Netsafe has received numerous reports about an email scam where the scammer falsely claims to have hacked into their device and recorded intimate recordings of people using porn websites. The email threatens to release the video to their personal contacts unless the victim pays them a sum of money. In some versions of this scam, the scam email subject line also includes the victim’s password that they use (or have used in the past) for their online accounts.
The good news is that even if the scammer has collected a password for your online accounts, it is very unlikely that they have been able to use this to access your computer’s content, webcam or browsing history. The scammer is attempting to scare victims into making a payment to them.
How the scam works
People receive an email that claims their computer has been hacked and that the scammer has obtained intimate recordings of them, for example using a porn site. Some versions of the scam have included the person’s password for an online account or may appear to have been sent from the person’s own email address.
The scammer claims to have access to the person’s contact list and threatens to send the footage to the person’s contacts unless a payment is made (often as Bitcoin).
We’ve received thousands of reports about this scam in New Zealand and are not aware of any cases where there has been proof of the recordings or where recordings have been released. Even if the scammer has obtained a password for your online accounts, it’s very unlikely that they’ve been able to use this to access your computer’s content, webcam or browsing history.
What to do if you’ve been affected
- Don’t respond or send any payments to the scammer
- Immediately change your password on any online accounts that you think may have been breached. The website ‘Have I Been Pwned?’ allows you to check if your email address is listed as being affected by one of the large data breaches included on their database. If your email address is listed, make sure you update your password on any of the affected sites
- Delete the scam email and mark it as spam so that your email filter removes it
- Use different password variations for each online account. This step should protect you in the future because if one account is breached, no other account should be affected
If you’ve given money or other details to the scammer
If you have shared any bank account information report the incident to your bank. If you have sent money using your credit card talk to your bank about applying for a charge back. If you have sent money via an online money transfer platform (such as Bitcoin) the transaction is likely to be untraceable and you may not be able to get your money back.
If you have lost money to this scam you can report it using our online report form.
If you’ve replied to the email with any sensitive personal information, this Identity Theft Checklist may be useful. If you believe you may have been exposed to identity theft, contact iDCare for free help and support.
How did they get my password?
If the scammer has obtained your password, it is likely this was collected in a data leak from one of the major online servers.
Is my email address compromised?
The versions of the scam presenting as being delivered from the person’s own email address appear to be ‘spoofed’ (made to appear as though it comes from the victim’s email address when it has actually been sent from the scammer’s email address). It’s unlikely your account has actually been compromised however it’s a good idea to update your password to be safe.
If you have engaged in an intimate online conversation where you think you may have been filmed and they are now threatening to release the footage, visit our sextortion page for more advice.
REPORT A SCAM
Our helpline is open from 8am – 8pm weekdays and 9am – 5pm on weekends.
Keep up to date
Follow us on social media and sign up to our enewsletter for alerts, news and tips.