Home Malware Programs Adware "I hacked your device" Email Scam

"I hacked your device" Email Scam

Posted: May 6, 2019

The "I hacked your device" email scam, a social engineering attack, claims that the threat actor is hacking into the victims' PCs and monitoring their Web-browsing activities related to adult videos, especially. It extorts victims into sending Bitcoins to the con artist's wallet under the threat of releasing a video recording of the Web-browsing content. Since there isn't an established Trojan or spyware campaign related to this hoax, its recipients can delete the "I hacked your device" email scam safely.

An Implied 'Plus One' for an Adult Movie Audience

As long as cryptocurrencies retain value and lack the protections of most currencies, they will remain in use among the criminal underground, which includes both the sub-campaigns of Ransomware-as-a-Service setups, equivalent spyware, RDP Trojan ones and even some spam. The "I hacked your device" email scam belongs to that last category and is a modern-day equivalent of the 'loan to a Nigerian prince' hoax. Unlike that old trick, however, this one revolves around stoking the public's justifiable fear of genuine threats like spyware.

The "I hacked your device" email scam's contents are fairly traditional to an attack of this kind: it claims that, through the use of spyware that the threat actor installed through your browser, there are non-consensual recordings of the victim's webcam and adult media preferences. The criminals claim that they'll send videos to a harvested list of contacts unless they receive a Bitcoin payment in a day. An opening aspect that malware experts note as differentiating the hoax from a very similar one is that the "I hacked your device" email scam also references a spoofed e-mail address which makes it look as if the message came from the reader's account – therefore implying, inaccurately, that the criminal hacked the e-mail access, as well.

The "I hacked your device" email scam asks for over six hundred USD to its wallet, which uses an address that malware experts can connect to other Bitcoin accounts involving themselves in similar social engineering tactics. Although it is showing some activity, how much of that is from victims paying ransoms is indefinite.

Paying a criminal ransom is rarely the right decision. In this case, it would be especially unfortunate since there is no evidence of the "I hacked your device" email scam's synchronizing up with actual Trojan, spyware attacks or hackings of e-mail accounts.

Getting Yourself Out of a Hacked Situation

Even if it presented itself flawlessly, the scenario that the "I hacked your device" email scam describes is an improbable series of events for extortion, even by the standards of Black Hat programmers. The "I hacked your device" email scam, also, includes various signs that could clue users into its fraudulence: improper English, referencing a keyboard-recording Trojan (or keylogger) as being a monitor-recording one inappropriately and making easily-falsifiable claims of mailing activity. Users can check their history for confirming that the "I hacked your device" email scam isn't a real message sent from their accounts and determine that the e-mail address in the 'from' field is a fake.

Although the "I hacked your device" email scam seems a bluff, malware experts recommend against opening corrupted spam e-mails, which can contain drive-by-download exploits or links to files that could damage your computer. Scanning your system afterward with appropriate anti-malware tools can help with confirming its safety. By itself, there's no need to do anything with an "I hacked your device" email scam, upon recognizing it, other than deleting it.

Victims who send money in the direction of an "I hacked your device" email scam will not be capable of getting them back without the threat actor's agreement. And such a display of generosity would be remarkable, in and of itself, from any con artist.