Home > Scam > Sextortion Scam — How to Evade and Protect Yourself From It

Sextortion Scam — How to Evade and Protect Yourself From It

This article has been created in order to help you by explaining to you how to remove the Sextortion Scam which can be encountered via email messages.

The Sextortion scam is a new malicious tactic that is used against computer users worldwide. It is used to blackmail users by containing sensitive information about them (usually stolen).

Threat Summary

Name Sextortion Scam
Type Scam / Malware
Short Description This scam uses harvested or stolen information about the users and blackmails them to pay money to the operators.
Symptoms Received blackmail messages.
Distribution Method Via e-mail messages that imitate legitimate email notification messages .
Detection Tool See If Your System Has Been Affected by malware


Malware Removal Tool

User Experience Join Our Forum to Discuss Sextortion Scam.

Sextortion Scam – Overview

The Sextortion scam is a new hacker tactic that attempts to blackmail computer users worldwide. The main tactic relies on the use of email messages. They are orchestrated to send out the messages in groups. There are two possible case scenarios:

  • Phishing Messages — The email messages can be sent from addresses that appear to be legitimate security companies. They may insert details that can correlate with the user’s identity or insert elements that are taken from well-known services, software or sites.
  • Anonymous Messages — The email messages can be sent from anonymous domains, hacked accounts or other similar methods. The operators can send out many messages at once to raise attention to them.

Another method used by the criminals is the use of scripts and redirect code. They are generally distributed on various sites using redirects, banners, pop-ups or in-line hyperlinks. Clicking on malicious forms and filling in email details can lead to the email generation.

The other distribution tactic relies on the creation of malicious sites. The controllers can create their own portal sites that can utilize various scam tactics that harvest personal information about the users.
Upon being targeted by Sextortion scam the users will receive an email message that blackmails them for a payment. Here is a sample message:

I’m going to cut to the chase. I’m aware is your pass word. More importantly, I
know about your secret and I’ve proof of this. You don’t know me and nobody paid me to examine you.

It is just your bad luck I came across your bad deeds. Let me tell you, I placed a malware on the
adult videos (sex sites) and you visited this website to have fun (you know what I mean). While you
were watching video clips, your web browser began working as a Rdp (Remote control desktop) with
a key logger which provides me access to your display as well as web cam. Right after that, my
software program obtained all your contacts from messenger, social networks, as well as email.

After that I put in more hours than I should’ve digging into your life and created a double-screen
video. 1st part displays the video you had been viewing and 2nd part shows the capture from your
web cam (its you doing dirty things).

Honestly, I am willing to forget everything about you and let you get on with your regular life. And I
am about to offer you 2 options that will achieve that. Two two choices are to either ignore this letter, or simply pay me $3200. Let’s understand these 2 options in more details.

First Option is to ignore this email message. You should know what is going to happen if you select
this option. I will certainly send your video recording to all your contacts including close relatives,
colleagues, and many others. It doesn’t shield you from the humiliation you an your family
must face when friends and family learn your sordid details from me.

Second Option is to pay me $3200. We will it my “privacy fee”. Now let me tell you what
happens if you pick this choice. Your secret will remain your secret. I will erase the video immediately.
You move on with your routine life that none of this ever occurred.

At this point you must be thinking “I will call the cops”. Without a doubt, I’ve overed my steps to
ensure that this email cannot be tracked back to me and it will not stay away from the evidence
from destroying your daily life. AI am not seeking to steal your savings. I just want to get compensated
for the time I placed into investigating you. Let’s hope you have chosen make all of this go away
and pay me the confidentiality fee. You’ll make the payment by Bitcoins (if you do not know how,
search “how to buy bitcoins” in google)

Amount to be sent: $3200
Bitcoin Address to Send to: 1F8dxmQMskgBowr6AW33P3bitLfvopLTmYf
(it’s CASE sensitive, so copy and paste it carefully)

The fact that the messages may contain account credentials shows that the Sextortion scam be part of a malware infection sequence. The criminals have probably used a Trojan horse or another type of virus to harvest the computers.

The malware infections can be programmed into harvesting strings that can be grouped into several categories:

  • User Private Data — The collected information can reveal private information about the victims. Example content includes their name, address, location, interests, passwords and etc.
  • System Information — The hackers can extract information about the infected hosts that can be used to optimize the attack campaigns. The hackers use generated reports giving details about the installed hardware components, certain operating system values and etc.
  • Current Status — The criminal operators can instruct the deployed code to automatically monitor for the user’s behavior when using their email clients and/or web email services.

In such cases it may be possible that the criminals behind the Sextortion scam can utilize a Trojan module. It will connect to a hacker-controlled server from which it will be able to receive commands. They include the following:

  • Surveillance — The Sextortion scam Trojan can spy on the victims in real time.
  • Machine Control — The remote attackers can take advantage of the fact that they can install various scripts that can manipulate the systems or altogether take over control of them.
  • Additional Infection — The threat can be used to deploy additional malware to the infected hosts.

Sextortion Scam – October 2018 Update

A recent security report reads that the latest examples of the sextortion scams use a different approach. They make more use of preliminary information gathering by looking out for a more complete data. It is not known what channels or methods they use however it is speculated that this is done using automated tools and frameworks that dig deep into social networks and online behavior. A key difference is that the receiving users this time are employees of state, local, tribal and territorial agencies. This is an important change as the criminals appear to target them via the blackmail tactics of facing repercussions.

Some of the displayed information that is now shown to the users includes their name, email address, timeframes of computer interaction. In some cases the hackers can also quote leaked/exposed passwords.

The new approach shows that the messages are created using the personalized contents — when the appropriate layout and information is presented to the targets there is much higher percentage of success. Some of the harvested information that is taken to leaked databases and mass hacks that have resulted in the credentials leak. We also anticipate that in some cases the criminals can buy the databases from the underground hacker markets.

Sextortion Scam Example — Hacked Files

An example email message taken from a recent attack is the following:


I’m a member of an international hacker group.

As you could probably have guessed, your account XXXXXXXXXXXXXX was hacked, I sent message you from it.

Now I have access to your accounts!
For example, your password for XXXXXXXXX is XXXXXXXXXXXXxx.

Within a period from XXXXX XXXXXX to XXX XXXXX you were infected by the virus we’ve created, through an adult website you’ve visited.
So far, we have access to your message, social media accounts, and messengers.
Moreover, we’ve gotten full dumps of these data.

We are aware of your little and big secrets..yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one..

Transfer $700 to our Bitcoin wallet: XXXXXXXXXXXXXXXXXXXXXX
If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy.

I guarantee that after that, we’ll erase all your “data” :D

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

Sextortion Scam Example — Hijacked Phone Data

Another sample message reads has a slightly different text:

It seems that, XXXXXXXXXXXXXX is your phone number. You may not know me and you are probably wondering why you are getting this e-mail, right?

. . .

I backuped phone. All photo, video and contacts..

I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recordng of your web cam.

exactly what should you do?

Well, in my opinion, (AMOUNT FROM $100-$1000 THIS TIME) is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

Remove Sextortion Scam

The Sextortion scam messages are a very dangerous example of a phishing scam that takes advantage of the victim’s gullibility.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:

  • Windows
  • Mac OS X
  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge
  • Safari
  • Internet Explorer
  • Stop Push Pop-ups

How to Remove Sextortion Scam from Windows.

Step 1: Scan for Sextortion Scam with SpyHunter Anti-Malware Tool

1.1 Click on the "Download" button to proceed to SpyHunter's download page.

It is recommended to run a scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter. Click on the corresponding links to check SpyHunter's EULA, Privacy Policy and Threat Assessment Criteria.

1.2 After you have installed SpyHunter, wait for it to update automatically.

SpyHunter Install and Scan for Viruses Step 1

1.3 After the update process has finished, click on the 'Malware/PC Scan' tab. A new window will appear. Click on 'Start Scan'.

SpyHunter Install and Scan for Viruses Step 2

1.4 After SpyHunter has finished scanning your PC for any files of the associated threat and found them, you can try to get them removed automatically and permanently by clicking on the 'Next' button.

SpyHunter Install and Scan for Viruses Step 3

If any threats have been removed, it is highly recommended to restart your PC.

Step 2: Boot Your PC In Safe Mode

2.1 Hold Windows key + R

2.2 The "Run" Window will appear. In it, type "msconfig" and click OK.
boot your pc in safe mode step 1

2.3 Go to the "Boot" tab. There select "Safe Boot" and then click "Apply" and "OK".

boot your pc in safe mode step 2

Tip: Make sure to reverse those changes by unticking Safe Boot after that, because your system will always boot in Safe Boot from now on.

2.4 When prompted, click on "Restart" to go into Safe Mode.
boot your pc in safe mode step 3

2.5 You can recognise Safe Mode by the words written on the corners of your screen.
boot your pc in safe mode step 4

Step 3: Uninstall Sextortion Scam and related software from Windows

Here is a method in few easy steps that should be able to uninstall most programs. No matter if you are using Windows 10, 8, 7, Vista or XP, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program are left behind, and that can lead to unstable work of your PC, errors with the file type associations and other unpleasant activities. The proper way to get a program off your computer is to Uninstall it. To do that:

3.1 Hold the Windows Logo Button and "R" on your keyboard. A Pop-up window will appear.

boot your pc in safe mode step 5

3.2 In the field type in "appwiz.cpl" and press ENTER.

boot your pc in safe mode step 6

3.3 This will open a window with all the programs installed on the PC. Select the program that you want to remove, and press "Uninstall"
boot your pc in safe mode step 7Follow the instructions above and you will successfully uninstall most programs.

Step 4: Clean Any registries, Created by Sextortion Scam on Your PC.

The usually targeted registries of Windows machines are the following:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

You can access them by opening the Windows registry editor and deleting any values, created by Sextortion Scam there. This can happen by following the steps underneath:

4.1 Open the Run Window again, type "regedit" and click OK.
clean malicious registries step 1

4.2 When you open it, you can freely navigate to the Run and RunOnce keys, whose locations are shown above.

clean malicious registries step 2

4.3 You can remove the value of the virus by right-clicking on it and removing it.

clean malicious registries step 3 Tip: To find a virus-created value, you can right-click on it and click "Modify" to see which file it is set to run. If this is the virus file location, remove the value.

Video Removal Guide for Sextortion Scam (Windows).

Get rid of Sextortion Scam from Mac OS X.

Step 1: Uninstall Sextortion Scam and remove related files and objects

1.1 Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:
uninstall virus from mac step 1

1.2 Find Activity Monitor and double-click it:

uninstall virus from mac step 2

1.3 In the Activity Monitor look for any suspicious processes, belonging or related to Sextortion Scam:

uninstall virus from mac step 3

Tip: To quit a process completely, choose the “Force Quit” option.

uninstall virus from mac step 4

1.4 Click on the "Go" button again, but this time select Applications. Another way is with the ⇧+⌘+A buttons.

1.5 In the Applications menu, look for any suspicious app or an app with a name, similar or identical to Sextortion Scam. If you find it, right-click on the app and select “Move to Trash”.

uninstall virus from mac step 5

1.6 Select Accounts, after which click on the Login Items preference.

Your Mac will then show you a list of items that start automatically when you log in. Look for any suspicious apps identical or similar to Sextortion Scam. Check the app you want to stop from running automatically and then select on the Minus (“-“) icon to hide it.

1.7 Remove any left-over files that might be related to this threat manually by following the sub-steps below:

  • Go to Finder.
  • In the search bar type the name of the app that you want to remove.
  • Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
  • If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.

In case you cannot remove Sextortion Scam via Step 1 above:

In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:

Disclaimer! If you are about to tamper with Library files on Mac, be sure to know the name of the virus file, because if you delete the wrong file, it may cause irreversible damage to your MacOS. Continue on your own responsibility!

1: Click on "Go" and Then "Go to Folder" as shown underneath:

uninstall virus from mac step 6

2: Type in "/Library/LauchAgents/" and click Ok:

uninstall virus from mac step 7

3: Delete all of the virus files that have similar or the same name as Sextortion Scam. If you believe there is no such file, do not delete anything.

uninstall virus from mac step 8

You can repeat the same procedure with the following other Library directories:

→ ~/Library/LaunchAgents

Tip: ~ is there on purpose, because it leads to more LaunchAgents.

Step 2: Scan for and remove Sextortion Scam files from your Mac

When you are facing problems on your Mac as a result of unwanted scripts and programs such as Sextortion Scam, the recommended way of eliminating the threat is by using an anti-malware program. SpyHunter for Mac offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.

Click the button below below to download SpyHunter for Mac and scan for Sextortion Scam:


SpyHunter for Mac

Video Removal Guide for Sextortion Scam (Mac)

Remove Sextortion Scam from Google Chrome.

Step 1: Start Google Chrome and open the drop menu

Google Chrome removal guide step 1

Step 2: Move the cursor over "Tools" and then from the extended menu choose "Extensions"

Google Chrome removal guide step 2

Step 3: From the opened "Extensions" menu locate the unwanted extension and click on its "Remove" button.

Google Chrome removal guide step 3

Step 4: After the extension is removed, restart Google Chrome by closing it from the red "X" button at the top right corner and start it again.

Erase Sextortion Scam from Mozilla Firefox.

Step 1: Start Mozilla Firefox. Open the menu window:

Mozilla Firefox removal guide step 1

Step 2: Select the "Add-ons" icon from the menu.

Mozilla Firefox removal guide step 2

Step 3: Select the unwanted extension and click "Remove"

Mozilla Firefox removal guide step 3

Step 4: After the extension is removed, restart Mozilla Firefox by closing it from the red "X" button at the top right corner and start it again.

Uninstall Sextortion Scam from Microsoft Edge.

Step 1: Start Edge browser.

Step 2: Open the drop menu by clicking on the icon at the top right corner.

Edge Browser removal guide step 2

Step 3: From the drop menu select "Extensions".

Edge Browser removal guide step 3

Step 4: Choose the suspected malicious extension you want to remove and then click on the gear icon.

Edge Browser removal guide step 4

Step 5: Remove the malicious extension by scrolling down and then clicking on Uninstall.

Edge Browser removal guide step 5

Remove Sextortion Scam from Safari

Step 1: Start the Safari app.

Step 2: After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.

Step 3: From the menu, click on "Preferences".

Safari browser removal guide step 3

Step 4: After that, select the 'Extensions' Tab.

Safari browser removal guide step 4

Step 5: Click once on the extension you want to remove.

Step 6: Click 'Uninstall'.

Safari browser removal guide step 5

A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the Sextortion Scam will be removed.

How to Reset Safari
IMPORTANT: Before resetting Safari make sure you back up all your saved passwords within the browser in case you forget them.

Start Safari and then click on the gear leaver icon.

Click the Reset Safari button and you will reset the browser.

Eliminate Sextortion Scam from Internet Explorer.

Step 1: Start Internet Explorer.

Step 2: Click on the gear icon labeled 'Tools' to open the drop menu and select 'Manage Add-ons'

Internet Explorer browser removal guide step 2

Step 3: In the 'Manage Add-ons' window.
Internet Explorer browser removal guide step 3

Step 4: Select the extension you want to remove and then click 'Disable'. A pop-up window will appear to inform you that you are about to disable the selected extension, and some more add-ons might be disabled as well. Leave all the boxes checked, and click 'Disable'.

Internet Explorer browser removal guide step 4

Step 5: After the unwanted extension has been removed, restart Internet Explorer by closing it from the red 'X' button located at the top right corner and start it again.

Remove Push Notifications from Your Browsers

Turn Off Push Notifications from Google Chrome

To disable any Push Notices from Google Chrome browser, please follow the steps below:

Step 1: Go to Settings in Chrome.

Google Chrome - Disable Push Notifications Step 1

Step 2: In Settings, select “Advanced Settings”:

Google Chrome - Disable Push Notifications Step 2

Step 3: Click “Content Settings”:

Google Chrome - Disable Push Notifications Step 3

Step 4: Open “Notifications”:

Google Chrome - Disable Push Notifications Step 4

Step 5: Click the three dots and choose Block, Edit or Remove options:

Google Chrome - Disable Push Notifications Step 5

Remove Push Notifications on Firefox

Step 1: Go to Firefox Options.

Mozilla Firefox - Disable Push Notifications Step 1

Step 2: Go to “Settings”, type “notifications” in the search bar and click "Settings":

Mozilla Firefox - Disable Push Notifications Step 2

Step 3: Click “Remove” on any site you wish notifications gone and click “Save Changes”

Mozilla Firefox - Disable Push Notifications Step 3

Stop Push Notifications on Opera

Step 1: In Opera, press ALT+P to go to Settings.

Opera - Disable Push Notifications Step 1

Step 2: In Setting search, type “Content” to go to Content Settings.

Opera - Disable Push Notifications Step 2

Step 3: Open Notifications:

Opera - Disable Push Notifications Step 3

Step 4: Do the same as you did with Google Chrome (explained below):

Opera - Disable Push Notifications Step 4

Eliminate Push Notifications on Safari

Step 1: Open Safari Preferences.

Safari Browser - Disable Push Notifications Step 1

Step 2: Choose the domain from where you like push pop-ups gone and change to "Deny" from "Allow".

Sextortion Scam-FAQ

What Is Sextortion Scam?

The Sextortion Scam threat is adware or browser redirect virus.

It may slow your computer down significantly and display advertisements. The main idea is for your information to likely get stolen or more ads to appear on your device.

The creators of such unwanted apps work with pay-per-click schemes to get your computer to visit risky or different types of websites that may generate them funds. This is why they do not even care what types of websites show up on the ads. This makes their unwanted software indirectly risky for your OS.

What Are the Symptoms of Sextortion Scam?

There are several symptoms to look for when this particular threat and also unwanted apps in general are active:

Symptom #1: Your computer may become slow and have poor performance in general.

Symptom #2: You have toolbars, add-ons or extensions on your web browsers that you don't remember adding.

Symptom #3: You see all types of ads, like ad-supported search results, pop-ups and redirects to randomly appear.

Symptom #4: You see installed apps on your Mac running automatically and you do not remember installing them.

Symptom #5: You see suspicious processes running in your Task Manager.

If you see one or more of those symptoms, then security experts recommend that you check your computer for viruses.

What Types of Unwanted Programs Are There?

According to most malware researchers and cyber-security experts, the threats that can currently affect your Mac can be the following types:

  • Rogue Antivirus programs.
  • Adware.
  • Browser hijackers.
  • Clickers.
  • Fake optimizers.

What to Do If I Have a "virus" like Sextortion Scam?

With few simple actions. First and foremost, it is imperative that you follow these steps:

Step 1: Find a safe computer and connect it to another network, not the one that your Mac was infected in.

Step 2: Change all of your passwords, starting from your email passwords.

Step 3: Enable two-factor authentication for protection of your important accounts.

Step 4: Call your bank to change your credit card details (secret code, etc.) if you have saved your credit card for online shopping or have done online activities with your card.

Step 5: Make sure to call your ISP (Internet provider or carrier) and ask them to change your IP address.

Step 6: Change your Wi-Fi password.

Step 7: (Optional): Make sure to scan all of the devices connected to your network for viruses and repeat these steps for them if they are affected.

Step 8: Install anti-malware software with real-time protection on every device you have.

Step 9: Try not to download software from sites you know nothing about and stay away from low-reputation websites in general.

If you follow these recommendations, your network and all devices will become significantly more secure against any threats or information invasive software and be virus free and protected in the future too.

How Does Sextortion Scam Work?

Once installed, Sextortion Scam can collect data about your web browsing habits, such as the websites you visit and the search terms you use. This data is then used to target you with ads or to sell your information to third parties.

Sextortion Scam can also download other malicious software onto your computer, such as viruses and spyware, which can be used to steal your personal information and show risky ads, that may redirect to virus sites or scams.

Is Sextortion Scam Malware?

The truth is that PUPs (adware, browser hijackers) are not viruses, but may be just as dangerous since they may show you and redirect you to malware websites and scam pages.

Many security experts classify potentially unwanted programs as malware. This is because of the unwanted effects that PUPs can cause, such as displaying intrusive ads and collecting user data without the user’s knowledge or consent.

About the Sextortion Scam Research

The content we publish on SensorsTechForum.com, this Sextortion Scam how-to removal guide included, is the outcome of extensive research, hard work and our team’s devotion to help you remove the specific, adware-related problem, and restore your browser and computer system.

How did we conduct the research on Sextortion Scam?

Please note that our research is based on independent investigation. We are in contact with independent security researchers, thanks to which we receive daily updates on the latest malware, adware, and browser hijacker definitions.
Furthermore, the research behind the Sextortion Scam threat is backed with VirusTotal.
To better understand this online threat, please refer to the following articles which provide knowledgeable details.

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree