Login 
Contact us today!
(808) 529-4605

Indevtech Blog

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

What would you do if a stranger claimed to have compromising webcam footage of you and threatened to share it with your contacts? A new, very convincing email scam is making some users very nervous.

The Sextortion Scam
It’s as screwed up as it sounds. A scammer emails you saying that they got access to your passwords, and then started to run amok to see how much trouble they could get you into. They even show you one of your passwords to prove it (the password will likely come from lists found on the dark web from online businesses and services that have been hacked and stolen over the years). Then the scammer admits they’ve been watching what you do on your computer and recording your webcam, and they happened to catch you at a very inopportune time... Well, let’s let the email explain it for us. 

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The reader is then given the address to a Bitcoin wallet, where they are to send the ransom.

The email continues:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This email comes in a few different versions in the wild, but all of them follow the same pattern and end with the same threat… fork over the cash, or everyone will see you in your most private moments.

Is This a Serious Threat?
This is a very real concern for many people, who will be relieved to hear that, no, there is no indication that these threats are for real. The first clue is the fact that the passwords that the email provides are usually a decade old, indicating that they came from some (relatively) ancient database from some long-forgotten hack.

However, in some ways, this is even worse news, because this threat has made a tidy sum of money: as of the 31st of July, the scam had brought in $250,000, as compared to just over $50,000 by the 19th. Clearly, this scam has been plenty effective for the perpetrators, and this won’t deter others from following its example.

Keeping Yourself Safe from an Actual Attack
Granted, this attack is just an unfair wager, but scams like this are more than possible for a criminal who actually means what they say/threaten. As a result, the security lessons we can take away from this particular attack still apply.

The first thing to remember is also the first rule of passwords - change them frequently. Again, this scam has made quite a bit of money based on a total bluff... a bluff that, paid in increments of $1,400, was worth $250,000 and counting. From this, we can infer that quite a few people who received this message had online activities that they wanted to hide, and more critically, that their passwords had remained the same for all those years.

This is an excellent example of why it is so crucial to regularly update your passwords, without repeating them - if an old database is hacked, as happened here, you won’t have to worry if your password is revealed - it won’t be any good anymore.

The second thing to remember? If you aren’t actively using your webcam, keep its lense covered up.

For more best practices to follow, including those that will improve your business’ security, make sure you keep checking back to this blog - and if you want to take more action, reach out to us at (808) 529-4605.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, April 24 2019

Captcha Image

Request a Consultation

Request a
Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for you!

Contact Us!

Free Consultation
 

Tag Cloud

Tip of the Week Security Technology Privacy Best Practices Cloud Business Computing Google Hackers Hosted Solutions Internet Malware Network Security User Tips Backup Microsoft Software Productivity Innovation Mobile Devices Data Smartphones Windows 10 Efficiency Email Hardware Browser Workplace Tips Business communications Tech Term VoIP IT Services Productivity Business Continuity Business Management Smartphone Computer Disaster Recovery Ransomware Android Miscellaneous Data Backup Network Cybercrime Windows Cloud Computing Alert Server Outsourced IT Chrome Office Communication Data Recovery Automation Collaboration Upgrade Telephone Systems Small Business Windows 10 Quick Tips Artificial Intelligence Managed IT Services Computers Managed IT Services Router Internet of Things Save Money Social Media Gadgets Law Enforcement IT Support Health Cybersecurity Virtualization Mobile Device Facebook Money Social Engineering Applications Operating System Wi-Fi Spam Office 365 Password Office Tips Passwords How To App Holiday Information Bring Your Own Device Gmail Mobile Device Management Settings Google Drive Two-factor Authentication BDR Private Cloud History Encryption Word Remote Computing Phishing Work/Life Balance Bandwidth Meetings Flexibility Application Scam Microsoft Office Training Recovery Paperless Office Voice over Internet Protocol Managed Service Vulnerability Safety Data Protection Mobility Connectivity Apps Entertainment Marketing Keyboard Data Breach Mouse Managed Service Provider Sports HaaS Data Security Data Management Hacking VPN Networking USB IT Plan Website Social Telephony Remote Monitoring Physical Security Staff Budget YouTube Windows 7 Managed IT Data storage CES Business Intelligence End of Support Identity Theft Infrastructure eWaste Unsupported Software Software as a Service Update Virtual Assistant The Internet of Things PDF OneNote Botnet Content Management Internet Exlporer Users Saving Money Machine Learning Big Data Best Practice Telephone System Electronic Medical Records DDoS Redundancy Legal Blockchain Fraud Charger User Error BYOD Battery Access Control Black Market Data Storage Save Time Avoiding Downtime Firewall Employer-Employee Relationship Mobile Computing Retail Wearable Technology Cleaning Comparison Education Robot Display IT Management Google Docs Government Hiring/Firing Augmented Reality Spam Blocking Wireless Human Resources Cryptocurrency Public Cloud Downtime IT Support Servers Patch Management Workers Document Management IBM Security Cameras How to Practices Employer Employee Relationship Netflix Remote Worker Windows 10s Touchpad Help Desk Data loss Scalability Safe Mode Two Factor Authentication webinar Business Technology Hybrid Cloud Online Shopping Programming Addiction Biometrics Risk Management Assessment HVAC IT Consultant Running Cable Shadow IT Proactive IT Outlook Smart Tech Customer Relationship Management Printer Troubleshooting Supercomputer Hacker Apple Hosted Computing Computer Accessories Streaming Media Wiring Skype Screen Mirroring Instant Messaging Conferencing Biometric Security Flash Evernote Cache Politics Television Monitor Enterprise Content Management Transportation Samsung Net Neutrality Frequently Asked Questions Millennials Internet exploMicrosoft Credit Cards Customer Service Vendor Management Lithium-ion battery Administrator Password Manager Shortcut Environment Smartwatch Software Tips Multi-Factor Security iPhone Inventory Social Networking Bluetooth Unified Threat Management Solid State Drive Start Menu Public Computer Shortcuts Cast Computer Care Relocation Digital Signature Emails NarrowBand MSP 5G Information Technology Wireless Charging Wireless Internet Travel Reputation Password Management IT solutions Benefits Leadership ISP Excel Workforce Advertising Virtual Reality Devices Fax Server Content Microchip Business Mangement Books Current Events Uninterrupted Power Supply Employee Trending Camera Audit Tools Techology Experience People Vendor WiFi Humor Accountants Distributed Denial of Service Wireless Technology File Sharing OLED Sync Going Green Cortana Wire Search Engine Root Cause Analysis Customers HIPAA NIST Cryptomining Tip of the week Telecommuting Worker Commute Amazon Thought Leadership Audiobook SaaS Recycling Emergency Knowledge Digital Signage Files Authentication Worker Computer Fan Smart Office Maintenance Music Automobile Mobile Office Search Chromecast Laptop Google Apps Bing Video Games Smart Technology Database Windows Server 2008 Amazon Web Services Notifications Criminal Network Congestion Tech Support Google Search HBO Specifications Computing Infrastructure Remote Work Nanotechnology Rootkit Warranty FENG Value CrashOverride Company Culture Compliance Webinar Managing Stress Thank You Printers Regulation IT solutions Manufacturing Twitter Congratulations
QR-Code