New “Sextortion” technique uses breached data to exhort money from victims
A new type of extortion email has been sneaking into inboxes over the last year. You may be familiar with the traditional ransom email. You would receive an email from a miscreant saying that your browsing habits have been recorded, and without sending a payment this sensitive information will be revealed to the world, to your family, to your colleagues.
What makes this new email particularly frightening to the receiver, is that these messages include a real password that was linked to their email address.
Quite often, these are historic passwords, that might not have been used for a number of years. These passwords are most likely pulled from the big database leaks that you may have heard about in the news. Companies like Adobe, Yahoo and Tesco have had data such as usernames and passwords posted to forums where these scammers can readily access them. Details of the websites that have had breaches, and the ability to check if your data was included in one of these breaches can be found on websites such as; Have I Been Pwned.
The scammer will claim that, by using this password, they were able to access your web camera, record the sites you were visiting, and your actions while viewing these sites. They say that they installed malware on your computer or that they have accessed your contacts.
The email may look something like the below:
I do know XXX is your pass. Lets get straight to the point. absolutely no one has compensated me to investigate about you. You don’t know me and you are probably thinking why you’re getting this email?
in fact, i setup a malware on the X vids (porn) web site and do you know what, you visited this site to experience fun (you know what i mean). While you were viewing video clips, your internet browser began functioning as a Remote control Desktop that has a key logger which provided me access to your display as well as cam. Right after that, my software gathered your entire contacts from your Messenger, FB, as well as email . and then i made a double-screen video. 1st part displays the video you were viewing (you have a fine taste haha), and next part shows the view of your cam, yea its you.
You have got only 2 solutions. We should go through each of these solutions in aspects:
1st solution is to skip this e-mail. in this instance, i will send out your video to all your your contacts and then imagine regarding the disgrace you feel. Not to forget if you happen to be in an important relationship, how it is going to affect?
2nd option should be to compensate me 3000 USD. Let us think of it as a donation. Subsequently, i most certainly will quickly erase your video. You can keep your daily life like this never happened and you would never hear back again from me.
You’ll make the payment via Bitcoin (if you do not know this, search ‘how to buy bitcoin‘ in Google).
BTC address to send to: xxxx
[CaSe-SeNSiTiVe copy and paste it]
in case you are planning on going to the cop, well, this email can not be traced back to me. I have covered my actions. i am not trying to charge you a huge amount, i would like to be rewarded. You now have two days to make the payment. i’ve a special pixel in this mail, and at this moment i know that you have read through this e mail. if i don’t get the BitCoins, i definitely will send out your video to all of your contacts including family members, colleagues, and so on. Nonetheless, if i do get paid, i’ll erase the recording immediately. if you want to have proof, reply with Yea and i will certainly send your video recording to your 5 friends. it’s a non:negotiable offer, thus don’t waste my personal time & yours by responding to this message.
The truth is, that the attackers do not have any of this information. They are finding your data from these breaches and sending it to you in the hope that you are adequately frightened and will send them the ransom money.
How can I protect myself?
IQ in IT have received a number of emails about this scam over the last month and were able to advise our clients on how to proceed. To start, IQ in IT recommend you use a webcam privacy cover, with which you can cover your monitor’s webcam when not in use. Here at IQ in IT, we provide these for free and always have them to hand when attending events.
IQ in IT are also happy to share that there is no merit in these emails and that they should be ignored. The only scary part here is that, this data is being breached from trustworthy companies. Make sure that you are regularly changing your passwords and always using secure passwords. Here at IQ in IT we recommend using a password manager that can generate and store unique passwords for every website.