There has been a large spike in 2018 of reports about an email scam where the scammer claims to have hacked into their device and recorded intimate recordings of people using porn websites. The email threatens to release the video to their personal contacts unless the victim pays them a sum of money. In some versions of this scam, the scam email subject line also includes the victim’s password that they use (or have used in the past) for their online accounts.

The good news is that even if the scammer has collected a password for your online accounts, it is very unlikely that they have been able to use this to access your computer’s content, webcam or browsing history. The scammer is attempting to scare victims into making a payment to them.

We have received thousands of reports about this scam in New Zealand over the last few months and are not aware of any cases where there has been proof of the recordings or where recordings have been released.

How the scam works:

People receive an email that claims their computer has been hacked and that the scammer has recorded intimate recordings of them using a porn website. In some versions of this scam the email header also includes the victim’s password for their online accounts. We have also seen some versions of this email where it looks like the email has been sent from the victims own email account. The email demands that they send a payment (often as bitcoin) to the scammer or claims they will send the recording to the victim’s personal contacts which they claim to have access to.

How did they get my password?

It is likely that your password and email account may have been collected in one of the numerous data leaks that have occurred to major online services.

Is my email address compromised?

We have seen some versions of this scam where it looks like the email has been sent from the victim’s own email address. This can make it seem as though their email account has been compromised, however based on the cases we have seen this appears to be ‘spoofed’ (made to appear as though it comes from the victims email address when it has actually been sent from the scammers own email address). Based on the versions of the scam we have seen, it’s unlikely your account has actually been compromised however its a good idea to update your password to be safe.

What to do if you’ve been affected:

  • Do not respond or send any payments to the scammer.
  • Immediately change your password on any online accounts that you think may have been breached. The website ‘Have I Been Pwned?’ contains details about a number of large data breaches. You can visit the site to check if your email address is listed as being affected by any of the breaches included on the site. If your email address is listed, make sure you update your password on any of the affected sites.
  • Delete the scam email and mark it as spam so that your email filter removes it from your inbox.
  • Consider setting up different password variations for each online account – this means going forward that even if one account is breached, no other account should be affected.

If you’ve given money or other details to the scammer:

If you have replied to the email with any sensitive personal information, this Identity Theft Checklist is a helpful guide on what could happen with your information. If you believe you may have been exposed to identity theft, we suggest you contact iDCare as they provide free help and support.

If you have shared any bank account information you should report the incident to your bank.

If you have sent money using your credit card you can speak to your bank about applying for a charge back. If you have sent money via an online money transfer platform (such as Western Union, Moneygram or as Bitcoin) the transaction is likely untraceable and you may not be able to get your money back.

If you have lost money to this scam you can report it using our online report form.

 

If you have engaged in an intimate web chat where you think you may have been filmed and now they are threatening to release the footage, visit our sextortion page for more advice.

REPORT A SCAM

If you have lost money or personal information or think you are about to, contact us by emailing help@netsafe.org.nz or by completing an online report form.

Our help service is open from 8am – 8pm Monday to Friday and 9am – 5pm on weekends.