XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

What would you do if a stranger claimed to have compromising webcam footage of you and threatened to share it with your contacts? A new, very convincing email scam is making some users very nervous.

The Sextortion Scam
It’s as screwed up as it sounds. A scammer emails you saying that they got access to your passwords, and then started to run amok to see how much trouble they could get you into. They even show you one of your passwords to prove it (the password will likely come from lists found on the dark web from online businesses and services that have been hacked and stolen over the years). Then the scammer admits they’ve been watching what you do on your computer and recording your webcam, and they happened to catch you at a very inopportune time... Well, let’s let the email explain it for us. 

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The reader is then given the address to a Bitcoin wallet, where they are to send the ransom.

The email continues:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This email comes in a few different versions in the wild, but all of them follow the same pattern and end with the same threat… fork over the cash, or everyone will see you in your most private moments.

Is This a Serious Threat?
This is a very real concern for many people, who will be relieved to hear that, no, there is no indication that these threats are for real. The first clue is the fact that the passwords that the email provides are usually a decade old, indicating that they came from some (relatively) ancient database from some long-forgotten hack.

However, in some ways, this is even worse news, because this threat has made a tidy sum of money: as of the 31st of July, the scam had brought in $250,000, as compared to just over $50,000 by the 19th. Clearly, this scam has been plenty effective for the perpetrators, and this won’t deter others from following its example.

Keeping Yourself Safe from an Actual Attack
Granted, this attack is just an unfair wager, but scams like this are more than possible for a criminal who actually means what they say/threaten. As a result, the security lessons we can take away from this particular attack still apply.

The first thing to remember is also the first rule of passwords - change them frequently. Again, this scam has made quite a bit of money based on a total bluff... a bluff that, paid in increments of $1,400, was worth $250,000 and counting. From this, we can infer that quite a few people who received this message had online activities that they wanted to hide, and more critically, that their passwords had remained the same for all those years.

This is an excellent example of why it is so crucial to regularly update your passwords, without repeating them - if an old database is hacked, as happened here, you won’t have to worry if your password is revealed - it won’t be any good anymore.

The second thing to remember? If you aren’t actively using your webcam, keep its lense covered up.

For more best practices to follow, including those that will improve your business’ security, make sure you keep checking back to this blog - and if you want to take more action, reach out to us at 734-927-6666 / 800-Get-XFER.

A.I. Is Starting to Move Businesses Forward
Tip of the Week: Cloud Software for File Sharing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, December 14 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Best Practices Saving Money Backup Workplace Tips Software Managed Service Provider Business Computing Hosted Solutions Hackers Data Small Business Hardware Google Mobile Devices Productivity Mobile Office VoIP Gadgets Email Malware Quick Tips Network Security Efficiency Network IT Support Innovation Social Media Business Management Business IT Services Business Continuity Miscellaneous Server Smartphones Upgrade Virtualization Communication Windows User Tips Disaster Recovery Data Backup Computer Communications Managed IT Services Microsoft Office Users Mobile Device Management Passwords Data Recovery Browser Smartphone Android Holiday Save Money Marketing WiFi Ransomware Outsourced IT Alert BDR Mobile Computing Cybercrime Tech Term Vendor Management Chrome Cloud Computing Operating System Windows 10 Internet of Things Remote Monitoring Bring Your Own Device Computers Apple BYOD Information Technology Avoiding Downtime The Internet of Things Artificial Intelligence Managed IT Services Router Firewall Telephone Systems Automation Cybersecurity Going Green Spam Current Events Big Data VPN Remote Computing History Best Practice IT Solutions Application Wireless Technology Collaboration Printer Facebook IT Consultant Hacking Social Engineering Employer-Employee Relationship Health Trending Phone System App Lithium-ion Battery Bandwidth Money Proactive IT Office Budget Excel IT Support Mouse Recovery Content Filtering Business Managament Networking How To Unified Threat Management Office 365 Applications Business Intelligence Productivity Fax Server Maintenance Windows 8 Windows 10 Two-factor Authentication Mobility iPhone Managed IT Data Protection User Error Blockchain Sports Value Word Humor Mobile Device Apps Private Cloud Website Outlook Data Security Tutorials Redundancy Virus Law Enforcement PowerPoint Gmail Antivirus Encryption Phishing Analytics Customer Relationship Management Training Information Google Drive Hard Drives Network Congestion Scam Software as a Service Inbound Marketing Analysis Conferencing Vulnerability Managed Service Search Save Time Connectivity Tablet Administration Twitter Digital Payment Document Management Social Networking Office Tips Identity Theft Computer Repair Data Management Streaming Media Risk Management Compliance Voice over Internet Protocol Flexibility Entertainment IT Management Saving Time Administrator Servers Retail Settings Human Resources Tech Support Downtime File Sharing Memory Data storage Hacker Social Best Available Content Management OneNote Unsupported Software Infrastructure Bluetooth eWaste Paperless Office Internet Exlporer People Data Storage Keyboard PDF Samsung Update Touchscreen Work/Life Balance Data Breach USB HaaS End of Support Robot Safety Wi-Fi Government Online Currency Telephony YouTube Comparison Virtual Assistant Meetings Recycling Windows 7 Workers Point of Sale Google Docs Education Video Surveillance DDoS Statistics Telephone System Webinar Solid State Drive Data loss Black Market Programming Credit Cards IBM Skype Piracy Help Desk Leadership Access Control Spam Blocking Instant Messaging Smart Tech Wireless Physical Security Augmented Reality Intranet Environment Cleaning Password Running Cable Wearable Technology Fraud Public Cloud CES Computer Accessories IT Plan SaaS Biometrics Machine Learning IT service Display Tip of the week Amazon HIPAA Storage Hybrid Cloud Hiring/Firing Printer Server Shortcut Safe Mode Debate Telecommuting User Nanotechnology Remote Worker IaaS Computing Infrastructure Tools Worker Commute Macro Text Messaging HVAC Touchpad Managing Stress Domains Practices Work Station Relocation Sync Cables Hosted Solution Bloatware Gaming Console Co-managed IT Search Engine Legal Computer Care Business Technology Monitor Windows Server 2008 Amazon Web Services Science Addiction Virtual Private Network Accountants Software Tips Remote Work Wiring Password Manager Audit Enterprise Content Management Hosted Computing Proactive Unified Communications Netflix Entrepreneur Students Bing Reputation Online Shopping Tablets Cache Project Management Staff Root Cause Analysis IT Security Supercomputer Hiring/Firing Devices GDPR Internet exploMicrosoft Botnet Business Mangement Computer Fan Windows Media Player Virtual Desktop Password Management Specifications Inventory Remote Monitoring and Maintenance Start Menu Theft Cost Management Healthcare Shortcuts NarrowBand Print Server Data Warehousing IoT Customers Remote Support Regulations Evernote Upgrades Analyitcs Webcam Wireless Internet Warranty Uninterrupted Power Supply nternet Crowdfunding Digital Signature HBO Knowledge Thought Leadership E-Commerce Advertising Travel Criminal FENG Customer Service NIST Millennials Consultant Line of Business Distributed Denial of Service Files Company Culture Mobile Cortana Patch Management Electronic Health Records Chromecast Law Firm IT PC Care Wireless Charging 360 Emails Wire Microchip Multi-Factor Security Strategy Screen Mirroring Frequently Asked Questions Scheduling Content Filter Camera Notifications LinkedIn Electronic Medical Records Cameras 3D Cryptocurrency Workforce Business Owner Licensing Authentication MSP Colocation Net Neutrality Professional Services Google Apps Windows 10s eBay Laptop WIndows 7 Insurance Alerts SharePoint Windows 8.1 Update Flash Fiber-Optic Virtual Reality Smart Office Shadow IT Lifestyle Charger Cast Printers Automobile Public Computer Benefits IT solutions Employer Employee Relationship CrashOverride Smart Technology Loyalty Books Experience Content Two Factor Authentication Battery Emergency Video Games Music Worker Audiobook Assessment eCommerce Scalability Thank You Regulation Rootkit Politics Television Transportation How to Congratulations Troubleshooting Webinar Utility Computing Techology

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *