Sextortion Scam Sends “I Recorded You” Emails Using Real Passwords Harvested from Disposable Inboxes
What Happened — A wave of sextortion emails titled “You pervert, I recorded you!” has been observed. The messages claim a drive‑by exploit gave the attacker full device control and include an actual password belonging to the recipient, which was sourced from disposable‑inbox services such as FakeMailGenerator.
Why It Matters for TPRM —
- Attackers leverage publicly‑available disposable inboxes to harvest reused credentials, exposing the risk of password reuse across third‑party services.
- The scam can be used to target employees of vendor organizations, potentially leading to credential compromise and downstream supply‑chain attacks.
- Payment instructions direct victims to cryptocurrency wallets, creating a financial fraud vector that can affect corporate expense controls.
Who Is Affected — All industries where employees reuse passwords and interact with disposable email services; particularly high‑risk sectors include FIN_SERV, TECH_SAAS, and PROF_SERV.
Recommended Actions —
- Enforce strong, unique password policies and deploy password‑manager solutions for all third‑party users.
- Block known disposable‑email domains at the gateway level.
- Conduct phishing awareness training that includes sextortion scenarios.
Technical Notes — Attack vector: phishing emails that embed a real password harvested from disposable inboxes; no known CVE. Data types exposed: usernames, passwords, potentially other credential fragments. Source: Malwarebytes Labs