XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

What would you do if a stranger claimed to have compromising webcam footage of you and threatened to share it with your contacts? A new, very convincing email scam is making some users very nervous.

The Sextortion Scam
It’s as screwed up as it sounds. A scammer emails you saying that they got access to your passwords, and then started to run amok to see how much trouble they could get you into. They even show you one of your passwords to prove it (the password will likely come from lists found on the dark web from online businesses and services that have been hacked and stolen over the years). Then the scammer admits they’ve been watching what you do on your computer and recording your webcam, and they happened to catch you at a very inopportune time... Well, let’s let the email explain it for us. 

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The reader is then given the address to a Bitcoin wallet, where they are to send the ransom.

The email continues:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This email comes in a few different versions in the wild, but all of them follow the same pattern and end with the same threat… fork over the cash, or everyone will see you in your most private moments.

Is This a Serious Threat?
This is a very real concern for many people, who will be relieved to hear that, no, there is no indication that these threats are for real. The first clue is the fact that the passwords that the email provides are usually a decade old, indicating that they came from some (relatively) ancient database from some long-forgotten hack.

However, in some ways, this is even worse news, because this threat has made a tidy sum of money: as of the 31st of July, the scam had brought in $250,000, as compared to just over $50,000 by the 19th. Clearly, this scam has been plenty effective for the perpetrators, and this won’t deter others from following its example.

Keeping Yourself Safe from an Actual Attack
Granted, this attack is just an unfair wager, but scams like this are more than possible for a criminal who actually means what they say/threaten. As a result, the security lessons we can take away from this particular attack still apply.

The first thing to remember is also the first rule of passwords - change them frequently. Again, this scam has made quite a bit of money based on a total bluff... a bluff that, paid in increments of $1,400, was worth $250,000 and counting. From this, we can infer that quite a few people who received this message had online activities that they wanted to hide, and more critically, that their passwords had remained the same for all those years.

This is an excellent example of why it is so crucial to regularly update your passwords, without repeating them - if an old database is hacked, as happened here, you won’t have to worry if your password is revealed - it won’t be any good anymore.

The second thing to remember? If you aren’t actively using your webcam, keep its lense covered up.

For more best practices to follow, including those that will improve your business’ security, make sure you keep checking back to this blog - and if you want to take more action, reach out to us at 734-927-6666 / 800-Get-XFER.

A.I. Is Starting to Move Businesses Forward
Tip of the Week: Cloud Software for File Sharing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, October 19 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Best Practices Saving Money Backup Software Workplace Tips Managed Service Provider Business Computing Hackers Data Small Business Hosted Solutions Hardware Mobile Devices Productivity Google Mobile Office VoIP Gadgets Email Malware Quick Tips Network Security Network IT Support Efficiency Social Media Innovation Business Management IT Services Server Miscellaneous Business Continuity Smartphones Upgrade Business Virtualization Windows Communication Disaster Recovery Computer Communications Managed IT Services Microsoft Office Data Backup User Tips Users Passwords Browser Mobile Device Management Android Save Money Smartphone Marketing Holiday Data Recovery Ransomware WiFi Alert Vendor Management Mobile Computing Outsourced IT Tech Term Operating System Remote Monitoring Cybercrime Windows 10 Internet of Things Avoiding Downtime Computers BDR Bring Your Own Device Apple Cloud Computing BYOD Information Technology IT Solutions VPN The Internet of Things Artificial Intelligence Current Events Chrome Telephone Systems History Best Practice Automation Router Going Green Big Data Remote Computing Firewall Trending Application Health Phone System Collaboration Hacking Wireless Technology Cybersecurity Spam IT Consultant Social Engineering Employer-Employee Relationship Printer Facebook Budget Managed IT Services Lithium-ion Battery Money Bandwidth Proactive IT Excel App Office Two-factor Authentication Mobility Business Managament Recovery iPhone Fax Server Mouse Maintenance Windows 8 Content Filtering How To Networking Business Intelligence Applications Unified Threat Management Windows 10 Humor Outlook Tutorials Managed IT Virus Customer Relationship Management Training Hard Drives Value Sports Private Cloud Website Redundancy Data Protection Law Enforcement Office 365 Productivity Apps Gmail Antivirus User Error PowerPoint Analytics Phishing Data Security Downtime File Sharing Memory Google Drive IT Support Vulnerability Conferencing IT Management Network Congestion Tablet Search Inbound Marketing Twitter Save Time Information Analysis Document Management Streaming Media Risk Management Office Tips Tech Support Data Management Administration Compliance Mobile Device Scam Blockchain Word Flexibility Social Networking Connectivity Encryption Digital Payment Saving Time Entertainment Computer Repair Settings Identity Theft Retail IBM SaaS Human Resources Piracy Biometrics Leadership Telephone System Administrator OneNote Best Available Data storage IT service Credit Cards Bluetooth Access Control Hacker Computer Accessories Internet Exlporer Webinar Data Storage People Smart Tech eWaste Servers PDF CES Samsung Keyboard Fraud Machine Learning Safety Social Wi-Fi Work/Life Balance Data Breach IT Plan HaaS End of Support Online Currency YouTube Robot USB Government Content Management Point of Sale Meetings Workers Recycling Infrastructure Unsupported Software Education Touchscreen Paperless Office Statistics Managed Service DDoS Solid State Drive Data loss Update Skype Black Market Programming Spam Blocking Comparison Video Surveillance Augmented Reality Intranet Cleaning Instant Messaging Password Running Cable Virtual Assistant Wireless Physical Security Windows 7 Public Cloud Wearable Technology Environment Windows 10s Start Menu Theft Net Neutrality Healthcare Cameras Laptop Business Owner Data Warehousing Specifications Inventory Remote Monitoring and Maintenance Colocation Windows 8.1 Update Wireless Internet Warranty Shadow IT Charger Cast Voice over Internet Protocol Digital Signature IoT Licensing SharePoint Regulations Evernote E-Commerce Virtual Reality PC Care Hybrid Cloud Hiring/Firing Travel Criminal NIST WIndows 7 HIPAA HBO Display Thought Leadership Mobile Cortana Electronic Health Records Printer Server Scheduling Touchpad Shortcut Millennials Debate Line of Business IaaS 3D Computing Infrastructure Wire Worker Commute Legal Computer Care Multi-Factor Security Strategy User Relocation eBay Hosted Solution Wireless Charging Content Filter Camera Bloatware Alerts Cryptocurrency Managing Stress Monitor Domains Frequently Asked Questions Audit Professional Services Google Apps Workforce Authentication MSP Science Help Desk Fiber-Optic Smart Office Lifestyle Insurance Text Messaging Netflix Flash Storage Entrepreneur Work Station Root Cause Analysis Software as a Service Safe Mode Gaming Console Reputation Tip of the week Amazon Computer Fan Tools HVAC Supercomputer Telecommuting IT Security Nanotechnology Remote Worker Tablets Internet exploMicrosoft Sync Cables Windows Media Player NarrowBand Virtual Desktop Print Server Practices Hiring/Firing Remote Support Addiction Virtual Private Network Uninterrupted Power Supply Cost Management nternet Crowdfunding Accountants Business Technology Customers Windows Server 2008 Amazon Web Services FENG Password Manager Enterprise Content Management Macro Knowledge Software Tips Remote Work Upgrades Wiring Analyitcs Advertising Patch Management Telephony Unified Communications Company Culture Students Chromecast Customer Service Co-managed IT Law Firm IT Hosted Computing Proactive Distributed Denial of Service Files Cache Project Management Screen Mirroring Google Docs Staff Consultant 360 Emails Online Shopping Electronic Medical Records Botnet Business Mangement LinkedIn Password Management Webcam Devices GDPR Notifications Transportation How to Television Techology Troubleshooting Webinar Benefits Automobile Public Computer Regulation IT solutions Employer Employee Relationship CrashOverride Smart Technology Loyalty Thank You Books Printers Experience Two Factor Authentication Battery Content Video Games Congratulations Emergency Worker Music Audiobook Scalability Assessment Rootkit Politics

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *
      • Company Name *
      • Number of Participants *
      • First Name *
      • Last Name *
      • Phone *
      • Yes, subscribe me to: