Escalating Sextortion Scams: 'Hello Pervert' Emails Demand Higher Ransoms

TL;DR

Sextortion emails starting with “Hello pervert” are evolving, with scammers now demanding higher ransoms. These emails threaten to expose compromising footage unless a payment is made. Learn how to identify and protect yourself from these scams.

Escalating Sextortion Scams: “Hello Pervert” Emails Demand Higher Ransoms

Every so often, sextortion emails starting with “Hello pervert” undergo a redesign. You might have received one yourself: these emails claim that the sender has been monitoring your online behavior and has compromising footage of your activities. The emails typically begin with “Hello pervert” and proceed to claim that you have been watching pornographic material. The sender often states that they possess footage of your activities and threatens to share it with your email contacts unless you pay a ransom. The tone of these emails is threatening and designed to provoke fear and urgency.

Thousands of people visit our website weekly seeking information on these sextortion emails. Now, we’re observing a new version of these emails with features not seen before. Interestingly, just as the cost of living has risen, so has the amount of money demanded by the scammers. This latest email variant also provides clues about the probable origin of these scams.

“Hello pervert, I’ve sent this message from your Microsoft account. I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisely. Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, macOS, and Windows. I guess you already figured out where I’m getting at. It’s been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the internet. During this period, I’ve learned about all aspects of your private life, but one is of special significance to me. I’ve recorded many videos of you jerking off to highly controversial porn videos. Given that the ‘questionable’ genre is almost always the same, I can conclude that you have sick perversion. I doubt you’d want your friends, family, and co-workers to know about it. However, I can do it in a few clicks. Every number in your contact list will suddenly receive these videos – on WhatsApp, on Telegram, on Instagram, on Facebook, on email – everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your former life. Don’t think of yourself as an innocent victim. No one knows where your perversion might lead in the future, so consider this a kind of deserved punishment to stop you. I’m some kind of God who sees everything. However, don’t panic. As we know, God is merciful and forgiving, and so do I. But my mercy is not free. Transfer $1650 to my Litecoin (LTC) wallet: {redacted} Once I receive confirmation of the transaction, I will permanently delete all videos compromising you, uninstall Pegasus from all of your devices, and disappear from your life. You can be sure – my benefit is only money. Otherwise, I wouldn’t be writing to you, but destroy your life without a word in a second. I’ll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are uncharted waters for you, don’t worry, it’s very simple. Just google ‘crypto exchange’ or ‘buy Litecoin’ and then it will be no harder than buying some useless stuff on Amazon. I strongly warn you against the following:

• Do not reply to this email. I’ve sent it from your Microsoft account.
• Do not contact the police. I have access to all your devices, and as soon as I find out you ran to the cops, videos will be published.
• Don’t try to reset or destroy your devices. As I mentioned above: I’m monitoring all your activity, so you either agree to my terms or the videos are published.

Also, don’t forget that cryptocurrencies are anonymous, so it’s impossible to identify me using the provided address. Good luck, my perverted friend. I hope this is the last time we hear from each other. And some friendly advice: from now on, don’t be so careless about your online security.”

Spoofing Your Email Address

One clever trick the scammers use is claiming they’ve sent the email from your Microsoft account. The sender spoofs your email address, hoping it makes you believe your device is compromised. It’s easy for scammers to spoof an email address because the email system doesn’t verify the sender’s authenticity. Even if an email appears to be from someone you know or even yourself, it could be from a scammer.

If you’re technically savvy, checking the authentication results in the email header can reveal that the email failed because the IP address doesn’t match the domain. However, most people receiving the email wouldn’t think to do this, so the email spoofing might add legitimacy to the scam.

Encoding Errors

Examining the source of the email provides insights into its origin. The intro shows repeated use of “=D1=96” and other encoding errors. The text is riddled with encoding errors, typically appearing when Cyrillic or other non-Latin characters are misinterpreted as UTF-8 or quoted-printable, or when text is generated or processed by automated systems not properly handling character sets.

The sequence =D1=96 is the quoted-printable encoding for the Unicode character U+0456, which is the Cyrillic letter “i”. This encoding error strongly suggests that the writer’s native language uses the Cyrillic script, predominantly used in Eastern European and Central Asian countries, with Russian being the most prominent.

These errors also indicate that the scammer doesn’t use the most sophisticated tools. The awkward sentence structures and repetitive language are consistent with automated text generation or translation, typical of low-effort, high-volume campaigns, not personalized or natural-sounding.

Price Hike

In April, the scammers demanded $1200, and in May, it was $1450. Now, the ransom has increased to $1650.

Several factors could explain this increase. The cost of the operation may have risen, or the scammers might feel the value of their threat has increased. Scammers often start with a reasonable amount and incrementally increase it to gauge the maximum amount people are willing to pay to avoid the threatened consequences.

Fortunately, the mentioned Litecoin wallets are empty. Let’s keep it that way.

How to Spot a Sextortion Email

Once you’re aware of them, it’s easy to recognize these emails. Not all emails will include every characteristic listed below, but each is a red flag.

• They often appear to be sent from your own email address.
• The scammer accuses you of inappropriate behavior and claims to have footage of that behavior.
• The scammer claims to have used Pegasus or some Trojan to spy on you through your own computer.
• The scammer says they know your password and may even offer one as “proof”. This password is likely to have been stolen in a separate data breach and is unrelated to the sextortion email itself.
• You are urged to pay up quickly, or the so-called footage will be spread to all your contacts. Often you’re only allowed one day to pay.
• The actual message often arrives as an image or a PDF attachment. Scammers do this to bypass phishing filters.

How to React to Sextortion Emails

First and foremost, never reply to emails of this kind. It may signal to the sender that someone is reading the emails sent to that address, leading to further attempts to defraud you.

• Don’t let yourself get rushed into action or decisions. Scammers rely on the fact that you will not take the time to think this through and subsequently make mistakes.
• Do not open unsolicited attachments, especially when the sender’s address is suspicious or even your own.
• If the email includes a password, ensure you are not using it anymore and change it immediately if you are.
• If you have trouble organizing your passwords, consider using a password manager.
• For peace of mind, turn off your webcam or use a webcam cover when not in use.

Check Your Digital Footprint

Sextortion emails often contain passwords stolen in other data breaches and posted online. To find out what personal data of yours has been exposed online, use our free Digital Footprint scan. Submit the email address you’re curious about (preferably the one you use most frequently) to receive a free report.

SCAN NOW

Additional Resources

For further insights, check:

• Email Spoofing Explained
• Understanding UTF-8 and Quoted-Printable
• Password Management Tips

Conclusion

Sextortion emails continue to evolve, with scammers demanding higher ransoms and employing new tactics to appear legitimate. Understanding the characteristics of these emails and taking proactive measures can help protect you from falling victim to these scams. Stay vigilant and informed to safeguard your digital identity.