Skip to main content

Fake e-mails are currently circulating again, indicating an overdue payment in your name. You should settle the debt as soon as possible. A PDF file with the supposed invoice is attached.

Supposed invoice

The attachment itself is harmless. It only contains text. In it, the attacker claims to have filmed the recipient watching porn. It threatens to pass on the compromising material unless a payment of €1,900 in Bitcoin is made. This is of course not genuine.

Example content of the file "invoice_xx-yy-202z.pdf":

Greetings!

I am a professional hacker and have successfully hacked your operating system. Currently, I have full access to your account. In addition, I have secretly monitored all your activities and watched you for several months. The thing is, your computer was infected with malicious spyware because you had previously visited a website with pornnographic content.

Let me explain to you what this means. Thanks to Trojan viruses, I can gain complete access to your computer or any other device you own. This means that I can see absolutely everything on your screen and switch on the camera and microphone at any time without your permission. I can also access and view your confidential information as well as your emails and chat messages.

You may be wondering why your antivirus programme can't detect my malware. Let me explain briefly: I use a driver-based malware that renews its signatures every 4 hours so that your antivirus programme cannot detect it.

I have created a video compilation that shows the scenes of you happily masturbating on the left, while the video you were watching at that moment is shown on the right...

All I have to do is share this video with all the email addresses and messenger contacts of people you are in contact with on your device or PC. In addition, I can also publish all your emails and chat histories.

I think you would definitely want to avoid this. You must therefore do the following: Transfer the equivalent of 1900€ worth of Bitcoins to my Bitcoins account (this is a fairly simple process that you can read about online if you don't know how to do this).

The following is the information about my Bitcoins account (Bitcoins wallet): ***********

Once the required amount is received in my account, I will delete all these videos and disappear from your life once and for all.

Please make sure you make the above transfer within 50 hours (2days +). I will receive a notification as soon as you open this email and the countdown will begin.

Believe me, I am very careful, calculating and never make mistakes. If I discover that you have shared this message with others, I will immediately start making your private videos public.

Good luck!

Forged sender

The sender of the email is fake. It was supposedly sent from your email address. You can tell that this is a fake from the message:

[This is an external email that was not sent from the TUBAF servers]

The email header contains details of the actual email server used to send the email. This is usually a poorly maintained server that the attacker has hacked or through which the sender addresses can be easily falsified.

Received: from tatsaechlicher.server.com (tatsaechlicher.server.com [123.456.78.90]) by
mailgateway.hrz.tu-freiberg.de with ESMTP id 4BK4nLTJ011716-4BK4nLTL011716
(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for
; Fri, 20 Dec 2024 05:49:22 +0100

What needs to be done?

Delete webcam blackmail email immediately

If you have received such an email, keep calm. Mark this e-mail as spam or delete it. Do not pay under any circumstances.

You can also file a complaint with the police, as blackmail is a criminal offence. However, the chances of success are very low.

You have already transferred money

If you have fallen for it and transferred the money to the scammers' Bitcoin account, the payment can unfortunately not be recalled.

You can also inform the police here and file a criminal complaint. Although there is a small chance that you will get your money back, only if a complaint is made can it be seriously pursued by the investigating authorities.

Do you have any questions?

IT Service Desk
University Computer Centre, Bernhard-von-Cotta-Str. 1, 09599 Freiberg
servicedesk [at] tu-freiberg.de +49 3731 39-1818

More information

For more information on the current threat situation, we have summarised some sources for you to read: