Terrifying new email scam, where attackers claim they have stolen your password. This is where an attacker sends an email to a person stating that their computer is hacked and that the attackers have been recording the screen and webcam as the user visits adult sites. The scammers then blackmail the recipients by stating they will release the videos if they do not receive a payment in bitcoins.
This new verison of the scam currently going around, would terrify most people if it ever landed in their inbox. The emails are slightly different depending on who’s being attacked, but they all have a few similar features:
- The subject line includes a password that you probably have used at some point.
- The sender says they have used that password to hack your computer, install malware, and record video of you through your webcam.
- They say they will reveal your adult-website habits and send video of you to your contacts unless you send them bitcoin, anywhere from $800 to $1,600 worth.
Basically, the attackers don’t actually have video of you or access to your contacts, and they haven’t been able to install malicious code on your computer. In reality, they’re taking a password from a database that’s available online, sending it to you, and hoping you’re scared enough to believe their story and send them bitcoin.
Some scammers have even made over $50,000 from the blackmail scheme, based on an analysis of bitcoin wallets, Bleeping Computer reported.
Brian Krebs, a leading security journalist, states that this scam is probably automated, meaning you haven’t been specifically targeted:
“It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked website.”
For now, the scammers seem to be using really old passwords – maybe one you haven’t used in years – but as the scam develops, there’s a good chance it may include credentials from a fresh breach, according to Krebs.
Other good ideas to keep yourself safe are to use long and strong passwords, ensure each account has a unique password, and turn on two-factor authentication where possible – especially on your important accounts. It is also recommended that you turn off or cover any web cameras when you’re not using them to prevent sex-based extortion schemes, even if this kind of scam ends up being a hollow threat.
…and no matter what you do, don’t send bitcoin to the scammers!