A deeply troubling new extortion scam has emerged through spam emails, where scammers claim to be hackers with compromising footage of the recipient. The email threatens to leak videos and personal information publicly, unless a ransom payment is made in bitcoin.
Known as the “I Am A Professional Hacker” email scam, this scheme spreads through mass spamming. The alarming messages are specifically designed to generate fear in order to extort money. This article will provide an in-depth analysis of how this scam works, how to spot extortion emails, and what actions to take to protect yourself.
This Article Contains:
Overview of the Scam Email
The “Professional Hacker” scam email pretends to be from a hacker who has infiltrated your computer and obtained private videos and information. Here are the key elements that make up this scam:
Subject Line Uses Urgent Wording
The email has an alarming subject line, typically stating “Your personal data has leaked due to suspected harmful activities”. This hints at a serious data breach to compel the recipient to open and read the message.
Opens With Intimidating Introduction
The opening line declares “I am a professional hacker” and claims full access to your computer was achieved by infecting it with malware. This establishes a threatening tone from the outset.
Details Fictitious Hacking Activities
Elaborate explanations follow on how the malware allegedly monitors your activities through your webcam, microphone, and by recording your private data. This aims to sound convincing.
Mentions Compromising Video Footage
The centerpiece of the scam is the claim that videos were recorded of you in compromising situations, mainly watching pornographic content. This creates fear and embarrassment.
Threatens To Leak Footage Publicly
The email threatens to share the fake videos with all your contacts unless a ransom is paid promptly. This weaponizes fear of public humiliation to extort money.
Demands Untraceable Ransom Payment
Payment is demanded via untraceable bitcoin within a short timeframe. It also warns not to contact authorities, as that will trigger video releases. This allows scammers to remain anonymous.
By preying on human fear and vulnerability, this scam email aims to dupe recipients out of money. Awareness of its specific techniques is key to recognizing and rejecting it.
Here is how a scam email looks:
Subject: Your personal data has leaked due to suspected harmful activities. Hi there! I am a professional hacker and have successfully managed to hack your operating system. Currently I have gained full access to your account. In addition, I was secretly monitoring all your activities and watching you for several months. The thing is your computer was infected with harmful spyware due to the fact that you had visited a website with porn content previously. Let me explain to you what that entails. Thanks to Trojan viruses, I can gain complete access to your computer or any other device that you own. It means that I can see absolutely everything in your screen and switch on the camera as well as microphone at any point of time without your permission. In addition, I can also access and see your confidential information as well as your emails and chat messages. You may be wondering why your antivirus cannot detect my malicious software. Let me break it down for you: I am using harmful software that is driver-based, which refreshes its signatures on 4-hourly basis, hence your antivirus is unable to detect it presence. I have made a video compilation, which shows on the left side the scenes of you happily masturbating, while on the right side it demonstrates the video you were watching at that moment… All I need is just to share this video to all email addresses and messenger contacts of people you are in communication with on your device or PC. Furthermore, I can also make public all your emails and chat history. I believe you would definitely want to avoid this from happening. Here is what you need to do – transfer the Bitcoin equivalent of 850 USD to my Bitcoin account (that is rather a simple process, which you can check out online in case if you don’t know how to do that). Below is my bitcoin account information (Bitcoin wallet): 12nEVuGNtRFMVjeVmLtD4nt2sHX68S47yH Once the required amount is transferred to my account, I will proceed with deleting all those videos and disappear from your life once and for all. Kindly ensure you complete the abovementioned transfer within 50 hours (2 days +). I will receive a notification right after you open this email, hence the countdown will start. Trust me, I am very careful, calculative and never make mistakes. If I discover that you shared this message with others, I will straight away proceed with making your private videos public. Good luck!
How the Scam Email Works in Detail
The “Professional Hacker” extortion scheme employs various deceptive tactics to make the email appear legit and frighten recipients. Here’s a step-by-step look at how cybercriminals execute this scam:
1. Scammers Obtain Email Addresses
Hackers and scammers have many ways of gathering people’s email addresses to target with spam campaigns. They may:
- Purchase lists of emails on the dark web
- Use malware to steal address books and contact lists from compromised computers
- Utilize email scraping tools to harvest addresses from websites
- Exploit vulnerabilities in websites and databases to access user account info
Email lists can also be leaked through data breaches. The more email addresses these criminals have, the more potential victims they can reach.
2. Spoof the Sender’s Email Address
To make the “Professional Hacker” email appear legit, scammers use spoofing techniques to mask the origin of the message.
They alter the sender’s email address in the message header to show the recipient’s own email instead of the actual sender’s address. So when you receive the scam email, it will look like it’s coming from your own account.
Seeing your own email address as the sender makes it seem like you actually sent the message yourself, lending credibility to the hackers’ claims that they control your device.
3. Craft a Fear-Inducing Message
The scam email is carefully worded to scare and pressure recipients. The message asserts that the hackers have access to your personal data, browsing history, camera, etc.
They make threats to share or leak compromising videos or information extracted from your device. The tone is demanding and urgent, giving a short deadline to pay up or else face consequences.
Including some personal details like the recipient’s email address helps make the email appear convincingly customized and legitimate. The ransom payment demand ranges from $500 to $1000 or more.
4. Provide Bitcoin Payment Instructions
The scammers insist on payment through Bitcoin, a decentralized digital currency. Bitcoin transactions are pseudonymous, making it very difficult to trace who sends and receives funds.
The email includes Bitcoin wallet addresses and demands the ransom money be deposited into those accounts within 24-48 hours. It may also give instructions for purchasing Bitcoin for those unfamiliar with cryptocurrency.
Bitcoin allows scammers to easily collect ransom payments from victims while staying anonymous. Traditional bank transactions tend to have more security protections and paper trails.
5. Sit Back and Profit
After blasting out the fraudulent “Professional Hacker” emails en masse, the scammers simply wait for panicked victims to pay up.
Even if only 1% of recipients submit the ransom, that’s still a lot of easy money for virtually no work. Successful collections incentivize the hackers to keep running this type of extortion campaign.
They never actually have to follow through on threats of leaking videos or personal data, since their intent is solely to swindle people out of money. No real hacking necessary.
Is the Professional Hacker email legit or a scam?
It’s understandable to feel uncertain about the validity of an email claiming your account was hacked. However, the “Professional Hacker” message is a definite scam. Here are some signs it’s fraudulent:
- It demands urgent payment to avoid consequences – legitimate companies won’t insist on rushed payments under threats.
- Payment is demanded through Bitcoin or other cryptocurrencies, which are difficult to trace. Real companies typically don’t insist on these.
- The sender address is likely spoofed to show your own email instead of the scammer’s actual address. This is a technique scammers use.
- There are spelling/grammar errors and inconsistencies in the message. Legitimate warnings from recognized companies will be professional and polished.
- Threats to release or leak private data if payment isn’t received are bullying tactics that legitimate businesses won’t use.
- The scammers claim they’ve recorded inappropriate videos of you, infected your device, stolen sensitive information, etc. but provide no real proof or evidence that this occurred.
- The message creates extreme urgency, demanding payment within 24-48 hours. Valid warnings won’t force you to act rashly under duress.
- The email threatens consequences but doesn’t specify what information was compromised or what damage was done. Authentic security alerts will provide details.
- The criminals promise that paying them will make the supposed problems disappear. Real companies won’t expect a payment to magically fix a complex security breach.
If you have any doubts about the legitimacy of a concerning email, reach out to the company in question directly using contact information on their official website. Never act solely on the basis of an unsolicited email without verification. Apply scrutiny to examine the message for red flags and telltale signs of a scam.
How to Spot This Scam Email
The crooks behind this scam are determined to make their emails appear legit, but there are ways to discern fraudulent messages:
- Sender’s Address – Many times the scammers will spoof the sender address to show your own email rather than theirs. But you can view the full email header to check the actual origin.
- Grammatical/Spelling Errors – Phishing emails often contain typos, poor grammar and punctuation. A message from a real established company will be professionally written.
- Threatening Demands – Real companies won’t insist you pay within hours under threat of leaking videos or other consequences. Extortion is a sign of criminals.
- Generic Greeting – Scam emails won’t address you by name and often start impersonally with “Dear user” or “Hello” rather than a customized greeting.
- Sense of Urgency – Pressuring language telling you to act quickly is a red flag. Valid notices will allow reasonable time to verify and respond.
- Spoofed Company Logos – Scammers copy logos of trusted brands, but look closely as there may be subtle differences from the real deal.
- Request for Bitcoin – Credible businesses do not demand payment solely through Bitcoin. Criminals prefer cryptocurrency for its anonymity.
- Threats to Expose You – A real company would not threaten to publicly share videos or data about you. This is blackmail.
- No Proof Provided – The email won’t contain any actual evidence that your account was compromised as claimed.
Stay vigilant and use common sense when evaluating any unsolicited email. If anything seems suspicious, you can perform additional checks to confirm whether it is legitimate.
What to Do If You Receive This Email
If you receive the alarming “Professional Hacker” extortion email in your inbox, stay calm and take the following steps:
1. Ignore Payment Demands
No matter how threatening the email seems, never pay the ransom demand. The scammers do not actually have compromising footage of you, and their threats are empty.
2. Do Not Reply to the Email
Replying simply verifies to scammers that they reached an active email address. Instead, delete the message right away to sever contact.
3. Scan Your Devices for Malware
Run thorough malware scans on all your devices to check for viruses or spyware, just in case. Use reliable antivirus and anti-malware software.
4. Change Online Account Passwords
As a precaution, change passwords on your email, social media, and financial accounts in case of a breach. Enable two-factor authentication also.
5. Contact the Email Service Provider
Report the scam email/sender as phishing or spam to your email provider like Gmail or Outlook so they block the source.
6. File a Report With the FBI
Submit a complaint with the FBI’s Internet Crime Complaint Center at www.ic3.gov. This helps authorities track and shut down scams.
7. Educate Yourself on Similar Scams
Learn about related sextortion, malware, and phishing scams so you can identify and avoid them. Knowledge protects you.
8. Warn Contacts About the Scam
Kindly alert your friends, colleagues and family to watch for this scam email. This prevents the scam from spreading further.
Stay vigilant, but rest assured this scam email does not actually have compromising information or videos of you. Ignore the threats and delete the message.
Is Your Device Infected? Check for Malware
If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.
Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.
Scan your computer with Malwarebytes for Windows to remove malware
Malwarebytes is one of the most popular and most used anti-malware software for Windows, and for good reasons. It is able to destroy many types of malware that other software tends to miss, without costing you absolutely nothing. When it comes to cleaning up an infected device, Malwarebytes has always been free and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Windows.
You can download Malwarebytes by clicking the link below.MALWAREBYTES FOR WINDOWS DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes)
Double-click on the Malwarebytes setup file.
When Malwarebytes has finished downloading, double-click on the MBSetup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
You may be presented with a User Account Control pop-up asking if you want to allow Malwarebytes to make changes to your device. If this happens, you should click “Yes” to continue with the Malwarebytes installation.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes setup wizard which will guide you through the installation process. The Malwarebytes installer will first ask you what type of computer are you installing this program on, click either Personal Computer or Work Computer.
On the next screen, click “Install” to install Malwarebytes on your computer.
When your Malwarebytes installation completes, the program opens the Welcome to Malwarebytes screen.
Click on “Scan”.
Malwarebytes is now installed on your computer, to start a scan click on the “Scan” button. Malwarebytes will automatically update the antivirus database and start scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the Malwarebytes scan is finished scanning it will show a screen that displays any malware, adware, or potentially unwanted programs that it has detected. To remove the adware and other malicious programs that Malwarebytes has found, click on the “Quarantine” button.
Malwarebytes will now remove all the malicious files and registry keys that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your computer should now be free of trojans, adware, browser hijackers, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future.
If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Scan your computer with Malwarebytes for Mac to remove malware
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.MALWAREBYTES FOR MAC DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes for Mac)
Double-click on the Malwarebytes setup file.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your Mac should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future.
If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Scan your phone with Malwarebytes for Android to remove malware
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.MALWAREBYTES FOR ANDROID DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes for Android)
Install Malwarebytes for Android on your phone.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options.
This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue.
Tap on “Got it” to proceed to the next step.
Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue.
Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
Your phone should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future.
If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
- Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
- Ask for help in our Mobile Malware Removal Help & Support forum.
Frequently Asked Questions about the “Professional Hacker” Email Scam
The “Professional Hacker” extortion scam can be confusing and concerning for recipients. Here are answers to some frequently asked questions about this fraudulent email campaign.
What is the “Professional Hacker” email scam?
This is a prevalent spam campaign where recipients get an email claiming hackers compromised their computer or online accounts. The message threatens to leak private data or embarrassing videos unless a ransom is paid. It’s a scam to extort money through deception and fear.
How does the “Professional Hacker” scam work?
The scammers send fake warnings that malware gave them access to your device and camera. They threaten to share inappropriate videos or sensitive info publicly if you don’t pay within 24-48 hours. The email provides Bitcoin wallets to send the $500-$1000 ransom to. It’s all lies meant to trick victims into paying up.
Are the hackers’ claims real?
No, this is just a scam. The criminals never actually accessed your accounts, recorded you, or obtained your personal data. They are simply sending mass emails trying to frighten a percentage of recipients into paying the ransom. There is no real basis for their threats.
Should I pay the ransom?
No, never pay the ransom demanded by scammers. The threats of leaking videos or data are empty extortion tactics. Paying the scammers via Bitcoin only encourages them to continue the spam campaign and scam other victims.
What if I already paid the ransom?
If you already sent the payment, try contacting your bank and the Bitcoin exchange you used to see if there’s any way to stop or reverse the transaction. You can also report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov. In the future, remember not to pay ransoms to unknown scammers.
How did the scammers get my email address?
Scammers have many ways of obtaining email addresses, including buying stolen lists online, harvesting publicly available info from websites, exploiting vulnerabilities to steal account data, and more. Email addresses can also be leaked through breaches.
How can I tell if an email is legit or a scam?
Look for poor spelling/grammar, threats asking for urgent payment, ransom demands in Bitcoin, spoofed sender addresses, and other suspicious signs. Call or find the official contact info for the company that allegedly sent the email to verify if real. And never click links or attachments in unsolicited emails.
What should I do if I get this scam email?
Do not pay any ransom. Report the scam email as spam/phishing to your email provider. Scan your device for malware and change account passwords as a precaution. Monitor financial statements for unauthorized activity. Ignore follow up extortion attempts.
How can I protect myself from this scam?
Use strong unique passwords, enable two-factor authentication, keep software updated, watch for suspicious activity, and exercise caution with unsolicited emails/messages. Anti-virus software can also help block malware attacks. Back up your data regularly in case of infection.
Who should I contact if I have been targeted by this scam?
You can report phishing scams like this to the Anti-Phishing Working Group (firstname.lastname@example.org) and to the FBI’s Internet Crime Complaint Center at www.ic3.gov.
The Bottom Line
The disturbing “Professional Hacker” email scam uses social engineering tactics to deceive recipients with threats of leaking fake videos. By demanding untraceable bitcoin payments, the scammers try to extort money through fear.
Remember that genuine hackers threatening you via email are almost always bluffing. Do not respond or open attachments from any suspicious messages. Report the scam, scan your devices, and change passwords as precautions.
Ultimately, awareness of the precise manipulation methods used in this scam email allows one to recognize the deception. Stay calm and ignore the threats rather than giving in. With vigilance and education, we can protect ourselves and each other from evolving extortion scams.