You have most likely heard about the infamous sextortion e-mail scam. It claimed that the hackers recorded you through the webcam watching some explicit imagery—for educational purposes, obviously—and threatened you with letting know your friends and family unless you paid a hefty ransom.
The scam started circling the internet en mass in 2018, so it is time to adjust the story, some hackers said, and come up with a fresh strategy. The latest sextortion scam—reported by Redditers and covered by Bleeping Computer—claims that your spouse has cheated on you and promises you the evidence to back up the claim.
While the original version included victim’s real password to look legitimate, the new one uses the names of the victim and their spouse, seemingly knowing your relations. Sometimes it can even include hard-to-obtain information, like the middle name you rarely use, as some users found out.
One of the targeted users published the exact wording used:
“Hi [my name]
[Wife"s name] is cheating on you. Here a proof.
As a company engaged in cyber security we"ve found information related to [wife"s name] that interests you.
We made a full backup of his disk (We have all his address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all his contacts) and are willing to give you a full access to this data. For more details visit our website.”
Available user reports are just a few weeks old, so the scam seems to be still fresh and there are very little details known about the whole scheme. It is unknown how exactly the scammers try to capitalize on the victims.
One user mentioned that the linked site asked them to log in—a potential phishing attempt to steal credentials to services the victim uses. Alternatively, It might be just a first step toward directly monetizing users who are already suspicious of their spouse—either through a payment gate (promising the evidence) or by some kind of extortion.
Where does all the information come from? Several users said they mentioned information about their spouses on a wedding planning site “The Knot.” However, it is unknown whether there was any data breach that might be connected to the ongoing scamming campaign.
If these e-mails become prevalent—similar to the original scheme—more detailed information will be available to spread awareness about the current practices of online fraudsters.