Netsafe has received numerous reports about an email scam where the scammer falsely claims to have hacked into their device and recorded intimate recordings of people using porn websites. The email threatens to release the video to their personal contacts unless the victim pays them a sum of money. In some versions of this scam, the scam email subject line also includes the victim’s password that they use (or have used in the past) for their online accounts.

The good news is that even if the scammer has collected a password for your online accounts, it is very unlikely that they have been able to use this to access your computer’s content, webcam or browsing history. The scammer is attempting to scare victims into making a payment to them.

How the scam works:

People receive an email that claims their computer has been hacked and that the scammer has recorded intimate recordings of them using a porn website. In some versions of this scam the email header also includes the victim’s password for their online accounts. The email demands that they send a payment (often as bitcoin) to the scammer or claims they will send the recording to the victim’s personal contacts which they claim to have access to.

How did they get my password?

It is likely that your password and email account may have been collected in one of the numerous data leaks that have occurred to major online services.

What to do if you’ve been affected:

  • Do not respond or send any payments to the scammer.
  • Immediately change your password on any online accounts that you think may have been breached. The website ‘Have I Been Pwned?’ contains details about a number of large data breaches. You can visit the site to check if your email address is listed as being affected by any of the breaches included on the site. If your email address is listed, make sure you update your password on any of the affected sites.
  • Delete the scam email and mark it as spam so that your email filter removes it from your inbox.
  • Consider setting up different password variations for each online account – this means going forward that even if one account is breached, no other account should be affected.

If you’ve given money or other details to the scammer:

If you have replied to the email with any sensitive personal information, this Identity Theft Checklist is a helpful guide on what could happen with your information. If you believe you may have been exposed to identity theft, we suggest you contact iDCare as they provide free help and support.

If you have shared any bank account information you should report the incident to your bank.

If you have sent money using your credit card you can speak to your bank about applying for a charge back. If you have sent money via an online money transfer platform (such as Western Union, Moneygram or as Bitcoin) the transaction is likely untraceable and you may not be able to get your money back.

If you have lost money to this scam you can report it using our online report form.

 

If you have engaged in an intimate web chat where you think you may have been filmed and now they are threatening to release the footage, visit our sextortion page for more advice.

REPORT A SCAM

If you have lost money or personal information or think you are about to, contact us by emailing help@netsafe.org.nz or by completing an online report form.

Our help service is open from 8am – 8pm Monday to Friday and 9am – 5pm on weekends.