Infracore LLC Blog

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

What would you do if a stranger claimed to have compromising webcam footage of you and threatened to share it with your contacts? A new, very convincing email scam is making some users very nervous.

The Sextortion Scam
It’s as screwed up as it sounds. A scammer emails you saying that they got access to your passwords, and then started to run amok to see how much trouble they could get you into. They even show you one of your passwords to prove it (the password will likely come from lists found on the dark web from online businesses and services that have been hacked and stolen over the years). Then the scammer admits they’ve been watching what you do on your computer and recording your webcam, and they happened to catch you at a very inopportune time... Well, let’s let the email explain it for us. 

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The reader is then given the address to a Bitcoin wallet, where they are to send the ransom.

The email continues:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This email comes in a few different versions in the wild, but all of them follow the same pattern and end with the same threat… fork over the cash, or everyone will see you in your most private moments.

Is This a Serious Threat?
This is a very real concern for many people, who will be relieved to hear that, no, there is no indication that these threats are for real. The first clue is the fact that the passwords that the email provides are usually a decade old, indicating that they came from some (relatively) ancient database from some long-forgotten hack.

However, in some ways, this is even worse news, because this threat has made a tidy sum of money: as of the 31st of July, the scam had brought in $250,000, as compared to just over $50,000 by the 19th. Clearly, this scam has been plenty effective for the perpetrators, and this won’t deter others from following its example.

Keeping Yourself Safe from an Actual Attack
Granted, this attack is just an unfair wager, but scams like this are more than possible for a criminal who actually means what they say/threaten. As a result, the security lessons we can take away from this particular attack still apply.

The first thing to remember is also the first rule of passwords - change them frequently. Again, this scam has made quite a bit of money based on a total bluff... a bluff that, paid in increments of $1,400, was worth $250,000 and counting. From this, we can infer that quite a few people who received this message had online activities that they wanted to hide, and more critically, that their passwords had remained the same for all those years.

This is an excellent example of why it is so crucial to regularly update your passwords, without repeating them - if an old database is hacked, as happened here, you won’t have to worry if your password is revealed - it won’t be any good anymore.

The second thing to remember? If you aren’t actively using your webcam, keep its lense covered up.

For more best practices to follow, including those that will improve your business’ security, make sure you keep checking back to this blog - and if you want to take more action, reach out to us at (858) 509-1970.

The Best Way to Approach Data Backup
Tip of the Week: Cloud Software for File Sharing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, December 12 2018

Captcha Image

Tag Cloud

Tip of the Week Security Technology Privacy Best Practices Cloud Network Security Business computing Google Malware Hosted Solutions Microsoft Hackers Software Innovation Data Business Hardware User Tips Internet Smartphones Tech Term Backup Business Continuity Browser Email Data Backup Windows 10 Android Mobile Devices VoIP Computer IT Services Smartphone Business Management Outsourced IT Managed IT Services Cloud Computing Productivity Data Recovery Alert Workplace Tips Communications Small Business Miscellaneous Ransomware Chrome Office Efficiency Computers Disaster Recovery Managed IT Services Artificial Intelligence Cybercrime Communication Law Enforcement Network Telephone Systems Windows 10 Router How To Collaboration Cybersecurity Internet of Things Productivity Money Passwords Office 365 Password Applications Social Media Facebook Virtualization Windows IT Support Server Holiday Quick Tips Spam Saving Money Upgrade App Information Health Word Social Engineering Gadgets Work/Life Balance Google Drive Vulnerability Automation Office Tips Connectivity IT Support Keyboard Microsoft Office Mobile Device Management Hacking BDR Wi-Fi Scam Data Breach Managed Service Phishing Data Protection Voice over Internet Protocol Private Cloud Data Security Mobile Device Apps Two-factor Authentication Bring Your Own Device Save Money HaaS Networking Windows 7 Encryption Battery Infrastructure Firewall Settings Employer-Employee Relationship End of Support BYOD History Remote Computing VPN Charger Data Storage Human Resources Patch Management Google Docs Servers OneNote Fraud Flexibility Paperless Office Redundancy Cleaning IT Management Spam Blocking Legal Comparison Worker PDF Avoiding Downtime Automobile Website CES Big Data Mobility Computer Care IT Plan Operating System Virtual Assistant Managed Service Provider Data Management Content Management Government Electronic Medical Records Samsung Unsupported Software Business Intelligence Training Telephone System Remote Monitoring Bandwidth Sports Blockchain Entertainment Public Cloud Managed IT Marketing Software as a Service Telephony Identity Theft USB Value Update Smart Office Administrator Files Video Games Audiobook Millennials Vendor Management Cast Cache Outlook Multi-Factor Security HIPAA Bluetooth NIST Hybrid Cloud Botnet How to Evernote Emergency Public Computer Camera Data storage WiFi Criminal Save Time Shortcuts Skype Credit Cards Inventory Troubleshooting Loyalty Augmented Reality Emails Worker Commute Smart Technology Current Events Document Management Microchip Solid State Drive Flash Workforce Education Password Manager Frequently Asked Questions Trending Cryptocurrency Apple Meetings Travel Black Market Wireless Charging Devices Internet exploMicrosoft Start Menu Access Control SaaS Remote Worker Two Factor Authentication Knowledge Search Engine Audit Scalability Accountants Experience Computing Infrastructure Business Mangement Excel Staff Risk Management Safe Mode iPhone Cortana Thought Leadership Wireless Internet Warranty Hiring/Firing HVAC Advertising Tools Wireless Amazon Authentication Wiring IT solutions Physical Security Network Congestion Machine Learning Bing Relocation User Error Computer Fan Sync Telecommuting Music Gmail Tip of the week Best Practice Specifications Politics Rootkit Data loss Google Apps Transportation Safety Wire Printer Employer Employee Relationship Enterprise Content Management Downtime Amazon Web Services Nanotechnology Books Assessment Unified Threat Management Monitor IT Consultant YouTube Help Desk The Internet of Things Information Technology Remote Work Practices Wearable Technology MSP webinar Techology Users Recovery Recycling Mouse Windows 10s Windows Server 2008 Content Digital Signature Screen Mirroring Workers Addiction Benefits HBO Computer Accessories Password Management Root Cause Analysis Search Online Shopping Smart Tech Television Mobile Computing Leadership Humor Internet Exlporer FENG Instant Messaging Hosted Computing File Sharing Conferencing Software Tips Virtual Reality eWaste Compliance Managing Stress Regulation Printers Webinar Thank You CrashOverride Congratulations Twitter Company Culture

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Phillip Bond A Checklist of 40 Microsoft Software Titles Reaching End of Life/Extended Support in July 2016
11 December 2018
A checklist of the components is done for the widening of the elements. The scope of the check list ...
Erickson Ferry Tip of the Week: Useful Shortcuts for Google
30 November 2018
Your blog was too good. I was exceptionally satisfied to discover this site. I needed to thank you f...
Alex Ling Would Your Users be Tricked by Social Engineering?
27 November 2018
I came to know about the user that was tricked by the users in this community this was all on social...
Daniel Mcmahon Ancient Greek Computer in Serious Need of Firmware Update
23 November 2018
Computers which are imported from the Greek now want to update the all software that is firmware tra...
Cameran Moon Download the Wrong App and Have More Than Pokémon Fever Infect Your Device
22 November 2018
Infra core was the heart of IT they told us that if we download a wrong application it will infect o...