If you’ve received one ore more emails stating that “I hacked your OS” asking for bitcoin, read on.
Note: There are many variations of this email scam.
Some of them have different email subject lines, while others have different content in the body of the message.
Check the comments section of this article for other variations that I’ve or others have recevied.
Don’t Panic
First off, don’t panic.
This is just another form of email scam.
Of course, you can change your password if you feel the need. But, it’s possible you’ll continue to get these types of emails.
I’m planning to dig into this further, by looking into the mail headers and my email server log.
But for now, I wanted to share information about these emails, in hopes to get the word out.
I Hacked Your OS Email Information
The email will look like it is from your email address, sent to your email address.
The body of the message will imply, and outright state, that the would-be hacker gained access to your email account to send it.
From what I’ve seen, the subject of these emails vary, but the body of the email stays largely the same.
First, I’ll share the various subjects of the emails I’ve received, then the body of one of them.
Subject Lines
- Email Scam: Security Alert. Your account was compromissed.
- Security Alert. Your accounts was compromised. You need change password!
- Caution! Attack hackers to your account!
- Security Alert. Your accounts was hacked by criminal group.
- Frauders known your old passwords. Access data must be changed.
- Security Notice. Someone have access to your system.
- Your account was under attack! Change your access data!
- Be sure to read this message! Your personal data is threatened!
- Frauders known your old passwords. Access data must be changed.
I’ll try to remember to keep updating this article with new subject lines as I receive them.
I Hacked Your OS Email Body
By in large, the body of the “account was compromised” email contains the following:
Hello!
I have bad news for you.
09/11/2018 – on this day I hacked your OS and got full access to your account {[email protected]}
On this day your account {[email protected]} has password: defb69dd289f7cdaf67eaa0b298835e5
So, you can change the password, yes.. Or already changed… But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability. I used it…
If you interested you can read about it: CVE-2019-1663 – a vulnerability in the web-based management interface of the Cisco routers.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full backup of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I’m talk you about sites for adults.
I want to say – you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea….
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!
I’m know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $793 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 1CNfocKkaC55X5diSH5EzUyZvK4oVqYEUe
You do not know how to use bitcoins?
Enter a query in any search engine: “how to replenish btc wallet”.
It’s extremely easy
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.
After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.
I hope you understand your situation.
– Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
– Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)
– Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just good do my job.
Good luck.
Various Bitcoin (BTC) Wallets
Here are the different Bitcoin (BTC) Wallets that have been shared in the emails.
- 1CNfocKkaC55X5diSH5EzUyZvK4oVqYEUe
- 12s4cfoNTzT68gSdxLjmSRT3qdvaqwDWNz
- 3McoxccgWujspEsxw84g8psBK2XaXx4Dyh
- 179UHmZhfhaRg1mMTHjgjR1VXP514YzZj
Again, as I receive more of these emails, I’ll try and update the above list.
Why I Know It’s A Scam
The “I hacked your OS” email has many signs of being a scam.
First, in many of them, there are blatant misspellings and formatting issues.
If a hacker really was exploiting me, I suspect they’d be more careful with the construction of their blackmail letter.
Second, I work off two primary computers. One at home, and the other at the office.
My home computer doesn’t have a microphone or a camera.
My office computer does have a camera/microphone device, but I always have it pointing down or away from me when I’m not using it.
I do have a notebook I use from time to time that has a forward facing camera.
But, I’m not too worried about it, because…
I haven’t surfed porn.
That’s not to say I haven’t come across some pretty risqué sites ever, because I have.
When writing about subjects like puffy nipples, man boobs, or even wedgies, you’ll come across some very interesting sites.
But, I haven’t purposely surfed for porn, and I definitely have not done anything questionable with a webcam pointed at me.
It’s been reported elsewhere.
I’ve seen several other sites reporting this email scam as well.
Some of them imply that email passwords have been compromised, but from the emails I’ve received, I’m not so sure that is the case.
Of course, there’s no harm in changing your email account password.
Also, it’s always a good practice to change passwords every once in a while.
I got two emails today to a seldom used email account
The title said “Your account has been hacked Password… (Actually listed my email password)
The rest of email was similar to your examples. I did immediately change my passwords and set up 2 part authentication. While doing this I got a notice from Amazon UK sending me a password recovery code. I immediately opened a web browser and went to the Amazon uk site.. I signed in using the email address and it sent me a two part verification code to my email address that was said to be hacked. I immediately changed the password to something I use no where else and then closed the account.
I have sense been updating all of my account passwords.
***The concerning part** is that I have emails coming through to my outlook account that are attached to the ” hacked” account. Yet when I go to the web and independently sign into my all account it does not have all the emails listed that my outlook account shows were sent to the email that has been “hacked”. I tried sending a test email to the ” hacked” account and it came through..
After quite a delay.. I then sent a password change request to a shopping site I haven’t used in years.. The reset email came to my outlook account for the hacked email address but it never showed up on the AOL email website when I logged into the account via AOL.. Is it possible they have put some type of forward on my “hacked” email?
I am not worried about porn, etc.. But I am concerned they may have access to my email via an email forward program?
hey linda, thanks for stopping by and posting your question.
so, here’s how it normally works — the scammers don’t (normally) actually have access to the account.
even though the ‘from’ email shows as coming from your account, the email scammers are just using an external mail sending tool and setting the ‘from’ address as your email address. they’re not actually in your account sending emails from it.
if you changed the passwords on your old email and your outlook email, and setup 2-factor authentication, i think you’ll be ok.
I know this is a year old, but I’ve literally gotten 6 emails about this in the last 6 days (3 on Monday). I know it’s a scam, but I’m still curious as to why it’s not worrisome at all that the previous password was found? No matter whether they have the current one, the previous one was found and should have been secure.
many of us have a ton online accounts, and most people use the same password or at least the same few passwords.
so, you don’t really know if they actually hacked your email, or got your password from some other data breach where you may have used the same password.
also, keep in mind that these email “hacks” are not actually hacks from within your email most of the time. they’re just relaying the email through other email servers, but do it in a way that looks like it’s coming from within your email. email headers can tell you a lot about what’s going on, and where the email is actually coming from.
we have no control over whether or not the other online systems we use can be exploited. so when/if they do, our passwords are fair game.
your best defense to minimize password hacks in the future is to use a unique password everywhere, or use some form 2-step authentication.
I’ve gotten 5 emails between May and June this year (2020) of the one you described in your blog post from just over a year ago. One coming from a device that was located in Italy using a vodafone.it access point because the hostname was sent in the header.
1st Bitcoin Address: 1DMXRoTxx7KLW7dY8BvxQ5qEshR4LnnAzs
Subject: “H¡gh level of r¡sk. Your account has been hacked. Change yøur passwørd.”
2nd Bitcoin Address: 1KL9bZN1qo2KA4XG7b365UFwcay658TLV1
Subject: “Security Alert. Your accounts was hacked by criminal group.”
3rd Bitcoin Address: 1DnqEzkdk7J1R5vURQx9cuQkpqQbUd1VSC
Subject: “Yo˙r acco˙nt has sÝgns of hackÝng and blockÝng. Please contact wÝth Sec˙rÝty Department of [my website]”
4th Bitcoin Address: 1PNzJwB1CuVnKqKJQnu31E5ckiz9VxTcND
Subject: “According tο our security service, your account has been hacked. Change your password immediately.”
5th Bitcoin Address: 1GYKeSn41dEXJL1SuZPUGxXF5fgrbMcReT
Subject: “[SPAM] [old password]”
Note:
“[my website]” used in place of my website (so as to respect your site by not “advertising” in the comment section) and “[old password]” used in place of an old password to that bit.ly account I mentioned earlier in this comment.
thanks very much vashnik! appreciate you coming by and sharing that info!
crazy stuff.
I just received the almost exact e-mail scam. Stating they have bad news for me. Like said above I knew it was not true because I don’t go to porn web sites and have done nothing inappropriate in front of my computer but it’s still scary to get this.
I know because unfortunately, I had already fallen victim to another type of scam that I did pay. It was a lock out scam requiring immediate attention with alarms going off and unable to get my computer to respond well I panicked and didn’t think, I should of checked with my virus protection subscription before doing anything else but I was foolish (stupid honestly). After the whole ordeal was kind of over I checked on line and there was the exact scam that had just gotten me word for word and showing the whole lock out screen. I to this day still feel foolish and angry.
My 48 hour clock started sometime late this morning despite knowing my behavior it still unsettling. Thanks for listening Mike
I just got one of these buggers myself.
“Hello!
This is important information for you!
Some months ago I hacked your OS and got full access to your account edohiguma@XXXXXXX
On day of hack your account edohiguma@XXXXXXX has password: 12345(not really)
So, you can change the password, yes.. Or already changed… But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability. I used it…
If you interested you can read about it: CVE-2019-1663 – a vulnerability in the web-based management interface of the Cisco routers.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full backup of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I’m talk you about sites for adults.
I want to say – you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea….
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!
I’m know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $776 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 1LwoM3aSGNhtPyGrH9XAZWMAxmjkFe6zLa
You do not know how to use bitcoins?
Enter a query in any search engine: “how to replenish btc wallet”.
It’s extremely easy
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.
After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.
I hope you understand your situation.
– Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
– Do not try to contact me (this is impossible, I wrote this letter from your account)
– Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just good do my job.
Good luck.”
First thing that struck me was, that password? That was never my email password. I always use a much longer one. And that email address? Not one I use for OS use.
The biggest tell was the claim that he had mirrored all my files, and I ended up thinking, with my bad internet and my meager upload speed? Yeah, good luck, that would take literally weeks. My router isn’t from Cisco either.
Had a look around online and voila, found this place and a few others, like on reddit, and the consensus seems clear. A short look at haveibeenpwned showed my mail and PW combo was in 11 site breaches in the past, none of them my email, and I only use 3 of those sites anymore, so it was easy to switch that stuff out.
thanks for sharing!
here’s a slightly different worded email, but generally similar to the last comment i posted.
the irony in this message is that it was sent as an image, not text.
so, i’m not sure why the person extorting me asked me to “copy and paste it”.
maybe i’ll send $0.01 of bitcoin just to fuck with them.
—
Hi, your account has been infected! Renew your pswd right now!
You probably do not know me me and you obviously are definitely surprised why you are reading this particular message, proper?
I’m hacker who cracked your email and devices and gadgets some time ago.
It will be a time wasting to try to msg me or alternatively see for me, it is definitely impossible, considering that I directed you a letter from YOUR own hacked account.
I started malware software to the adult vids (porn) website and guess you enjoyed this site to have some fun (think you understand what I want to say).
When you have been paying attention to content, your internet browser began functioning as a RDP (Remote Control) that have a keylogger which gave me permission to access your display and web camera.
Then, my software gathered all information.
You wrote passwords on the web services you visited, and I caught them.
Of course, it’s possible to modify them, or already modified them.
However, it doesn’t matter, my malware updates it every 5 minutes.
What actually did I do?
I generated a reserve copy of every your device. Of all the files and contact lists.
I have managed to create dual-screen video recording. The 1 screen shows the clip that you were watching (you’ve got a good preferences, ahah…), the second part presents the movie from your web camera.
What actually should you do?
Well, I think, 1000 USD is a realistic amount of money for this small riddle.
You will do the deposit by bitcoins (if you don’t recognize this, search “how to buy bitcoin” in Google).
My bitcoin wallet address:
12i8q8K7apATJworX48SqQzNgiVmPpWGpz
(it is cAsE sensitive, so copy and paste it)
Attention:
You will have only 2 days to perform the payment. (I have a unique pixel to this letter, and at this moment I understand that you’ve read this email).
To trace the reading of a message and the actions inside it, I utilize a Facebook pixel. Thanks to them. (That which can be used for the authorities may help us.)
If I fail to get bitcoins, I will certainly offer your recording to all your contacts, including family members, co-workers, and so forth?
—
here is the actual image i received
i’ve also received the following email:
——
Hi, your account has been infected! Renew the password this time!
You do not know anything about me and you may be probably surprised for what reason you’re reading this particular letter, proper?
I’m hacker who exploited your email and all devices not so long ago.
Never try out to msg me or alternatively seek for me, it’s impossible,
because I forwarded you this message using YOUR hacked account.
I’ve installed special program on the adult videos (porno) site
and guess that you visited this site to have fun (you understand what I mean).
While you have been keeping an eye on video clips,
your internet browser started out to act like a RDP (Remote Control)
having a keylogger that provided me access to your screen and network camera.
Then, my softobtainedall information.
You have typed passcodes on the online resources you visited, I caught them.
Surely, you are able change each of them, or have already modified them.
However it doesn’t matter, my program renews needed data regularly.
What actually I have done?
I generated a reserve copy of every your system. Of all the files and each contact.
I formed a dual-screen videofile.
The first part displays the film that you were watching (you have got an interesting preferences, ahahhh…),and the second screen displays the recording from your own camera.
What exactly should you do?
Clearly, I think, $788(USD) will be a fair price for our small riddle.
You will make the deposit by bitcoins
(if you do not understand this, go searching “how to purchase bitcoin” in any search engine).
My bitcoin wallet address: 12s4cfoNTzT68gSdxLjmSRT3qdvaqwDWNz
(It is cAsE sensitive, so copy and paste it).
Important:
You will have 2 days in order to make the payment.
(I have an unique pixel in this letter, and at the moment I understand that you’ve read through this email).
To trace the reading of a message and the actions in it, I utilize a Facebook pixel.
Thanks to them. (That which is used for the authorities may help us.)
In case I fail to get bitcoins, I shall undoubtedly send your video files to each of your contacts, along with relatives, co-workers, etc?