Powered by

Inside money, markets, and big tech

So you received the Bitcoin ‘masturbation vid’ email — here’s what to do

The return of the Bitcoin sextortionists

Welcome to Hard Fork Basics, a collection of informative guides to keep you up to date with the personal finance and investment world. This one is Bitcoin-themed.

There’s a “sextortion” email scam going around that demands Bitcoin BTC to keep steamy videos of you masturbating to pornography off the internet. It’s fake. Relax.

It’s also very old. While there are many variants, recent reports show an email that suggests a crafty hacker has “placed malware on the porn website” that you enjoy, which allowed them to record your screen and webcam feed.

The email then requests $1,900 worth of Bitcoin or else your Messenger, Facebook, and email contacts will receive a video of you jerking (or jilling) it, placed artfully alongside your kinky content of choice  a shoddy attempt at blackmail.

Bitcoin Sextortionists 2: Magic Pixel Evolved

It’s a preposterous premise, but the real hook is a recipients’ actual password, which is starred out in the screenshot below. Hard Fork reported on some of the first instances of the Bitcoin sextortion email in 2018.

Back then, fraudsters were warning their marks that a “magic pixel” had recorded their every move. More recently, emails have come with an embedded JPG image of the blackmail message in a bid to avoid spam detection.

bitcoin, sextortion, masturbation
Bitcoin sextortion example courtesy of BitcoinAbuse

Indeed, if you receive this email, it’s likely to reference a password that you might regularly use, or may have regularly used in the past. Don’t freak out: They probably found it in a PasteBin doc  not by hacking your machine.

BitcoinAbuse reports surge in April

It’s almost entirely likely that the phishers obtained your email and password from one of the thousands of data breaches that have occurred, and not by hacking your computer (or your porn website, for that matter).

Have I Been Pwned? is a handy tool to figure out where they might’ve found your password. Simply plug in your email address to see if this relates to you.

Bitcoin Abuse, a website that tracks these kinds of Bitcoin scams, has fielded almost 50,000 reports this year. April has seen a massive influx of submissions  over 41,000 — and while not all of them are specific to the sextortion scam, many are, and they’re coming in multiple languages.

That’s one erect blue bar, courtesy of BitcoinAbuse.

As for the success of these horny phishers: It seems they randomly generate fresh Bitcoin addresses for each recipient, which makes tracking them significantly harder.

Just do what the nice lady did

So, security researchers at Sophos advise you to do two things. First: Delete the email and move on.

The second is change the password referenced in the email, as it’s likely that other phishers also have access to it. Even if they’re old accounts, you should change them to protect your current ones.

Apart from that, it’s important to never send any money in response to any emails like these, Bitcoin or otherwise, and not to play into to the fraudsters’ hands by engaging any further.

They also emphasised that instructions in an email should not be followed “just because the message is insistent or because you’re frightened.”

In other words, do what this 84-year-old lady did when she was targeted by Bitcoin sextortionists: Ignore them, and eat a bagel.

Published April 20, 2020 — 16:12 UTC

Pssst, hey you!

Do you want to get the sassiest daily tech newsletter every day, in your inbox, for FREE? Of course you do: sign up for Big Spam here.