XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

What would you do if a stranger claimed to have compromising webcam footage of you and threatened to share it with your contacts? A new, very convincing email scam is making some users very nervous.

The Sextortion Scam
It’s as screwed up as it sounds. A scammer emails you saying that they got access to your passwords, and then started to run amok to see how much trouble they could get you into. They even show you one of your passwords to prove it (the password will likely come from lists found on the dark web from online businesses and services that have been hacked and stolen over the years). Then the scammer admits they’ve been watching what you do on your computer and recording your webcam, and they happened to catch you at a very inopportune time... Well, let’s let the email explain it for us. 

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The reader is then given the address to a Bitcoin wallet, where they are to send the ransom.

The email continues:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This email comes in a few different versions in the wild, but all of them follow the same pattern and end with the same threat… fork over the cash, or everyone will see you in your most private moments.

Is This a Serious Threat?
This is a very real concern for many people, who will be relieved to hear that, no, there is no indication that these threats are for real. The first clue is the fact that the passwords that the email provides are usually a decade old, indicating that they came from some (relatively) ancient database from some long-forgotten hack.

However, in some ways, this is even worse news, because this threat has made a tidy sum of money: as of the 31st of July, the scam had brought in $250,000, as compared to just over $50,000 by the 19th. Clearly, this scam has been plenty effective for the perpetrators, and this won’t deter others from following its example.

Keeping Yourself Safe from an Actual Attack
Granted, this attack is just an unfair wager, but scams like this are more than possible for a criminal who actually means what they say/threaten. As a result, the security lessons we can take away from this particular attack still apply.

The first thing to remember is also the first rule of passwords - change them frequently. Again, this scam has made quite a bit of money based on a total bluff... a bluff that, paid in increments of $1,400, was worth $250,000 and counting. From this, we can infer that quite a few people who received this message had online activities that they wanted to hide, and more critically, that their passwords had remained the same for all those years.

This is an excellent example of why it is so crucial to regularly update your passwords, without repeating them - if an old database is hacked, as happened here, you won’t have to worry if your password is revealed - it won’t be any good anymore.

The second thing to remember? If you aren’t actively using your webcam, keep its lense covered up.

For more best practices to follow, including those that will improve your business’ security, make sure you keep checking back to this blog - and if you want to take more action, reach out to us at 734-927-6666 / 800-438-9337.

A.I. Is Starting to Move Businesses Forward
Tip of the Week: Cloud Software for File Sharing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, February 22 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Best Practices Saving Money Backup Workplace Tips Software Business Computing Managed Service Provider Hosted Solutions Hackers Data Small Business Google Mobile Devices Hardware VoIP Productivity Mobile Office Gadgets Malware Network Security Email Quick Tips Efficiency Network IT Support Innovation Business Management IT Services Social Media Business Business Continuity Smartphones Miscellaneous Server Upgrade User Tips Virtualization Communication Windows Disaster Recovery Communications Data Backup Computer Managed IT Services Microsoft Office Users Data Recovery Smartphone Passwords Mobile Device Management Browser Android Holiday Marketing Save Money Internet of Things WiFi Ransomware Tech Term Outsourced IT Alert BDR Cybercrime Artificial Intelligence Vendor Management Cloud Computing Mobile Computing Chrome Remote Monitoring Productivity Router Windows 10 Operating System Automation Cybersecurity Bring Your Own Device Apple BYOD Information Technology Computers Avoiding Downtime Collaboration Managed IT Services IT Solutions Telephone Systems Firewall The Internet of Things Health Current Events Going Green Spam History Best Practice Big Data Remote Computing VPN Hacking Printer Trending Phone System Facebook Wireless Technology Social Engineering IT Consultant Employer-Employee Relationship Proactive IT Application App Bandwidth Lithium-ion Battery Mobile Device Office Money Windows 10 Budget Mobility IT Support Excel iPhone Training Private Cloud Mouse How To Content Filtering Networking Business Managament Office 365 Encryption Applications Fax Server Two-factor Authentication Phishing Maintenance Windows 8 Unified Threat Management Business Intelligence Recovery Analytics Customer Relationship Management Save Time User Error Hard Drives File Sharing Data Security Website Redundancy Humor Outlook Law Enforcement Tutorials Gmail Access Control Value Virus Sports Apps Settings Information Google Drive PowerPoint Data Protection Antivirus Blockchain Managed IT Word Wi-Fi Downtime Memory Identity Theft Social Office Tips Inbound Marketing Data Management Conferencing Voice over Internet Protocol Compliance Flexibility IT Management Servers Tablet Entertainment Administration Search Twitter Document Management Retail Social Networking Machine Learning Digital Payment Computer Repair Streaming Media Risk Management Human Resources Software as a Service Analysis Hacker Tech Support Managed Service Network Congestion Vulnerability Saving Time Administrator Connectivity Scam Wearable Technology Telephony PDF Comparison Computer Accessories Keyboard Windows 7 HaaS End of Support Net Neutrality Robot Google Docs Safety Virtual Assistant Work/Life Balance Data Breach USB Botnet YouTube Government Workers Display Healthcare Best Available Meetings Telephone System Bluetooth People Credit Cards DDoS Solid State Drive Data loss Samsung Touchscreen Black Market Smart Tech Webinar Spam Blocking Online Currency Instant Messaging CES Fraud Recycling Environment Cleaning Password Point of Sale IT Plan Wireless Physical Security Public Cloud Video Surveillance Help Desk Education SaaS Biometrics Content Management Statistics Infrastructure IT service Unsupported Software Programming IBM Paperless Office OneNote Skype Data storage Piracy Leadership Update Business Technology Augmented Reality Intranet Internet Exlporer Data Storage Running Cable eWaste Science Unified Communications Scheduling Students Bing Macro LinkedIn Monitor 3D Hosted Computing Proactive Online Shopping Cache Project Management Co-managed IT Audit Staff eBay Alerts Devices GDPR Netflix Windows 8.1 Update Entrepreneur Business Mangement Password Management File Versioning Tablets Start Menu Theft Shortcuts Root Cause Analysis Smartwatch Data Warehousing Specifications Reputation Inventory Remote Monitoring and Maintenance Regulations Evernote Internet exploMicrosoft Wireless Internet Warranty Computer Fan Windows Media Player Virtual Desktop Digital Signature Text Messaging IoT Supercomputer Hiring/Firing Debate Work Station Thought Leadership E-Commerce Cost Management Travel Criminal NarrowBand Gaming Console NIST Multiple Versions HBO Upgrades Analyitcs Mobile Cortana Uninterrupted Power Supply Electronic Health Records eCommerce Employee Millennials Customers Line of Business Wireless Charging Advertising Wire Microchip FENG Customer Service Multi-Factor Security Strategy Knowledge Files Content Filter Camera Patch Management Chromecast Cryptocurrency Consultant Restore Data Frequently Asked Questions Distributed Denial of Service MSP 360 Emails Professional Services Google Apps Vendor Screen Mirroring Digital Signage Workforce Authentication Flash Fiber-Optic Notifications Smart Office Electronic Medical Records Cameras Lifestyle Insurance IT Security Colocation Storage Windows 10s Laptop Safe Mode Business Owner Print Server Licensing Backup and Disaster Recovery Tip of the week Amazon Nanotechnology Remote Worker Remote Support Virtual Reality Tools Shadow IT Webcam HVAC Security Cameras Charger Cast nternet Crowdfunding WIndows 7 Google Search Telecommuting SharePoint Sync Cables Hybrid Cloud Search Engine Hiring/Firing Printer Server Shortcut Practices HIPAA Amazon Web Services IaaS Computing Infrastructure Addiction Virtual Private Network Company Culture Worker Commute Touchpad Accountants Law Firm IT User Windows Server 2008 Wiring Hosted Solution Bloatware Password Manager Legal Enterprise Content Management Employee/Employer Relationship Computer Care Managing Stress Domains ISP Software Tips Remote Work Relocation PC Care Employer Employee Relationship CrashOverride Smart Technology Books Loyalty Experience Two Factor Authentication Battery Content Emergency Video Games Music Worker Regulation Audiobook Scalability Assessment Rootkit Utility Computing Politics Printers Transportation How to Thank You Television Troubleshooting Webinar Techology Benefits Congratulations Automobile Public Computer Cryptomining IT solutions

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *