Hackers don't have control over your webcam, so don't give them any money - XTN Cognitive Security

Hackers don’t have control over your webcam, so don’t give them any money

trust your fraud expert icon

By Guido Ronchetti (CTO @XTN)

In the last months, a new scam scheme was out in the net: cybercriminals trying to extort money threatening the release of X rated videos to victim’s contacts.

Yesterday I was targeted by this attack, and I’ve found it very well designed, reminding me of a delirious Black Mirror’s episode, and demonstrating how dangerous these ransom attempts are. The scheme starts with an email sent from a legitimate mail account (not recognised as spam, at least by my email provider).  This email is well conceived: the subject contains my email address and a password I used many years ago (luckily, I already knew it was leaked during the Last.fm data breach); I’ve found this approach an effective way to obtain reader attention.

Email contents

The first section of the message is designed to let you think you have been spied on by the extortionist that recorded compromising videos of the victim accessing X rated contents.

The second section is about proposing different solutions: disgrace as the consequence of the release of these videos to all victim’s contacts; or paying 7000$ in bitcoins to the extortionist.

The last section is about preventing the victim from contacting law authorities and giving the victim 24 hours to pay the ransom.

What follows is the complete transcript of the email.


Intro: I want your attention.

I do know <pwd-redacted> one of your password. Lets get straight to the purpose. You may not know me and you are probably thinking why you’re getting this mail? None has paid me to check about you.

The context: how I’ve stolen this info.

Let me tell you, I actually placed a software on the adult streaming (porn) web-site and you know what, you visited this web site to have fun (you know what I mean). When you were viewing video clips, your browser started out working as a Remote control Desktop having a keylogger which provided me with accessibility to your display screen as well as web cam. Just after that, my software program gathered every one of your contacts from your Messenger, Facebook, as well as email. Next I created a double-screen video. First part displays the video you were viewing (you’ve got a fine taste :)), and second part displays the recording of your cam, & its you.

The threaten: I’m pragmatic.

You will have 2 choices. Lets study these types of possibilities in details:

1st solution is to ignore this email. Then, I most certainly will send your actual video clip to each of your your contacts and then think about concerning the disgrace you will see. And as a consequence if you are in an important relationship, exactly how it will eventually affect?

Number 2 solution would be to compensate me $7000. Lets describe it as a donation. As a result, I will without delay discard your video. You could keep going on your daily routine like this never happened and you will not ever hear back again from me.

You’ll make the payment through Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google).

BTC Address: <BTC-redacted>

[case SENSITIVE copy and paste it]

The ultimatum: there’s no way out!

If you have been making plans for going to the law, well, this mail cannot be traced back to me. I have taken care of my moves. I am just not trying to ask you for very much, I just like to be compensated. I’ve a unique pixel in this message, and right now I know that you have read through this email message. You now have one day in order to pay. If I don’t get the BitCoins, I will certainly send out your video recording to all of your contacts including members of your family, coworkers, and so forth. Having said that, if I receive the payment, I’ll erase the recording immediately. If you really want evidence, reply with Yea and I will send out your video to your 14 contacts. This is the nonnegotiable offer so don’t waste my personal time and yours by replying to this e mail.


I think these attacks are becoming exceptionally well designed and dangerous: if they are sending these out to everyone, then the scare factor is going to be significant enough to push real buttons on some people.

Anyhow, if you have received this email too, don’t panic, and don’t pay. There most likely isn’t a video.

At XTN we think that protecting end-user privacy has to be a top priority for anyone providing critical services. Using behavioural affinity and anomaly signals in conjunction with strong digital identity validation and endpoint threat detection is the best way to prevent account takeover and avoid attackers from unauthorised interaction with user’s devices.


Share this Article:


Have any question? We’d love to hear from you. 

Related Contents

Discover our resources

White paper, Business Case, Webinar and more