Sex extortion emails now quoting part of their victim’s phone number

XXXX.

Sex extortion emails now quoting part of their victim's phone number

Some computer users are reporting that they have received a new type of extortion email in their inbox, which - in an attempt to scare them into giving in to demands for money - quotes part of their phone number.

For some time extortion emails have been sent to computer users, claiming that they have been secretly recorded while visiting pornographic websites in an attempt to blackmail them out of money.

Some of the extortion emails have even taken to including a user’s password in the email (albeit perhaps not related to an adult website they may have visited) in an attempt to shock the user into believing that their private use of a porn site might be exposed.

The latest incarnation of the emails, however, incorporates the four digits of a recipient’s phone number. And - get this - it often really is the correct phone number.

A typical email reads as follows (complete with the extortionist’s spelling mistakes and grammatical errors):

It seems that, +XX XXXXXX1234, is your phone. You may not know me and you are probably wondering why you are getting this e mail, right?

actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.

What did I do?

I backuped phone. All photo, video and contacts. I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha …), and 2nd part shows the recording of your web cam.

exactly what should you do?

Well, in my opinion, $1000 is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address:

1GYNGZLEUGkkQjHo19dHDnGE87WsAiGLLB

(It is cAsE sensitive, so copy and paste it)

Important:
You have 48 hour in order to make the payment. (I‘ve a unique pixel in this e mail, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on. Having said that, if I receive the payment, I’ll destroy the video immidiately. If you need evidence, reply with “Yes!” and I will certainly send out your video recording to your 6 contacts. It is a non- negotiable offer, that being said don’t waste my personal time and yours by responding to this message.

There are two obvious questions raised by the emails.

Why isn’t the extortionist including the whole phone number in the email?

After all, if the bad guys had it - wouldn’t they use it to get greater leverage over their intended victim? It’s not as though they give two figs about protecting a computer user’s privacy after all…

The only logical answer to this question is: the extortionist doesn’t have the whole phone number. They only have some of the digits.

So where did they get the partial phone numbers from?

I suspect the vast majority of people visiting porn websites don’t create accounts on the sites, and even if they did they would be wary of giving their real phone number. So the adult sites themselves seem unlikely to be the source of the information.

It’s possible the number is derived from a data breach where only four digits of a phone number is stored, and the extortionists have done a look-up to match numbers to email addresses… but why would a company only want to store some of your phone number?

Researcher Didier Stevens has a different theory.

He proposes that the numbers might be derived from the password reset mechanisms of popular websites.

Take a look at eBay, for instance.

Ebay password reset

Anyone can enter your email address on eBay, and (if you have an account on the site using that email address) it will tell them *some* of the digits of your phone number.

It’s a similar story with PayPal, and many other sites.

Paypal partial phone number

It should go without saying that I don’t recommend you pay the blackmailer if you receive one of these unpleasant emails. In all likelihood they are trying their luck, hoping they are able to scare just a small proportion of people into believing that they really do have video footage of a computer user as they visit a porn site.

If you are still worried that receiving such an email would scare the willies out of you, and you aren’t able to kick your porn-viewing habit, maybe now is a good time to invest in a webcam cover for both your desktop PC and your smartphone.

And while you’re at it keep your computer protected with up-to-date security software, ensure that your operating system and applications are fully patched, and consider running an ad blocker.

It may not stop you receiving a blackmail email, but it may give you a little more peace of mind.

For more discussion of this topic, be sure to check out this episode of the “Smashing Security” podcast:

Smashing Security #091: ‘Sextortion, Las Vegas hotels, and Alex Jones’

Listen on Apple Podcasts | Google Podcasts | RSS for you nerds.

Tags: , , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

3 Responses

  1. stine

    August 16, 2018 at 5:35 am #

    Dude, you’ve missed the forrest for the trees. Everyone (at least in the US, and probably in the UK) have had every bit of informtaion that Equifax had on them stolen. Don’t you think it would include phone numbers, email addresses, credit card statements from adult entertainment companies, etc.

    There’s absolutely no end to the shitstorm that we could soon be facing, since they already know more about us than we do ourselves.

    • Graham Cluley in reply to stine.

      August 16, 2018 at 8:05 am #

      If the full phone number has been exposed by a data breach, why isn’t the extortionist including the full phone number in the email? It doesn’t make logical sense to me.

  2. etaoin shrdlu

    August 16, 2018 at 10:56 pm #

    Typo:

    If you are still worried that you such an email would scare the willies out of you”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.