer that is non-negotiable, so do not waste my and your time. Time is running out. Bye!
Is this threat real?
Good news: thankfully, it’s fake. This email message is nothing more than an email scam. Scammers got your password and associated email address from data breach dumps and are using it to shake you down.
The email scam uses your own e-mail address as the “From” address, but do not be fooled.
I hacked your device and then got access to all your accounts… Including [EMAIL ADDRESS].
It is easy to check – I wrote you this email from your account.
The email scam uses so-called “email spoofing”. What is Email spoofing? It is the creation of email messages with a forged sender address. Email spoofing has been around for a long time! Scammers use it in phishing attacks to force users into thinking they have received email message from a friend or trusted person.
What makes this email scam different?
And at the moment of hacking your account ([EMAIL ADDRESS]) had this password: [PASSWORD]
It has your stolen password and uses that information to make itself appear real. The extortionist actually found it in data breach dumps. If the password emailed to you is one that you still use, then stop using it and change it right now!
What to do when you receive “Your account has been hacked! You need to unlock.” email scam
If you — or someone you know — gets an email like this, below are some easy steps which you need to follow:
- First and foremost, do not pay the cyber criminals!
- If the password emailed to you is your current password, then you should change it everywhere it’s in use.
- Use two-factor authentication wherever possible.
- We recommend creating a new password when you set up a new account.
- Report it immediately to your local police, and the FBI.
- It is a good idea to run a malware scan on all your devices to be sure that there is no malicious software installed.
- Install an anti-phishing software.
How to scan your computer for malware
Best malware removal utility should scan for and remove adware, malware, PUPs, toolbars, keyloggers, browser hijackers, worms, Trojans, and popup generators. The key is locating one with a good reputation and these features. Most quality programs listed below offer a free scan and malware removal so you can detect and uninstall undesired applications without having to pay.
Thinking about how to scan your computer for malware? Then pay attention to Zemana Anti Malware. This is a well-known tool, originally created just to scan for and delete malware, adware and PUPs. But by now it has seriously changed and can not only rid you of malicious software, but also protect your system from malware and adware, as well as identify and get rid of common viruses and trojans.
- Download Zemana from the link below.
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- At the download page, click on the Download button. Your web-browser will display the “Save as” prompt. Please save it onto your Windows desktop.
- After downloading is complete, please close all apps and open windows on your PC. Next, run a file called Zemana.AntiMalware.Setup.
- This will start the “Setup wizard” of Zemana Anti Malware onto your personal computer. Follow the prompts and don’t make any changes to default settings.
- When the Setup wizard has finished installing, the Zemana AntiMalware (ZAM) will launch and display the main window.
- Further, press the “Scan” button for checking your system for malware. This process may take quite a while, so please be patient. While the Zemana AntiMalware (ZAM) is checking, you may see how many objects it has identified either as being malicious software.
- As the scanning ends, you may check all threats detected on your PC system.
- Make sure all threats have ‘checkmark’ and press the “Next” button. The tool will remove malicious software and add items to the Quarantine. After that process is complete, you may be prompted to restart the PC.
- Close the Zemana Anti-Malware (ZAM) and continue with the next step.
How to protect yourself from phishing web-sites
If you surf the Internet, you can’t avoid malicious advertising and phishing web-sites. But you can protect your web-browser against it. Download and run an ad blocking program. AdGuard is an adblocker that can filter out a large amount of of the malvertising, stoping dynamic scripts from loading malicious content.
Installing the AdGuard is simple. First you’ll need to download AdGuard on your system by clicking on the following link.
Author: © Adguard
Category: Security tools
Update: November 15, 2018
After the downloading process is finished, run the downloaded file. You will see the “Setup Wizard” screen as displayed on the image below.
Follow the prompts. After the installation is done, you will see a window as shown in the following example.
You can press “Skip” to close the setup program and use the default settings, or click “Get Started” button to see an quick tutorial that will help you get to know AdGuard better.
In most cases, the default settings are enough and you do not need to change anything. Each time, when you start your PC, AdGuard will launch automatically and stop undesired advertisements, block phishing, malicious or misleading websites. For an overview of all the features of the program, or to change its settings you can simply double-click on the AdGuard icon, which can be found on your desktop.
If you have been the target of the “Your account has been hacked! You need to unlock.” scam or similar email scam, then please drop me a line. And stay safe!.