XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

What would you do if a stranger claimed to have compromising webcam footage of you and threatened to share it with your contacts? A new, very convincing email scam is making some users very nervous.

The Sextortion Scam
It’s as screwed up as it sounds. A scammer emails you saying that they got access to your passwords, and then started to run amok to see how much trouble they could get you into. They even show you one of your passwords to prove it (the password will likely come from lists found on the dark web from online businesses and services that have been hacked and stolen over the years). Then the scammer admits they’ve been watching what you do on your computer and recording your webcam, and they happened to catch you at a very inopportune time... Well, let’s let the email explain it for us. 

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The reader is then given the address to a Bitcoin wallet, where they are to send the ransom.

The email continues:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This email comes in a few different versions in the wild, but all of them follow the same pattern and end with the same threat… fork over the cash, or everyone will see you in your most private moments.

Is This a Serious Threat?
This is a very real concern for many people, who will be relieved to hear that, no, there is no indication that these threats are for real. The first clue is the fact that the passwords that the email provides are usually a decade old, indicating that they came from some (relatively) ancient database from some long-forgotten hack.

However, in some ways, this is even worse news, because this threat has made a tidy sum of money: as of the 31st of July, the scam had brought in $250,000, as compared to just over $50,000 by the 19th. Clearly, this scam has been plenty effective for the perpetrators, and this won’t deter others from following its example.

Keeping Yourself Safe from an Actual Attack
Granted, this attack is just an unfair wager, but scams like this are more than possible for a criminal who actually means what they say/threaten. As a result, the security lessons we can take away from this particular attack still apply.

The first thing to remember is also the first rule of passwords - change them frequently. Again, this scam has made quite a bit of money based on a total bluff... a bluff that, paid in increments of $1,400, was worth $250,000 and counting. From this, we can infer that quite a few people who received this message had online activities that they wanted to hide, and more critically, that their passwords had remained the same for all those years.

This is an excellent example of why it is so crucial to regularly update your passwords, without repeating them - if an old database is hacked, as happened here, you won’t have to worry if your password is revealed - it won’t be any good anymore.

The second thing to remember? If you aren’t actively using your webcam, keep its lense covered up.

For more best practices to follow, including those that will improve your business’ security, make sure you keep checking back to this blog - and if you want to take more action, reach out to us at 734-927-6666 / 800-Get-XFER.

A.I. Is Starting to Move Businesses Forward
Tip of the Week: Cloud Software for File Sharing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, August 18 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Saving Money Best Practices Backup Software Managed Service Provider Workplace Tips Business Computing Small Business Data Productivity Hackers Google Hosted Solutions Hardware Mobile Office Mobile Devices VoIP Gadgets Email Quick Tips Malware Efficiency IT Support Network Social Media Business Management Innovation Network Security Smartphones IT Services Miscellaneous Business Continuity Upgrade Business Server Virtualization Windows Disaster Recovery Communication Microsoft Office Managed IT Services Computer Users Communications Passwords Mobile Device Management User Tips Android Data Backup Browser Smartphone Marketing WiFi Holiday Save Money Alert Vendor Management Data Recovery Tech Term Ransomware Cybercrime Outsourced IT Mobile Computing Operating System Windows 10 Remote Monitoring Bring Your Own Device Cloud Computing Apple Computers BYOD BDR Information Technology Avoiding Downtime Internet of Things Remote Computing Current Events Chrome IT Solutions Router Going Green Best Practice The Internet of Things History Automation Telephone Systems VPN Big Data Application Health IT Consultant Collaboration Hacking Trending Artificial Intelligence Social Engineering Employer-Employee Relationship Firewall Facebook Spam Phone System Cybersecurity Wireless Technology Bandwidth Excel App Money Printer Office Proactive IT Managed IT Services Budget Lithium-ion Battery Recovery Content Filtering Fax Server How To Maintenance Windows 8 Networking Two-factor Authentication iPhone Mobility Business Managament Business Intelligence Analytics Managed IT Data Protection Apps Website Phishing PowerPoint Unified Threat Management Private Cloud Redundancy Gmail Value Law Enforcement Data Security Office 365 User Error Applications Humor Customer Relationship Management Outlook Hard Drives Mouse Tutorials Antivirus Virus Google Drive Downtime Administration Mobile Device Save Time File Sharing Memory Productivity Digital Payment Social Networking Tech Support Blockchain Office Tips Conferencing Computer Repair Word Windows 10 Compliance Flexibility Tablet Data Management Sports Search Entertainment Twitter Identity Theft IT Support Document Management Vulnerability Analysis Streaming Media Risk Management Retail IT Management Inbound Marketing Saving Time Network Congestion Connectivity Augmented Reality Intranet IT Plan Running Cable Webinar Wearable Technology Data storage Touchscreen Content Management Data loss Robot eWaste Unsupported Software USB Internet Exlporer Infrastructure Best Available PDF Spam Blocking Video Surveillance Wi-Fi Update HaaS End of Support Bluetooth Safety Government Access Control People YouTube Meetings Comparison Smart Tech Samsung Scam Piracy IBM Windows 7 Machine Learning Online Currency DDoS Leadership Administrator OneNote Recycling Information Point of Sale Solid State Drive Instant Messaging Black Market Computer Accessories Data Storage Settings Encryption Environment Education Credit Cards Human Resources Statistics Biometrics Paperless Office Wireless Training Physical Security Work/Life Balance Data Breach Cleaning Password Programming IT service Skype Social Public Cloud Servers CES SaaS Workers Hacker Worker Commute Students SharePoint Work Station Workforce Supercomputer User Hosted Computing Proactive Gaming Console Shadow IT Professional Services Google Apps Computer Fan Lifestyle Managing Stress Domains Virtual Assistant LinkedIn Hybrid Cloud Flash Fiber-Optic Bloatware Cache Software as a Service Password Management Net Neutrality IaaS Computing Infrastructure Help Desk Tip of the week Amazon Science Devices Touchpad Healthcare Windows 8.1 Update Relocation Telecommuting Knowledge Inventory Remote Monitoring and Maintenance Legal Tools FENG Display Monitor IoT Telephone System Sync Patch Management Cables Entrepreneur Wireless Internet Screen Mirroring NIST Windows Server 2008 360 Amazon Web Services Emails Tablets Thought Leadership Debate Windows Media Player Virtual Desktop Electronic Health Records Software Tips Remote Work Hiring/Firing Line of Business Electronic Medical Records Password Manager Reputation Business Owner Webcam Telephony Unified Communications Windows 10s Cost Management Wire Macro Google Docs Charger Staff Cast Cryptocurrency Internet exploMicrosoft Online Shopping Upgrades Analyitcs Content Filter Customer Service HIPAA Authentication MSP NarrowBand Co-managed IT Botnet Hiring/Firing Business Mangement PC Care Customers Data Warehousing Specifications Consultant Insurance Uninterrupted Power Supply Start Menu Theft Smart Office 3D Voice over Internet Protocol Computer Care Digital Signature Safe Mode Scheduling Advertising Regulations Hosted Solution Evernote Storage IT Security Criminal Cameras HVAC Distributed Denial of Service Files HBO Keyboard Nanotechnology Print Server Chromecast eBay Travel Remote Support Alerts Millennials Licensing Practices Managed Service nternet Crowdfunding Mobile Cortana Audit Multi-Factor Security Strategy WIndows 7 Accountants Business Technology Notifications Wireless Charging Netflix Virtual Reality Addiction Root Cause Analysis Printer Server Shortcut Enterprise Content Management Company Culture Colocation Frequently Asked Questions Fraud Law Firm IT Laptop Text Messaging Content Techology Two Factor Authentication Emergency Worker Music Thank You Audiobook Assessment Rootkit Congratulations Politics Television Regulation Transportation Battery Troubleshooting Webinar Video Games Automobile Public Computer Benefits IT solutions CrashOverride Remote Worker Scalability Employer Employee Relationship Smart Technology Loyalty Books Experience Wiring How to

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *