Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

What would you do if a stranger claimed to have compromising webcam footage of you and threatened to share it with your contacts? A new, very convincing email scam is making some users very nervous.

The Sextortion Scam
It’s as screwed up as it sounds. A scammer emails you saying that they got access to your passwords, and then started to run amok to see how much trouble they could get you into. They even show you one of your passwords to prove it (the password will likely come from lists found on the dark web from online businesses and services that have been hacked and stolen over the years). Then the scammer admits they’ve been watching what you do on your computer and recording your webcam, and they happened to catch you at a very inopportune time... Well, let’s let the email explain it for us. 

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The reader is then given the address to a Bitcoin wallet, where they are to send the ransom.

The email continues:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This email comes in a few different versions in the wild, but all of them follow the same pattern and end with the same threat… fork over the cash, or everyone will see you in your most private moments.

Is This a Serious Threat?
This is a very real concern for many people, who will be relieved to hear that, no, there is no indication that these threats are for real. The first clue is the fact that the passwords that the email provides are usually a decade old, indicating that they came from some (relatively) ancient database from some long-forgotten hack.

However, in some ways, this is even worse news, because this threat has made a tidy sum of money: as of the 31st of July, the scam had brought in $250,000, as compared to just over $50,000 by the 19th. Clearly, this scam has been plenty effective for the perpetrators, and this won’t deter others from following its example.

Keeping Yourself Safe from an Actual Attack
Granted, this attack is just an unfair wager, but scams like this are more than possible for a criminal who actually means what they say/threaten. As a result, the security lessons we can take away from this particular attack still apply.

The first thing to remember is also the first rule of passwords - change them frequently. Again, this scam has made quite a bit of money based on a total bluff... a bluff that, paid in increments of $1,400, was worth $250,000 and counting. From this, we can infer that quite a few people who received this message had online activities that they wanted to hide, and more critically, that their passwords had remained the same for all those years.

This is an excellent example of why it is so crucial to regularly update your passwords, without repeating them - if an old database is hacked, as happened here, you won’t have to worry if your password is revealed - it won’t be any good anymore.

The second thing to remember? If you aren’t actively using your webcam, keep its lense covered up.

For more best practices to follow, including those that will improve your business’ security, make sure you keep checking back to this blog - and if you want to take more action, reach out to us at (858) 509-1970.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, August 16 2018

Captcha Image

Tag Cloud

Tip of the Week Security Privacy Technology Best Practices Cloud Business computing Google Microsoft Software Malware Network Security Backup Hackers Tech Term Windows 10 Internet Data Hardware Innovation Android Smartphones Hosted Solutions Business Email VoIP Small Business Browser Managed IT Services Business Continuity Alert Computer Office Mobile Devices Ransomware Outsourced IT Computers Disaster Recovery Business Management Data Backup Cloud Computing User Tips Smartphone Efficiency IT Services Law Enforcement Cybercrime Miscellaneous Productivity Communications Money Network Passwords Managed IT Services Artificial Intelligence Router Telephone Systems Social Media How To Collaboration Cybersecurity Chrome Password Facebook Virtualization Windows Data Recovery Productivity Communication Work/Life Balance Health App Gadgets Social Engineering Office 365 Quick Tips Internet of Things Upgrade HaaS Data Protection Office Tips Bring Your Own Device Vulnerability IT Support Private Cloud Holiday Spam Two-factor Authentication Windows 10 Microsoft Office Hacking Mobile Device Management Wi-Fi Google Drive Connectivity Automation Applications Saving Money Data Breach Phishing Workplace Tips IT Support Data Security Apps Word Unsupported Software Electronic Medical Records Website CES Marketing Samsung Remote Monitoring Bandwidth PDF Paperless Office Information Entertainment Battery Managed IT Save Money Content Management USB Value Server Networking Managed Service Provider Windows 7 Government Business Intelligence Remote Computing BYOD Employer-Employee Relationship Blockchain Data Storage Update Keyboard Charger Identity Theft Flexibility Public Cloud Patch Management Infrastructure OneNote Legal IT Management Redundancy Cleaning Mobility Automobile Spam Blocking Worker VPN Scam Avoiding Downtime Big Data End of Support IT Plan Computer Care Data Management History Operating System BDR Comparison Mobile Device webinar IT Consultant Search Servers The Internet of Things Wearable Technology Amazon Authentication Gmail Instant Messaging iPhone Windows 10s Windows Server 2008 Training Telecommuting Virtual Reality Screen Mirroring Benefits Advertising Wireless Internet HBO Computer Accessories Specifications Safe Mode Root Cause Analysis Television Google Apps Video Games Audiobook Conferencing Software Tips Leadership Voice over Internet Protocol How to HVAC FENG Telephony Amazon Web Services Nanotechnology Relocation User Error Cast Firewall Recovery Recycling Machine Learning Vendor Management Remote Work Practices Worker Commute Managed Service Wire Settings Outlook Bluetooth Digital Signature Education Monitor Virtual Assistant Emergency Botnet Public Computer Workers Addiction Emails Save Time Black Market Enterprise Content Management Troubleshooting Skype Loyalty Online Shopping Smart Tech Smart Technology Current Events eWaste YouTube Solid State Drive Flash Hosted Computing MSP Sports Frequently Asked Questions Millennials Encryption Computing Infrastructure Telephone System Meetings Travel Cache Scalability Multi-Factor Security HIPAA Password Management Start Menu SaaS Evernote Humor Internet Exlporer File Sharing Two Factor Authentication Knowledge Criminal Wireless Audit Experience Credit Cards Inventory Files Hybrid Cloud Smart Office Risk Management Excel Workforce Data storage Password Manager IT solutions Physical Security Hiring/Firing Trending Human Resources NIST Tools Wireless Charging Devices Best Practice Network Congestion Google Docs Computer Fan Music Sync Fraud Access Control Business Mangement Information Technology Apple Document Management Politics Tip of the week Rootkit Accountants Techology Users Data loss Transportation Safety Internet exploMicrosoft Employer Employee Relationship Staff Cryptocurrency Downtime Books Assessment Cortana Thought Leadership Content Thank You Twitter Congratulations Webinar WiFi Company Culture Compliance CrashOverride Augmented Reality Managing Stress Regulation

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

JeffereyANoah 5 Useful Cloud Apps for Small Businesses
15 August 2018
Sharing these type stuff is very useful and hope you will provide us more like this one. I come here...
Jared Albert VoIP Delivers Benefits That a Traditional Phone System Can’t
13 August 2018
A traditional telephone system is installed for the happiness of the people. Majority of the concern...
Meredith Maddox Tip of the Week: Tip of the Week: Mirror or Cast Your Android Device’s Screen
08 August 2018
Android mobile phones are top of the list now a days every one wants to buy android phone. It’s a bi...
MarianneJCruz Tip of the Week: Got a Solid State Drive? Here’s How to Take Care of It
31 July 2018
What a review https://www.uk.com/how-do-you-do.html
Digital Hold The Case for Hosting Your Phone Solution In-House
24 February 2018
Informative Blog. Thanks a lot for the useful info.