Every internet user should be aware about phishing scams.
What is phishing? Wikipedia defines phishing as the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Hackers are increasing using psychological techniques like fear, intimidation to extort money from vulnerable targets. Most recently, hackers have been blackmailing victims by claiming to already have their password and to have used it to download a spyware on their PC which allowed them to record footage of the victim watching porn by remotely activating their webcam. The email sent to the victim, clearly threatens to publish the video unless the victim pays the Bitcoin ransom. Most alarming is that the scam email references to real but old passwords tied to the victim’s email address, using the dark web which host password lookup services that offers millions of usernames and password stolen during large data breaches.
One example, shared on Twitter by programmer Can Duruk :
I’m aware that XXXXXXX is your password.
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google) .
BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immediately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email
You can watch the powerful “Black Mirror” episode “Shut up & Dance” on Netflix that highlights the potential of technology in revealing online secrets.
Here is the trailer:
The FBI recommends taking the following actions to avoid becoming a victim:
- Never send compromising images of yourself to ANYONE.
- Do not open attachments from people you don’t know and be cautious when opening attachments from the people you know.
- Cover you web cameras at all time when you are not using them.
To learn more about “sextortion”, watch this official FBI video: