About “Unfortunately, There Are Some Bad News For You” Email Scam
The sender of the “Unfortunately, There Are Some Bad News For You” email scam claims that they have a private video of you watching pornography and threaten to publish it online if you refuse to pay the requested $1750 in Bitcoin. While the email may seem alarming, this is nothing more than a sextortion scam. It’s a pretty generic sextortion scam at that. Over the last couple of years, there has been an increase in these kinds of sextortion scams but they’re often so ridiculous that users rarely fall for them. If you get this email in your inbox, you can just ignore it or simply remove it from your inbox.
Sextortion scam emails have become more prevalent in recent years, and new campaigns are constantly being launched. Though they are usually controlled by different groups of malicious actors, the sextortion emails are always more or less identical. They follow the same pattern. Firstly, they immediately try to catch users’ attention with alarming claims like “I have obtained access to your devices that you were using to browse internet”. Scammers then try to further scare users by claiming that they were able to make a video of users watching pornographic content. Finally, they threaten to release the video to all users’ contacts if they refuse to pay a certain sum of money.
The “Unfortunately, There Are Some Bad News For You” email scam is written in very awkward English, which is a common characteristic of such emails. In clumsy English, the scammer explains that they purchased your email address, which supposedly allowed them to install trojans on all of your devices. Supposedly, the trojan gave full access to the device to the scammers, allowing them to turn features like the microphone and camera on/off. According to the email, the “hacker” noticed that you visit certain pornographic websites and decided to make a video of you watching pornography. They also claim to have stolen your information, including messages, social media credentials, contact lists, chat history, etc. They threaten to send the video (supposedly showing you on one side and the video you were supposedly watching on the other) to all stolen contacts if you do not agree to pay $1750 to one of the provided Bitcoin wallets. The scammer gives you 48 hours to send the money. Since this is nothing more than a sextortion email, you do not need to worry about malware on your computer or a supposed private video of you. All of the claims in this email are complete nonsense.
There are different variations of these types of emails. Sextortion emails are one of the more believable scams. Other scam campaigns include scammers claiming that an assassination hit will be carried out on users if they do not agree to pay a certain sum of money. Another scammer threatens to detonate a bomb at the users’ place of employment. And when the COVID-19 pandemic began, scammers started sending out emails threatening to infect users and their families with the virus. Most of these threatening emails are often unsuccessful and users rarely transfer money to the scammers’ wallets. But unfortunately, sextortion scams, in particular, are occasionally successful.
Why did you receive this sextortion scam email?
Sextortion scam emails like this one frequently allege that users are receiving the emails because a trojan has been installed on their devices and their email accounts have been compromised. In reality, users receive sextortion scams because their email addresses have been leaked by some service. It’s not uncommon for this to happen because services often get hacked or do not have sufficient security to secure users’ data. You can check whether your email address has been leaked on haveibeenpwned. If it has, you’ll likely receive more scam/malicious emails in the future.
Some scam emails also include users’ passwords in hopes that they will convince users that the email is legitimate. It’s effective in some cases because some users do wonder how else would the senders of the emails have the passwords. In reality, the passwords are obtained the same way email addresses are, from hacker forums. Just like email addresses, passwords are also leaked by services when they’re not properly secured. If an email reveals a password you actually use, you need to change it immediately. Keep in mind that passwords need to be unique to each account. If you reuse passwords, and it gets leaked one time, malicious actors would be able to access all other accounts that have the same password. Passwords should also be complex to make them difficult to crack. A strong password contains a combination of upper and lowercase letters, as well as numbers and symbols. The more complex a password is, the longer it will take to crack it. A password manager is recommended for many users. It would not only store passwords safely but also generate strong ones.