Sextortion Scam - “Just Like A Blind Kitten”
According to this email (included below), a hacker has installed “Remote Desktop Protocol” on your device and is monitoring your every digital move. Supposedly, the hacker has turned on your camera without you realising it and recorded your actions when you watched “embarrassing videos” on sites that “no ordinary man would visit”.
The hacker threatens to send these recordings to all of your contacts unless you pay him $990 in Bitcoin. He rather gleefully claims that you walked into this danger “just like a blind kitten”, and you must now pay up to protect your privacy or suffer the dreadful consequences.
However, the sender has not really created compromising videos of you, and his threat is without substance. The message is a scam that tries to panic people into sending their money to criminals.
There are hundreds of variations of these scam emails. The scammers send thousands of identical copies of the messages, hoping that a few recipients will take the claims seriously and pay up. They know that some people will react from a place of panic and send the Bitcoin because they believe the scammers’ false claims.
Note that if they really did have such compromising videos, they could prove it by simply sending you a copy.
What should you do if you receive one of these fake blackmail scam emails? Just delete it. Don’t engage with the scammer in any way.
The “Here’s your Password” Version
Some versions of these scam emails may appear considerably more credible because they include one of the recipient’s actual passwords as “proof” that their claims are valid.
The scammers know that if you receive an email that includes one of your passwords – even an old one you no longer use – you may be much more inclined to believe the claims and pay up. At first take, the inclusion of the password suggests that the scammer really does have access to your computer and may have really created the video as claimed.
In fact, even if you have not visited any porn sites, the fact that the scammer has apparently accessed your computer or accounts and harvested your password is naturally quite concerning.
So, how are the criminals getting these passwords? The most likely explanation is that they collect the passwords and the associated email addresses from old data breaches. Many commentators have pointed out that the passwords in the emails are very old and no longer being used.
In a report about the tactic, computer security expert Brian Krebs notes:
It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.
So, as with the “normal” versions of the scam that do not include passwords, the emails are just a bluff to trick you into paying up. The inclusion of the passwords adds an extra layer of undeserved credibility that may panic some recipients into complying with the scammer’s demands.
If you receive one of these emails, do not reply or respond. However, if the email includes a valid password that you currently use, you should change the password immediately.
An example of one of the scam emails:
Hello dear,
There is no reason to relax at all, but you don’t need to panic and have to read my message carefully.
It is really important, moreover, it’s crucial for you.
Joking asiԁe, I mean it. You don’t know who I am but I am more than familiar with you.
Probably, now the only question that torments your mind is how, am I correct?
well, your internet behaviour was very indiscreet and I’m pretty sure, you know it well. So do I.
you were browsing embarrassing ѵideos, clicking unsafe links and visiting websites that no orԁinary man would νisit.
I secretly embedded malware into an adult site, and you unknowingly wandered right into it. Just like a blind kitten, you didn’t know the ԁanger that was just near you.
while you were busy with your suspicious Internet activity, your system was breached by Remote Desktop Protocol, granting me unrestricted access to your device.
From that moment, I received the ability to observe everything happening on your screen, and discreetly activate your camera and microphone, and you wouldn’t ever realize it.
Thank you, I know, I am a smart guy.
Since then and until now I have been monitoring your internet activities.
Honestly, I was pretty upset with the things I saw.
I was daring to delνe far beyond into your digital footprint—call it excessive curiosity, if you will.
The result? An extensive stash of sensitive data extracted from your deνice, every corner of your web activity examined with scientific precision.
To make matters more intriguing, I’ve saνeԁ these recordings—clips that capture you partaking in, let’s say, pretty controversial moments within the privacy of your home.
These videos and snapshots are damningly clear: one side reveals the content you were watching, and the other…
well, it features you in situations we both know you wouldn’t want to be publsihed for public viewing.
Suffice it to say, I have all the pieces of the puzzle—images, recordings, and details of the far too ѵiνiԁ pictures. Pictures you definitely wouldn’t want anyone else to see.
However, with just a single click, I could reνeal this to eѵerẏ contact you haνe—no exceptions, no filters.
Now you are hoping for a rescue, I understand. But let me be clear: don’t expect any mercy or second chances from me.
Now, here’s the deal: I’m offering you a way out. Two choices, and what happens next depends entirely on your decision.
Option One: Pretend this message doesn’t exist. Ignore me, and you’ll quickly discover the consequences of that choice.
The video will be shared with your entire network. Your colleagues, friends, and family will have front-row seats to a spectacle you’d rather they never saw.
Imagine their reactions. Holy shit, what an embarrassment! well, actions have consequences. Don’t plaẏ the ѵictim—this is on ẏou.
Option Two: Pay me to keep this matter buried.
Consider it a privacy fee—a small price to ensure your secrets remain ωhere theẏ belong: hiԁԁen.
Here’s how it works: once I receive the payment, I’ll erase everything. No leaks. No traces. ẏour life continues as if nothing ever happened. The payment must be made in cryptocurrency—no exceptions.
I’m aiming for a resolution that works for us both, but let me emphasize: my terms are final and non-negotiable.
990 USD to my Bitcoin address beloẇ (remoѵe any spaces): [removed]
The Derbyshire Fairy Hoax
Since 2007, photographs have circulated that supposedly depict the remains of a fairy that was discovered by a man walking his dog between villages in Derbyshire, England.
However, the fairy depicted in the photographs is actually a model created as an April Fool’s Day prank by UK artist and magician Dan Baines.
Mr Baines placed the images on a website along with a detailed, although entirely fictional, description of the “find”. The website quickly received thousands of visitors interested in the Derbyshire fairy and its author was inundated with emails on the subject.
On April 1st, Mr Baines added a statement to the website, acknowledging that the fairy was a fake. He wrote:
Even if you believe in fairies, as I personally do, there will always have been an element of doubt in your mind that would suggest the remains are a hoax. However, the magic created by the possibility of the fairy being real is something you will remember for the rest of your life.
Alas the fairy is fake but my interest and belief has allowed me to create a work of art that is convincing and magical. I was also interested to see if fairy folklore is still a valid belief in modern society and I am pleased to say that yes it is! I have had more response from believers than I ever thought possible.
The images and selected parts of the description were soon posted on other websites, forums and blogs and also began circulating via email. However, many of the circulating versions did not include the artist’s statement owning up to the prank. The model is of such good quality, and the description so convincing, that many people truly believed that the “find” was genuine.
Humans have long had an intense fascination with magical creatures. Perhaps, deep down, many of us would like to believe that fairies really do live at the bottom of our gardens. The surprising popularity of the Derbyshire fairy suggests that it has successfully tapped into that deep-seated human fantasy. In fact, despite the artist’s public statement, some have refused to believe that the fairy is not real and have even suggested a cover-up.
On April 8, 2007, the fairy was sold on eBay for £280.00 and, according to the BBC, went to a private art collection in the United States.
Many years on, these photos still pop up on social media from time to time. I guess we all really do want to believe in fairies and other supernatural beings
Example:
Subject: Do Fairies live at the bottom of your garden?
Maybe not anymore, but a recent discovery would suggest that they probably did. What appear to be the mummified remains of a fairy have been discovered in the Derbyshire countryside.
The 8 inch remains complete with wings; skin, teeth and flowing red hair have been examined by anthropologists and forensic experts who can confirm that the body is genuine. X-rays of the ‘fairy’ reveal an anatomically identical skeleton to that of a child. The bones however, are hollow like those of a bird making them particularly light. The puzzling presence of a navel even suggests that the beings reproduce the same as humans despite the absense of reproductive organs.
The remains were discovered by a local man, who wishes to remain anonymous, while walking his dog along an old Roman road situated between the villages of Duffield and Belper.
Security Tip: Check To See if Your Email Address Is Associated With Any Data Breaches
You can check if your email address has been associated with any known data breaches by entering it into Troy Hunt’s excellent “have i been pwned” service.
If your email is linked to any data breaches, the search results will inform you and provide further information. It’s well worth checking your email addresses on the site every month or so.
Red Flag: Guaranteed Investment Returns With No Risk
Those of us with an entrepreneurial mindset tend to be open to exploring any interesting opportunities that might come our way.
But, if you encounter an "investment opportunity" that GUARANTEES a high return with NO RISK, lift your hands and slowly back away from the keyboard.
It's a scam!
All genuine investments carry risk. No investment system can guarantee that you will consistently earn large returns and have no risk of losing money. This is simply not how investments work.