Every business (and every individual, for that matter) needs to be wary of Internet scams and other online tricks. This is because those scammers are wily and have many means of finding a user in a compromising position… or so they claim in a recent scam.
For a bit of background, it is important to recognize that a full 30 percent of the Internet is made up of pornographic materials. That 30 percent is not short of visitors, either - websites featuring adult content draw more traffic than Amazon, Twitter, and Netflix do together. This prevalence is one of the reasons that this email scam has been as effective as it has.
How the Scam Works
Like most scams, the purpose of this one is to extort money from its victims. A popular way to do this (among criminal circles, of course) is to blackmail them with some piece of information that they would prefer hidden - the more scandalous, the better. This scam claims that the sender of an email has just that information on you.
This scam starts with an email appearing in an inbox:
“You don’t know me and you’re thinking why you received this email, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”
The user is then given an address and case-sensitive alphanumeric code into which they are to deposit the sizable ransom. They are advised to use the copy/paste function to make sure the code is correct. Finally, the email ends with a warning:
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”
One thing is for sure: this would be an extremely unsettling email to open your inbox to find. Regardless of which of its many versions you may encounter, it will deliver the same ultimatum: deliver the Bitcoin to me, or I deliver this to everyone in your life.
Don’t Get Excited
This would be a really scary threat, if it was real. There was no video filmed of you, and while the password is one that you once used, it comes from a decade-old hacked database. This threat is little more than that - a threat - but there are still lessons to be learned from an attempt like this.
This scam has been considerably successful, netting over $250,000 over the course of a few weeks, which means that scams like this will continue, and that plenty of people don’t change their passwords the way they should. However, it is also legitimately scary to consider what might happen if this threat someday wasn’t a threat - after all, almost every device today comes with a built-in front facing camera. As a result, it will be hard to be sure that there isn’t footage of you - compromising or otherwise - floating around in some cybercriminal’s system someday.
How to Protect Yourself
Proactive measures are key to foiling any attack like this, especially in regard to your passwords. Properly managing your passwords should be a priority - follow best practices and use different ones, changing them often - and if you have difficulty remembering them, use a password manager to remember them for you.
Plus, you may want to strongly consider covering up your webcam when not intentionally using it. That way, it won’t matter so much how you choose to spend your time.
Regardless, we get it. It can be really hard to keep up with each and every threat and attack that’s out there, between sextortion, ransomware, and all the others. That’s part of the reason that Computerware is here. We do everything we can to protect our clients from compromise, including education and practical defenses. Give us a call at (703) 821-8200 to learn more.