"Your Account Was Hacked" removal guide
What is "Your Account Was Hacked"?
"Your Account Was Hacked" is one of the many scams (spam campaigns) that are used to trick people into paying cyber criminals. In this case, scammers send an email stating that the recipient's computer is infected with a malicious program that allowed them to record a compromising video. They also claim that they have stolen personal data/details. The main point of this email is to trick people into paying cyber criminals who threaten to proliferate the video if their demands are not met by the given deadline. Note that emails of this type should be ignored.
There are two versions of the "Your Account Was Hacked" spam campaign, however, they are essentially identical. A screenshot of another version (and its text) can be found below. Scammers claim that they have hacked the user's email account. To make this seem genuine, they used the 'spoofing' method, which allows them to forge email addresses - in this case, cyber criminals use the recipient's email address, and thus it seems as if the recipient of the email is also the sender. Furthermore, cyber criminals state that they have infected the computer with a Trojan that operates as a remote access tool. They state that this unwanted installation occurred when the recipient visited an adult website and this tool allowed them to gain access to the user's desktop and webcam. Furthermore, they claim that they have stolen various passwords and contacts. The key part of this email is the statement indicating that these criminals have recorded a video of the recipient watching adult content (video). To prevent them from proliferating this video (sending it to all of the recipient's contacts), they urge the victim to pay $1000 in Bitcoins using one of the Bitcoin wallet addresses provided. Scammers encourage the victim to make a payment within 48 hours, otherwise they will proliferate the video. We can assure you that there is no such video recorded and this is just a scam based on the hope that some users will fall for it. If you receive this email, you are likely to be just one of hundreds of others who have also received it. The best option in these cases is to simply ignore the emails.
|Name||Your Account Was Hacked Email Scam|
|Threat Type||Phishing, Scam, Social Engineering, Fraud|
|Fake Claim||Cyber criminals state that they've infected recipient's computer and have recorded a compromising video.|
|Cyber Criminal Cryptowallet Address (Bitcoin)
||1DyiDqXUQ44qbnuBxARp5Q2Q2j6pvXZAyQ (cyber criminals change their cryptowallet addresses with each new spam campaign).|
|Symptoms||Received an email that threatens to send supposedly recorded video of user watching adult videos to family members and colleagues. Email(s) in the inbox state that ones passwords have been stolen.|
|Distribution methods||This scam is spread wide via spam email campaigns.|
|Damage||Monetary loss - completely unnecessary payments for fake claims about hacking and in reality non-existent video recordings.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Malwarebytes.
"Your Account Was Hacked" is just one of many emails (scams) of this kind. Others include "You May Not Know Me", "We Are Not Going To Steal A Lot Of Time", and "I Am A Spyware Software Developer". Most are used to threaten and blackmail people by making claims that are not accurate. Criminals generally attempt to extort money from innocent people, however, some cyber criminals use other types of spam campaigns. They send emails that contain malicious attachments or website links that lead to them. They use these emails to infect computers with malicious programs such as LokiBot, TrickBot, Emotet, AZORult, and Adwind. The main purpose of these spam campaigns is to trick people into opening the included link or attachment - opening it causes download and installation of a malicious program. Examples of files that cyber criminals usually attach are Microsoft Office documents, PDF files, executables (.exe), ZIP, RAR or other archives, and so on. These emails and attachments proliferate computer infections that cause people financial loss, data loss, privacy issues, and so on.
We receive a great deal of feedback from concerned users about this scam email. Here is the most popular question we receive:
Q: Hi pcrisk.com team, I received an email stating that my computer was hacked and they have a video of me. Now they are asking for a ransom in Bitcoins. I think this must be true because they listed my real name and password in the email. What should I do?
A: Do not worry about this email. Neither hackers nor cyber criminals have infiltrated/hacked your computer and there is no video of you watching pornography. Simply ignore the message and do not send any Bitcoins. Your email, name, and password was probably stolen from a compromised website such as Yahoo (these website breaches are common). If you are concerned, you can check if your accounts have been compromised by visiting the haveibeenpwned website.
How do spam campaigns infect computers?
Spam campaigns can only infect computers if the presented attachment (or web links that lead to them) are opened. For example, executable files (.exe) must be executed, archive files, extracted and their contents executed, and so on. If the attached file is an MS Office document, it will ask to enable macros commands. By enabling them, users allow malicious documents to download and install malicious programs. Spam campaigns are used to infect people's computers but can only do harm if the presented attachment/s are opened.
How to avoid installation of malware?
Download, install, update software, and browse the internet with care. Do not open attachments (or web links) included in emails received from unknown, suspicious email addresses. They are usually presented in various irrelevant emails that do not concern their recipients personally. Update installed software using implemented functions or tools provided by official developers only. Avoid downloading software from untrustworthy, unofficial websites, using third party downloaders, torrent clients, eMule and other such tools. Use newer versions of Microsoft Office (no older than 2010), since they have "Protected View" mode, which prevents malicious documents from downloading and installing unwanted (malicious) programs. Make sure that there is reputable anti-spyware or anti-virus software installed and running on the computer. Programs of this type are capable of detecting viruses (and other threats) and eliminating them before any serious damage is done. If you have already opened malicious attachments, we recommend running a scan with Malwarebytes for Windows to automatically eliminate infiltrated malware.
Text presented in the "Your Account Was Hacked" email message (with two additional Bitcoin wallet addresses):
Your account was hacked! Renew the pswd right away!
You probably do not know me me and you may be certainly wanting to know for what reason you're receiving this message, right?
I'm ahacker who burstyour emailand devices and gadgetsnot so long ago.
Do not attempt to msg me or alternatively try to find me, it is definitely hopeless, because I sent you a letter from YOUR hacked account.
I installed spyware on the adult vids (porno) website and suppose you enjoyed this site to enjoy it (you know what I mean).
During you have been watching content, your browser started out operating as a RDP (Remote Control) that have a keylogger that granted me authority to access your desktop and webcam.
Afterward, my programobtainedall information.
You have typed passcodes on the websites you visited, I caught all of them.
Surely, you could possibly change each of them, or perhaps already modified them.
But it really doesn't matter, my malware renews it every time.
And what did I do?
I compiled a reserve copy of every your system. Of all files and personal contacts.
I got a dual-screen video recording. The 1st section demonstrates the video you were observing (you've got a good preferences, ahah...), the second screen demonstrates the movie from your camera.
What should you do?
Great, in my opinion, 1000 USD is basically a reasonable amount of money for this little riddle. You'll do the deposit by bitcoins (in case you don't understand this, go searching “how to purchase bitcoin” in any search engine).
My bitcoin wallet address:
1DyiDqXUQ44qbnuBxARp5Q2Q2j6pvXZAyQ, 17qQSJatXXj5DnjMLjNGXx9BT7NUhqimRx, 15LZuFSVyDAoaNLtbh4ru7ZQWvZxEosCaf, 18DGKAQ3gHQVmPHPVyLvBGsCoX1d4G8yfq, 1JRfE57ZF8Eaqa7DktHmVCoAneA8q4fpP2, 1LthzYVB7jrYFPnJHDLriDnxk4BJ4Ch2jf, 1GXBRWZaTqTEvxY2NzfdrMwYbPHqfWNNYE, 14GHLvKaXSNtDTkshZi5j8uUo3mFtJ52FN, 19SDJp3rdgU99sadqEb437b1qAynsCg9r8, 1LWbhU7623zZjLHTnfTRyrcqbRnXoVKaBd, 1GVgsTh6j1oh5PUksWQDdiChtsRiWwkR6Q, 14dM8NWRhdzKixe3hcvY6HfQGcjt736Gkc, 1FUieDeAPMpTpz67aKfr1jsWXmJfvQ6V8w, 1CUmFahadM9fmENHcdepbwSENEdmqh7VeF, 19Bk81t5nG8DZJSaJB6xqgvqfs1pCeF4KS, 1Cboy74YFQy1pLJTRrnibYfqiVo3FXv9fe, 1LP5g9uxYdqkTGZfgjRU9dFbY3pra3BaPw, 1EcoMxqqevYgoK6syi3TD4mTaSJGYLQbGw, 1Jo478RY2qC8vZ1cxSmk2WFjq5j9bpfDuv
(It is cAsE sensitive, so just copy and paste it).
You will have 48 hours to make the payment. (I built in an unique pixel to this message, and right now I understand that you've read through this email).
To tracethe reading of a messageand the actionsin it, I utilizea Facebook pixel. Thanks to them. (Everything thatcan be usedfor the authorities should helpus.)
If I fail to get bitcoins, I will immediately offer your videofile to each of your contacts, including family members, colleagues, and so forth?
Screenshot of another variant of "Your Account Was Hacked" scam:
Text presented in another version of "Your Account Was Hacked" scam:
Hi, your account has been infected! Renew the password this time!
You do not know anything about me and you may be probably surprised for what reason you're reading this particular letter, proper?
I'mhacker who exploitedyour emailand all devicesnot so long ago.
Never try out to msg me or alternatively seek for me, it's impossible, because I forwarded you this message using YOUR hacked account.
I've installed special program on the adult videos (porno) site and guess that you visited this site to have fun (you understand what I mean).
While you have been keeping an eye on video clips, your internet browser started out to act like a RDP (Remote Control) having a keylogger that provided me access to your screen and network camera.
Then, my softobtainedall information.
You have typed passcodes on the online resources you visited, I caught them.
Surely, you are able change each of them, or have already modified them.
However it doesn't matter, my program renews needed data regularly.
What actually I have done?
I generated a reserve copy of every your system. Of all the files and each contact.
I formed a dual-screen videofile. The first part displays the film that you were watching (you have got an interesting preferences, ahah...), and the second screen displays the recording from your own camera.
What exactly should you do?
Clearly, I think, 1000 USD will be a fair price for our small riddle. You will make the deposit by bitcoins (if you do not understand this, go searching “how to purchase bitcoin” in any search engine).
My bitcoin wallet address:
12xDmKxf28FStr6pxVCbv56sPf2nvL3jmT, 1GCz3YBhwpqFRUQ4B3rEvpiEkn6XtTD4GA, 15tGbgpiksnzBY1tef2LgUbJ9pZvoDjCbs, 18iDcSiS48kPAkbxUnyeeqwVx65Vgbwr2U, 1KmzrKYxcpAyEVEH38KPrMSVfGejk1ABQz, 1BkkLeRcUjrakVNFtAgAgfMjDb4TPUw8Pz, 1C242L8qAXRxudv6KBAahi81GHS5wpc8cF, 1NwbnYRDJwcAXRwRsJMZRFs7Gt4psir5S9, 149zE8ZaYXk1CtpfY5qsiuaf7LSdqsRs88, 1HUHBgNHYCz9Djy9z615adkgd2NYQNMVUd, 1LX5SEa54kf2SaAWH1vJ1F8SPkhpHCmzY9, 1E5tz2erjoh9Bx4U54PZPHrS51TgaGfCps, 1JKJEkK4FEmWixuBBTm8SojW3ACTt6oVFT, 1816WoXDtSmAM9a4e3HhebDXP7DLkuaYAd, 149J6aqKnjLTLdCCL39isvPxQh1xTjhEq5, 1F3GRSteD9XbVsUVNxj4FrTPrKvDmwiZVz, 1JwrTTYu1KkrJLUbWmDFC2WLMg4RP2YCRq, 1GL3psbvhB1pJJLQub8ABjPUstThPpfgnb, 178weWXPeMALJjq72tYxmWgNx5bQDpKN9u, 1N27jsKEDaxRfYF6pkGvyANQhPuZzzECBz
(It is cAsE sensitive, so copy and paste it).
You will have 2 days in order to make the payment. (I have an unique pixel in this letter, and at the moment I understand that you've read through this email).
To tracethe reading of a messageand the actionsin it, I utilizea Facebook pixel. Thanks to them. (That whichis usedfor the authorities may helpus.)
In case I fail to get bitcoins, I shall undoubtedly send your video files to each of your contacts, along with relatives, co-workers, etc?
Another variant of "This account has been hacked" email scam:
Text presented in this variant:
Hi, this account has been hacked! Modify the password right now!
You do not know anything about me and you really are probably surprised for what reason you're reading this email, proper?
I'm ahacker who openedyour emailand devicesa few months ago.
Do not attempt to communicate with me or try to find me, in fact it's not possible, since I forwarded you an email using YOUR hacked account.
I've started virus to the adult videos (porn) website and guess you have spent time on this website to have a good time (you realize what I want to say).
Whilst you have been paying attention to vids, your internet browser started out to act like a RDP (Remote Control) that have a keylogger that provided me authority to access your screen and web camera.
Next step, my softwarestoleall information.
You have put passcodes on the websites you visited, and I already caught all of them.
Needless to say, you can modify each of them, or have already modified them.
But it really doesn't matter, my malware updates it regularly.
And what I have done?
I made a backup of your device. Of all files and contact lists.
I got a dual-screen movie. The 1 part reveals the clip you were watching (you have got a good preferences, huh...), and the 2nd screen reveals the movie from your camera.
What actually must you do?
Good, in my view, 1000 USD will be a reasonable amount of money for this very little riddle. You will do the deposit by bitcoins (in case you don't recognize this, search “how to purchase bitcoin” in any search engine).
My bitcoin wallet address:
14B3FpCjNnoGxTsGor46Wk689GsvKbyv4x, 1FcCacS5pebEKMR6wtz7k98JEqbhfhCkDw, 1PAcoXVyzBDRryyg3MAmBQhDuofNYu55Uo, 12s4cfoNTzT68gSdxLjmSRT3qdvaqwDWNz, 15D5A6C5peaK8wF4eAlW5GfYzp3YVmaGP6
(It is cAsE sensitive, so just copy and paste it).
You have only 2 days to perform the payment. (I have an exclusive pixel in this letter, and right now I understand that you have read this email).
To tracethe reading of a messageand the activityin it, I set upa Facebook pixel. Thanks to them. (That whichis appliedfor the authorities may also helpus.)
In case I fail to get bitcoins, I will undoubtedly direct your video files to all your contacts, including relatives, co-workers, and many more?
Yet another variant of "Your Account Was Hacked" spam campaign:
Text presented within this email:
This account is now hacked! Change the password right this moment!
You do not know me me and you really are definitely wondering for what reason you're receiving this e-mail, proper?
I am a hacker who exploited your email and OS two months ago.
It will be a time wasting to attempt to msg me or find me. it is definitely impossible since I forwarded you an email from YOUR account that I've hacked.
I have started special program on the adult videos (porno) website and suppose that you have visited this site to enjoy it (you understand what I want to say).
When you were taking a look at films, your internet browser began functioning like a RDP (Remote Control) with a keylogger which granted me access to your monitor and camera.
Next step, my softgatheredall info.
You have entered passwords on the websites you visited, I caught them.
Surely, you'll be able to change each of them, or possibly already changed them.
However it does not matter, my malware updates needed data every time.
And what did I do?
I got a reserve copy of every your device. Of all the files and personal contacts.
I formed a dual-screen video. The 1st section displays the clip you had been observing (you've an interesting preferences, huh...), and the 2nd screen displays the movie from your own web camera.
What should you do?
Great, I believe, 1000 USD is a inexpensive price for our very little secret. You will make the deposit by bitcoins (in case you don't understand this, try to find "how to purchase bitcoin" in any search engine).
My bitcoin wallet address:
(It is cAsE sensitive, so copy and paste it).
You will have only 48 hours to send the payment (I built in an exclusive pixel to this letter, and at the moment I know that you've read through this email).
To tracethe reading of a letter and the actions inside it, I set up a Facebook pixel. Thanks to them.
(Everything that is applied for the authorities may also helpus.)
In case I do not get bitcoins, I'll undoubtedly send your video file to all your contacts, along with family members, co-workers, and many more?
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Malwarebytes is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is "Your Account Was Hacked"?
- STEP 1. Manual removal of possible malware infections.
- STEP 2. Check if your computer is clean.
How to remove malware manually?
Manual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Malwarebytes for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:
If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:
Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:
Restart your computer into Safe Mode:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.
Video showing how to start Windows 10 in "Safe Mode with Networking":
Extract the downloaded archive and run the Autoruns.exe file.
In the Autoruns application, click "Options" at the top and uncheck the "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.
Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.
You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".
After removing the malware through Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.
Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software.
To be sure your computer is free of malware infections, we recommend scanning it with Malwarebytes for Windows.