Seemingly everyday you read of a new Internet threat affecting users. As a result, people are more cognizant than ever. What they do fall for time and again are scams that are seemingly person-to-person. The latest one we call sextortion is especially rubbing people the wrong way.
A lot of people view pornographic material. In fact, it makes up about 30 percent of the content on the Internet, and draws more attention than Amazon, Twitter, and Netflix do, combined. While this may be a bit unsavory, if it’s that popular, there is a place for it on the Internet. The problem is that one ingenious hacker has developed a scam that uses people’s clandestine use of adult material against them.
How the Scam Works
Like many of today’s most prevalent Internet scams, extortion is the endgame. This is the case with this particular scam, which uses the purported possession of private information to blackmail the victim. In this case, the scammer claims to have captured footage of both the adult material that the victim was watching, and footage of the victim as they watched said materials.
The target of the scam is first sent an email that details their current situation, as the scammer wants them to believe it. It should also be mentioned that this email includes a password that the user has once used in the subject line. The rest of the email continues:
You don’t know me and you’re thinking why you received this email, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”
At this point in the email, the user is given the address to which the Bitcoin is to be transferred, with a threat of what will happen if payment isn’t delivered promptly.
You have 24 hours in order to make the payment. (I have an [sic] unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
Naturally, this isn’t the kind of message that anyone would want to find in their inbox, in any of the versions currently making their rounds online. Regardless of which one you see, the threat is the same: pay me, or I spread your dirty laundry to everyone you know.
Before You Go and Buy Bitcoin…
… you should know that this scam is just that, a scam. The hacker has no video of you, “doing nasty things” or otherwise, and the password they use as evidence is actually sourced from a hacked, decade-old database.
However, while there is no danger to a security-minded user, this scam still provides some important lessons.
First, scams like this are not going to go away anytime soon, if the relative success of this one is any indication. Remember, this scam demanded a ransom of $1400. In just a few weeks, this scam had brought the perpetrator over $250,000 in ill-gotten money.
On a related note, that means that at least 179 people (likely more, by now) were taken by this scam, which suggests that these people may not have changed their passwords in the 10 years since the database was hacked. Clearly, these people could have benefited from subscribing to some password best practices.
Regardless, these events should make us all consider the reality that this scam isn’t totally a scam, as there is plenty of potential for this kind of intrusive footage to be taken. When more or less every device comes with some kind of front-facing camera, it is hard to guarantee that some footage of you doesn’t exist somewhere without your knowledge or consent – whether you’re fully dressed or not.
How to Keep Yourself Safe
With attacks like these, your best bet is to be proactive in your protections, notably, your passwords. By simply subscribing to best practices and frequently changing your passwords to something brand new, scams like these have the wind taken out of their sails. After all, an old password won’t work if you’re using a new one. If you have a hard time keeping track of so many, you may want to consider utilizing a password manager.
Furthermore, it may not be a bad idea to cover up your webcam when you aren’t actively using it… just in case.
Whether or not a threat like this is actively trying to victimize you, just trying to keep track of all of the potential threats out there can be exhausting. Let WheelHouse IT do the busy and stressful work for you.
We have the means to keep you protected with both practical defenses and improved education. For more information, give us a call at (877) 771-2384.