Throughout 2019, pornography email scam was the largest-scale type of Internet fraud. This kind of fraud is also called sextortion, and it involves hackers threatening people to share videos of them allegedly watching porn in case people don’t pay them money. This type of fraud has not lost its popularity among spammers, it’s the opposite – it is still evolving. In particular, nowadays, attackers send addresses of their cryptocurrency wallets for money transferring often even along with the rest of the text of the message in the form of a picture, so that they can bypass spam filters. In such a way, the victim can see the right information for sending money, while spam filters on the computer recognize a usual graphic file. Such letters are difficult to ignore and not read.

How do hackers even find your email address? It’s quite easy – they hack any service you’re registered on and boom! Your email address is now in their hands. Then you receive an email, and in preview, you can see the following line: “****** is your password.” The most interesting part is that the letter is allegedly sent from you, from your own mailbox.

Pulling this trick off is actually easy as well. To do this, you need to follow these steps:

  1. Find out the victim’s email.
  2. Open “Web Console” from the Developer Menu.
  3. Enter the following function: echo “text” | mail –s “subject” e-mail –aFrom: e-mail

Here you can see how to do it in our video tutorial:

Further on, the letter contains a detailed description of how the website on which the addressee was allegedly watching porn was hacked. Moreover, the letter is abundant with technical terms such as keylogger, malware, remote desktop, etc. A person who has little knowledge of technology and doesn’t know what a password leak is, may well take it as gospel truth.

The letter says that your browser acted as a keylogger while you were watching porn. This means that now the attacker has a split screen: one half of it displays videos that the victim watched, and the other one shows webcam data. To make sure that the footage exists, you need to follow the mentioned link.

As soon as you follow the link, your computer becomes encrypted. For its decryption, you will need to pay with cryptocurrency, which lets attackers carry out their operations stealthily as possible.

Ordinary users may not only become victims of cybercriminals but also start unwittingly distributing “compromising evidence” of pornographic matter themselves. Spreading millions of those can only be achieved by activating thousands of infected computers.

Backdoor is a program that helps hackers gain access to remote device control. These messages are being sent in large numbers and in different languages according to ready-made templates.

The times when spamming was done manually are long gone – now, all stages are automated. All the functionality of this shadow business is thought out thoroughly. Writing the script can take several months, but later on it works like clockwork.

The most important question is, “Is there any compromising evidence, really?”

There are only three ways that hackers could get that “compromising porn evidence.”

The first one: actually creating a program that monitors the user, but this is a very complicated process that needs to be developed for each victim individually.

The second one: getting access to communication lines, but this implies physical actions like connecting either to the wires between the user and the provider or to a separate Wi-Fi. All this is a too individual and time-consuming way for attackers, and the vast majority of web resources use encrypted data transmission.

The third one: it’s exactly the one that cybercriminals use, according to experts. They buy user bases from porn resources or create their own ones, initially aimed at collecting data from an interested audience and then sending them spamming emails.

Thus, we can arrive at the conclusion that no software can record the victims’ viewing history on porn sites on their devices. So there’s no way there can be any compromising evidence either, especially if you received the letter from a mailing list.

At the same time, there are tools for obtaining pornographic evidence from the user’s device. However, it is possible to use them only after gaining individual access to each computer that cybercriminals need to hack manually. Few people would be ready to do that.

For sure, there’s malware that can gain access to the camera and microphone once they’ve reached the user’s computer. In addition, viruses have appeared that can turn off indicators that show that the camera is on. Users whose computer is infected with such malware may not even realize that all of their actions in front of the monitor are being recorded by cybercriminals. Mobile devices are also at risk. There are spyware programs for Android that allow you to secretly monitor users’ activity, gaining access to built-in cameras and microphones.

It is important to remember that watching a user through the camera in secret is not the only way for an attacker to get someone’s intimate photos. Remember cases when cloud services where users kept all their photos were hacked? Another example is mobile apps that offer to improve your selfies while uploading all of them to the attackers’ services unbeknownst to you.

We advise you not to respond to such spam messages. If cybercriminals somehow managed to get some pornographic evidence, they will find a way to present it to the user without any links.