A current scam doing the rounds attempts to blackmail unsuspecting victims by claiming to already have their password and to have used it to install spying malware on their computer.

The unscrupulous scammers then claim they have recorded footage of the victim watching porn by activating their webcam when they visit these sites.

 

’m aware that XXXXXXX is your password.

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google) .

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72

(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email

 

 

 

 

 

 

 

 

 

 

here this particular scam gets a bit scary is that often the password quoted at the top of the email can be a legitimate password that the victim has used in the past.

Given the number of data breaches that have occurred in recent years (Yahoo, Under Armour, Uber and Dixons Carphone to name a few) it’s highly likely cyber criminals can obtain older passwords and match them with identifiers such as email addresses.

They can then try their luck with a phishing blackmail scam that might worry anyone who happened to have visited a porn site.

Security journalist Brian Krebs highlighted the scam on his own blog, writing that it is “likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

“I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real.”

 

 

 

 

 

 

 

 

 

 

 

It’s hard to imagine quite how effective this scam could be, given the vast amounts of people that use the internet for adult entertainment.

Imagine you’ve used your computer to view such content and then you get an email. The sender claims to have hacked your computer and filmed you while you watched whatever it is.

It doesn’t matter that the pornography you’ve been viewing is completely legal, the threat to email a video of you, ahem, enjoying it to your friends and family is enough to make a hell of lot of people pay up.

So, how do you stay safe if threatened by something like this?

Don’t pay the ransom

If you receive an email like this, it’s best to ignore it. And most people will, but that doesn’t mean the scammers aren’t making a lot of money out of the sizable minority who panic and pay.

Lee Munson, security researcher for Comparitech.com, explains: “The success rate for any scam email campaign is extremely low as the vast majority of such messages get nuked by anti-spam filters and security software, yet it remains a huge problem as the cost of entry is so very low.

“Beyond believability and a false sense of urgency, the next greatest trick is to instil a sense of dread and panic, which is a massive motivating force.

“Of course, the obvious answer is for people to completely disregard such messages or report them to ActionFraud or the police but many won’t due to the nature of the content.”

Action Fraud offers advice

The organisation has therefore offered the following advice to anyone who suspects they are being targeted by a sextortion scam:

– Don’t be rushed or pressured into making a decision: paying only highlights that you’re vulnerable and that you may be targeted again. The police advise that you do not pay criminals.

– Secure it: Change your password immediately and reset it on any other accounts you’ve used the same one for. Always use a strong and separate password. Whenever possible, enable Two-Factor Authentication (2FA).

– Do not email the fraudsters back.

– Always update your anti-virus software and operating systems regularly.

– Cover your webcam when not in use.

 

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here