Monday, 6 August 2018

Sextortion Scam on the rise

I received a phone call from a client of mine the other day, I could hear in the voice that something was not right, there was almost a whisper to the voice and I struggled to hear what was being said. I heard bits and pieces of the conversation but what I heard did not sound good. "Hacked..., extortion..., wants money..." thankfully in the end it turned out all ok.

A relatively new variant of an email scam is doing the rounds this year, it is called sextortion.  Sextortion is when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.
The way the scam works is basically you receive an email claiming that your computer has been comprised and that your webcam was used to record you viewing porn sites.

The email further goes on to say that you must pay the "hacker" an amount of BitCoin or else they will release the "footage" of your browsing session to all your contacts. What makes this scam scary is that it actually has your password! Well not exactly, but a password you most likely used some time ago.

Thanks to all the data breaches over the last few years, your email address and certain passwords are easily available on the web for those that wish to find them. What these scammers have done is link your password from some time ago that was breached with your e-mail address. When you read the email for the first time you see your password and really think this may be possible.

The emails I have seen from my clients are very similar to the copy below,

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V726
(It is cAsE sensitive, so copy and paste it)
Important:You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
This scam is unfortunately likely to evolve and as more personal details get leaked / breached the scammers will probably add more data into the mails to make it sound even more believable, we may even see other scams using this method to try and con you. Think of those fake Microsoft tech support calls, now they have a "password" you could be easily fooled into giving them access to your computer.
There are some things you can do so as to not become a victim of sextortion:
  1. Keep your browsing to "safe" sites;
  2. Do not send revealing pictures of yourself to anyone (you never know who is actually getting them);
  3. Turn off or block any webcams when not in use;
  4. Think before opening that unexpected email with the attachment;
  5. If you have not changed your passwords recently, I would suggest you do soon.  

No comments:

Post a Comment