Sex extortion emails now quoting part of their victim’s phone number

Graham Cluley

Extortion email thumb

Sex extortion emails now quoting part of their victim's phone number

Some computer users are reporting that they have received a new type of extortion email in their inbox, which – in an attempt to scare them into giving in to demands for money – quotes part of their phone number.

For some time extortion emails have been sent to computer users, claiming that they have been secretly recorded while visiting pornographic websites in an attempt to blackmail them out of money.

Some of the extortion emails have even taken to including a user’s password in the email (albeit perhaps not related to an adult website they may have visited) in an attempt to shock the user into believing that their private use of a porn site might be exposed.

The latest incarnation of the emails, however, incorporates the four digits of a recipient’s phone number. And – get this – it often really is the correct phone number.

A typical email reads as follows (complete with the extortionist’s spelling mistakes and grammatical errors):

It seems that, +XX XXXXXX1234, is your phone. You may not know me and you are probably wondering why you are getting this e mail, right?

actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.

What did I do?

I backuped phone. All photo, video and contacts. I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.

exactly what should you do?

Well, in my opinion, $1000 is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address:

1GYNGZLEUGkkQjHo19dHDnGE87WsAiGLLB

(It is cAsE sensitive, so copy and paste it)

Important:
You have 48 hour in order to make the payment. (I‘ve a unique pixel in this e mail, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on. Having said that, if I receive the payment, I’ll destroy the video immidiately. If you need evidence, reply with “Yes!” and I will certainly send out your video recording to your 6 contacts. It is a non- negotiable offer, that being said don’t waste my personal time and yours by responding to this message.

There are two obvious questions raised by the emails.

Why isn’t the extortionist including the whole phone number in the email?

After all, if the bad guys had it – wouldn’t they use it to get greater leverage over their intended victim? It’s not as though they give two figs about protecting a computer user’s privacy after all…

The only logical answer to this question is: the extortionist doesn’t have the whole phone number. They only have some of the digits.

So where did they get the partial phone numbers from?

I suspect the vast majority of people visiting porn websites don’t create accounts on the sites, and even if they did they would be wary of giving their real phone number. So the adult sites themselves seem unlikely to be the source of the information.

It’s possible the number is derived from a data breach where only four digits of a phone number is stored, and the extortionists have done a look-up to match numbers to email addresses… but why would a company only want to store some of your phone number?

Researcher Didier Stevens has a different theory.

He proposes that the numbers might be derived from the password reset mechanisms of popular websites.

Take a look at eBay, for instance.

Ebay password reset

Anyone can enter your email address on eBay, and (if you have an account on the site using that email address) it will tell them *some* of the digits of your phone number.

It’s a similar story with PayPal, and many other sites.

Paypal partial phone number

It should go without saying that I don’t recommend you pay the blackmailer if you receive one of these unpleasant emails. In all likelihood they are trying their luck, hoping they are able to scare just a small proportion of people into believing that they really do have video footage of a computer user as they visit a porn site.

If you are still worried that receiving such an email would scare the willies out of you, and you aren’t able to kick your porn-viewing habit, maybe now is a good time to invest in a webcam cover for both your desktop PC and your smartphone.

And while you’re at it keep your computer protected with up-to-date security software, ensure that your operating system and applications are fully patched, and consider running an ad blocker.

It may not stop you receiving a blackmail email, but it may give you a little more peace of mind.

For more discussion of this topic, be sure to check out this episode of the “Smashing Security” podcast:

Smashing Security #091: 'Sextortion, Las Vegas hotels, and Alex Jones'

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “Sex extortion emails now quoting part of their victim’s phone number”

  1. Dude, you've missed the forrest for the trees. Everyone (at least in the US, and probably in the UK) have had every bit of informtaion that Equifax had on them stolen. Don't you think it would include phone numbers, email addresses, credit card statements from adult entertainment companies, etc.

    There's absolutely no end to the shitstorm that we could soon be facing, since they already know more about us than we do ourselves.

    1. If the full phone number has been exposed by a data breach, why isn't the extortionist including the full phone number in the email? It doesn't make logical sense to me.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES