An xvideos sextortion scam threatens to expose users’ porn viewing habits to friends, family, and work colleagues.
The scammer claims to have recorded the user via the webcam while they viewed content on the xvideos adult website. The email is made more believable by the inclusion of the user’s password in the message body.
The scammer claims to have gained access to the email recipient’s computer and installed a keylogger. The malware allowed information to be obtained from the device, including the websites that the user has visited. Additionally, the malware allowed access to be gained to the computer’s microphone and webcam.
The scammer claims to have recorded audio and video footage while the user visited the popular adult website, xvideos. That footage was used to create a “double screen video” with one half of the screen showing the webcam footage while the other shows the adult content that was being viewed at the time.
The user is told that the malware installed on the computer allowed contacts to be harvested from Facebook, Messenger, and the user’s email account. The user is told to make a payment of $969 in Bitcoin to prevent the video from being emailed to every contact.
The scammer suggests that proof that the video is real can be obtained; however, requesting proof will see the video sent to 6 of the user’s contacts.
The Bitcoin address supplied in the email shows that 11 people have made payments totaling 0.959 Bitcoin – Around $3,272 – so it is clear that some people either believe the threat is real or they are not willing to take a chance.
These scams are easy to create and only require a list of email addresses and passwords, which can be easily purchased on underground marketplaces and forums. The passwords used in the emails are real and come from previous data breaches.
The passwords may be old, but they will no doubt be recognized. Users who do not practice good password hygiene may find their current password is supplied, adding to the realism of the scam.
These types of sextortion scams are becoming increasingly common. They are also highly effective. A similar scam was identified in December which also used old passwords and contained similar threats. The Bitcoin wallet used in that scam showed more than $50,000 in payments were made in a week.