Male Rep 4

 

 "There is only one Boss. The Customer"

Have IT Questions?
Call us now (888) 894-6411

TWINTEL Solutions Blog

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

What would you do if a stranger claimed to have compromising webcam footage of you and threatened to share it with your contacts? A new, very convincing email scam is making some users very nervous.

The Sextortion Scam
It’s as screwed up as it sounds. A scammer emails you saying that they got access to your passwords, and then started to run amok to see how much trouble they could get you into. They even show you one of your passwords to prove it (the password will likely come from lists found on the dark web from online businesses and services that have been hacked and stolen over the years). Then the scammer admits they’ve been watching what you do on your computer and recording your webcam, and they happened to catch you at a very inopportune time... Well, let’s let the email explain it for us. 

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The reader is then given the address to a Bitcoin wallet, where they are to send the ransom.

The email continues:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This email comes in a few different versions in the wild, but all of them follow the same pattern and end with the same threat… fork over the cash, or everyone will see you in your most private moments.

Is This a Serious Threat?
This is a very real concern for many people, who will be relieved to hear that, no, there is no indication that these threats are for real. The first clue is the fact that the passwords that the email provides are usually a decade old, indicating that they came from some (relatively) ancient database from some long-forgotten hack.

However, in some ways, this is even worse news, because this threat has made a tidy sum of money: as of the 31st of July, the scam had brought in $250,000, as compared to just over $50,000 by the 19th. Clearly, this scam has been plenty effective for the perpetrators, and this won’t deter others from following its example.

Keeping Yourself Safe from an Actual Attack
Granted, this attack is just an unfair wager, but scams like this are more than possible for a criminal who actually means what they say/threaten. As a result, the security lessons we can take away from this particular attack still apply.

The first thing to remember is also the first rule of passwords - change them frequently. Again, this scam has made quite a bit of money based on a total bluff... a bluff that, paid in increments of $1,400, was worth $250,000 and counting. From this, we can infer that quite a few people who received this message had online activities that they wanted to hide, and more critically, that their passwords had remained the same for all those years.

This is an excellent example of why it is so crucial to regularly update your passwords, without repeating them - if an old database is hacked, as happened here, you won’t have to worry if your password is revealed - it won’t be any good anymore.

The second thing to remember? If you aren’t actively using your webcam, keep its lense covered up.

For more best practices to follow, including those that will improve your business’ security, make sure you keep checking back to this blog - and if you want to take more action, reach out to us at (888) 894-6411.

The Best Way to Approach Data Backup
Tip of the Week: Cloud Software for File Sharing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, February 20 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code

Our 10 Benefits

Our 10 Benefits Whitepaper

This whitepaper will evaluate the differences between traditional technical support practices and modern managed IT practices and the pros and cons of both in regards to small and medium-sized businesses.

Download Now!   Need A Consultation?

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Privacy Business Computing Hackers Network Security Hosted Solutions Backup Malware Mobile Devices Google VoIP Data Microsoft Disaster Recovery Business nonprofit Internet communications Software Email bgc Business Continuity roundup Innovation Outsourced IT Managed IT Services IT Services Alert User Tips Smartphones Hardware Data Backup Productivity Tech Term Managed IT Services Browser Windows 10 Smartphone Server Efficiency Cloud Computing Saving Money Computer Data Recovery Ransomware Internet of Things Android Workplace Tips Cybercrime IT Support Small Business Business Management IT Support Network BDR Communication Computers Artificial Intelligence Quick Tips Save Money Productivity Windows Office Passwords Cybersecurity Miscellaneous Gadgets Chrome Managed IT Mobile Device Management Router Mobile Device Mobility Windows 10 Money Social Engineering Telephone Systems BYOD Holiday Applications Recovery Facebook Phishing Firewall Automation Work/Life Balance Wi-Fi Vulnerability Health Office 365 Virtualization Social Media Collaboration Proactive IT Upgrade Law Enforcement Private Cloud Hacking Bandwidth Bring Your Own Device Information Flexibility Budget Office Tips Avoiding Downtime Word Two-factor Authentication App Managed Service Provider Password Data Protection Microsoft Office Remote Monitoring VPN How To Google Drive Compliance Servers Connectivity History Identity Theft Black Market Sports Data Breach Business Intelligence Encryption Managed Service Apps Operating System Mobile Computing Keyboard Redundancy Spam Safety Scam Settings Value Voice over Internet Protocol HaaS Save Time Software as a Service Remote Computing Information Technology Data Security IT Plan Hacker SaaS Automobile Update CES Hiring/Firing Physical Security Cleaning Training Workers Data Management WiFi Content Management USB Credit Cards Access Control Computer Care Wireless Technology Patch Management Entertainment Battery Content Filtering End of Support OneNote Google Docs Blockchain Virtual Assistant Data storage Windows 7 Fraud YouTube Business Owner Samsung Telephony Unsupported Software Charger Emergency Data Storage Website Human Resources Telephone System Big Data Document Management Electronic Medical Records Infrastructure Paperless Office Government PDF The Internet of Things Legal Solid State Drive IT Management Worker Computing Infrastructure Marketing Employer-Employee Relationship HIPAA Machine Learning Risk Management Comparison Unified Threat Management Spam Blocking Cache Best Practice Content Humor Vendor Multi-Factor Security Digital Signature Rootkit Hosted Solution Online Shopping Warranty FENG Search Engine Data loss Cryptocurrency Search Tip of the week Tools Theft Business Mangement HVAC Smart Technology Network Congestion Politics Apple Digital Signage HBO Specifications Touchpad Inventory Wiring Virtual Reality Windows 10s Evernote NarrowBand Wireless Internet Audiobook Display Trending Internet Exlporer Flash Devices Printer Bing Screen Mirroring Safe Mode Employer Employee Relationship How to webinar Windows Server 2008 Gmail Networking Two Factor Authentication iPhone Google Search Outlook Millennials Worker Commute Public Cloud Sync Wireless Charging Cortana Wire Video Games IBM Security Cameras Data Warehousing Lifestyle Going Green Accountants MSP Vendor Management Thought Leadership Mouse Assessment Help Desk Cast Computer Accessories Conferencing Troubleshooting User Error Wireless Mobile Recycling Enterprise Content Management Scalability IT Consultant Experience Downtime Net Neutrality Workforce Authentication Fiber-Optic Google Apps Smart Office Supercomputer Botnet File Sharing Education Reputation Advertising Twitter Administrator Television CrashOverride Hard Drives Shortcuts Bluetooth Netflix Monitor Colocation Regulations Amazon Techology Audit Professional Services eWaste Password Management Leadership Robot ISP Frequently Asked Questions Telecommuting Nanotechnology Camera Skype Cables Transportation Current Events Smartwatch Software Tips Practices Augmented Reality Customers Addiction Public Computer Relocation Social Staff Regulation Shadow IT Books Amazon Web Services Printers Loyalty Computer Fan Microchip Meetings Criminal NIST Instant Messaging Files Excel Remote Work Smart Tech Start Menu Unified Communications Chromecast Password Manager Benefits Knowledge Employee Laptop Hosted Computing Remote Worker Users GDPR E-Commerce Thank You nonprofits Congratulations