Wednesday, November 14, 2018

Web Secret 545: Sextortion Scam

In the past couple of months, thousands of people (possibly millions) received the following disturbing email: (Note: email exactly as it is sent, weird grammar and English included.)
"I am aware of one of your passwords: Lets get directly to point. Not a single person has compensated me to investigate about you. You do not know me and you are probably wondering why you're getting this e mail?

actually, I actually installed a software on the adult vids (sex sites) site and you know what, you visited this web site to have fun (you know what I mean). When you were viewing videos, your internet browser initiated working as a Remote control Desktop that has a key logger which provided me access to your display screen and also web cam. Right after that, my software program collected your complete contacts from your Messenger, FB, and email . After that I created a double-screen video. 1st part shows the video you were viewing (you've got a good taste haha . . .), and 2nd part shows the view of your webcam, and its u.

You do have only 2 alternatives. We are going to understand these types of choices in aspects: 1st solution is to disregard this message. In this case, I am going to send your actual video clip to just about all of your contacts and thus you can easily imagine about the disgrace you feel. Not to mention should you be in a relationship, just how it will eventually affect?

Number two choice will be to pay me $3000. We will think of it as a donation. As a consequence, I most certainly will without delay eliminate your videotape. You will keep going on your daily life like this never happened and you will not hear back again from me.

You'll make the payment through Bitcoin (if you do not know this, search for "how to buy bitcoin" in Google)."
When I first heard about this scam, I read dozens of articles explaining it and offering suggestions on how to handle it. The best of these was "Sextortion Scam: What to Do If You Get the Latest Phishing Spam Demanding Bitcoin."

Here are the recommendations:

1. Do not pay the ransom.

2. Don’t panic. Contrary to the claims in your email, you haven't been hacked (or at least. This is merely a new variation on an old scam which is popularly being called "sextortion." This is a type of online phishing that is targeting people around the world and preying off digital-age fears.

3. What makes the email especially alarming is that, to prove their authenticity, they begin the emails showing you a password you once used or currently use.

Again, this still doesn't mean you've been hacked. The scammers in this case likely matched up a database of emails and stolen passwords and sent this scam out to potentially millions of people, hoping that enough of them would be worried enough and pay out that the scam would become profitable. Think Facebook hack or any of the dozens of major hacks you have heard about before.

4. If the password emailed to you is one that you still use, in any context whatsoever, STOP USING IT and change it NOW! And regardless of whether or not you still use that password it's always a good idea to use a password manager.

5. And of course, you should always change your password when you’re alerted that your information has been leaked in a breach. You can also use a service like Have I Been Pwned to check whether you have been part of one of the more well-known password dumps. (Note: every single one of my email accounts was compromised in one or more data breaches - often from sites I had never heard of.)

6. Do not ever respond to this type of scam. If possible, don't even open the email.

7. Moving forward, enable two-factor authentication whenever that is an option on your online accounts. Yes, I know this is a pain in the neck.

8. One other thing to do to protect yourself is apply a cover over your computer’s camera. A small strip of electrical tape will do.

You've been warned.

No comments:

Post a Comment