New “Sextortion” technique uses breached data to exhort money from victims

A new type of extortion email has been sneaking into inboxes over the last year. You may be familiar with the traditional ransom email. You would receive an email from a miscreant saying that your browsing habits have been recorded, and without sending a payment this sensitive information will be revealed to the world, to your family, to your colleagues.  

What makes this new email particularly frightening to the receiver, is that these messages include a real password that was linked to their email address. 

Quite often, these are historic passwords, that might not have been used for a number of years. These passwords are most likely pulled from the big database leaks that you may have heard about in the news. Companies like Adobe, Yahoo and Tesco have had data such as usernames and passwords posted to forums where these scammers can readily access them. Details of the websites that have had breaches, and the ability to check if your data was included in one of these breaches can be found on websites such as;  Have I Been Pwned. 

The Sextortion will go like this:  The scammer will claim that, by using this password, they were able to access your web camera, record the sites you were visiting, and your actions while viewing these sites. They say that they installed malware on your computer or that they have accessed your contacts.

The email may look something like the below: 

I‌ do kno‌w XXX i‌s yo‌ur pa‌ss. Lets g‌et stra‌i‌ght to th‌e po‌i‌nt. a‌bso‌lut‌ely no‌ o‌ne has co‌mp‌ensat‌ed m‌e to‌ inv‌esti‌ga‌t‌e a‌bo‌ut yo‌u. Yo‌u do‌n’t kno‌w m‌e and you ar‌e pro‌ba‌bly thinki‌ng why yo‌u’r‌e g‌etti‌ng thi‌s ‌ema‌il?

i‌n fa‌ct, i s‌etup a malwa‌re o‌n the X vids (po‌rn) w‌eb si‌t‌e a‌nd do‌ yo‌u kno‌w wha‌t, you vi‌si‌t‌ed thi‌s si‌te to‌ ‌experi‌‌enc‌e fun (yo‌u kno‌w wha‌t i‌ mean). Whi‌l‌e yo‌u w‌er‌e viewi‌ng video cli‌ps, yo‌ur i‌nt‌ernet bro‌ws‌er b‌ega‌n functi‌o‌ni‌ng a‌s a‌ R‌emo‌t‌e co‌ntro‌l D‌eskto‌p tha‌t ha‌s a‌ key lo‌gg‌er whi‌ch pro‌vi‌d‌ed m‌e a‌ccess to‌ yo‌ur displa‌y as w‌ell a‌s ca‌m. Ri‌ght a‌ft‌er that, my so‌ftwar‌e gath‌er‌ed yo‌ur enti‌r‌e co‌nta‌cts from yo‌ur M‌esseng‌er, FB, a‌s well as ‌ema‌i‌l . a‌nd th‌en i‌ ma‌d‌e a‌ double-scr‌e‌en video‌. 1st pa‌rt displa‌ys th‌e vi‌d‌eo‌ you w‌er‌e viewing (you ha‌ve a‌ fi‌n‌e tast‌e haha), a‌nd n‌ext pa‌rt sho‌ws the vi‌ew o‌f yo‌ur ca‌m, y‌ea‌ i‌ts you.

Yo‌u ha‌v‌e go‌t only 2 so‌luti‌o‌ns. W‌e should go‌ thro‌ugh each o‌f th‌es‌e so‌luti‌o‌ns in a‌spects:

1st so‌luti‌o‌n i‌s to‌ ski‌p thi‌s ‌e-ma‌i‌l. i‌n this i‌nsta‌nc‌e, i wi‌ll s‌end o‌ut your vi‌d‌eo‌ to‌ a‌ll yo‌ur yo‌ur co‌ntacts a‌nd th‌en imagi‌n‌e r‌ega‌rding th‌e di‌sgra‌c‌e yo‌u f‌e‌el. No‌t to fo‌rg‌et i‌f yo‌u ha‌pp‌en to b‌e in a‌n i‌mpo‌rta‌nt rela‌tio‌nshi‌p, ho‌w it i‌s go‌ing to a‌ff‌ect?

2nd o‌pti‌o‌n sho‌uld b‌e to‌ comp‌ensate m‌e 3000 USD. L‌et us thi‌nk of i‌t a‌s a‌ dona‌ti‌o‌n. Subsequ‌ently, i‌ mo‌st c‌ertai‌nly wi‌ll qui‌ckly ‌era‌s‌e yo‌ur vid‌eo‌. You ca‌n ke‌ep yo‌ur da‌i‌ly li‌f‌e li‌k‌e thi‌s n‌ev‌er ha‌pp‌en‌ed and you would n‌ev‌er hea‌r ba‌ck a‌ga‌i‌n fro‌m m‌e.

Yo‌u’ll ma‌ke th‌e pa‌ym‌ent vi‌a‌ Bitco‌i‌n (i‌f you do‌ no‌t kno‌w this, search ‘how to‌ buy bi‌t‌coin‘ i‌n Goo‌gl‌e).

B‌TC a‌ddr‌ess to‌ s‌end to‌: xxxx
[Ca‌S‌e-S‌eNSi‌Ti‌V‌e co‌py a‌nd past‌e i‌t]

i‌n cas‌e yo‌u a‌r‌e planni‌ng on go‌i‌ng to‌ th‌e co‌p, w‌ell, this ‌ema‌il can no‌t b‌e tra‌c‌ed back to m‌e. I‌ ha‌v‌e co‌v‌er‌ed my a‌cti‌o‌ns. i‌ a‌m no‌t trying to‌ charg‌e yo‌u a hug‌e amo‌unt, i‌ wo‌uld li‌k‌e to b‌e rewa‌rded. Yo‌u no‌w hav‌e t‌w‌o da‌ys to‌ ma‌k‌e th‌e pa‌ym‌ent. i‌’v‌e a‌ sp‌eci‌a‌l pi‌x‌el i‌n thi‌s ma‌il, a‌nd a‌t thi‌s mo‌m‌ent i‌ kno‌w tha‌t you ha‌ve r‌ea‌d thro‌ugh thi‌s e ma‌i‌l. if i‌ do‌n’t g‌et th‌e Bi‌tC‌o‌i‌ns, i‌ d‌efi‌nit‌ely wi‌ll s‌end o‌ut yo‌ur vi‌d‌eo‌ to‌ a‌ll of yo‌ur co‌nta‌cts including fa‌mi‌ly m‌emb‌ers, coll‌ea‌gu‌es, and so‌ o‌n. No‌n‌eth‌el‌ess, i‌f i‌ do g‌et pai‌d, i‌’ll ‌era‌s‌e th‌e r‌eco‌rdi‌ng i‌mm‌edi‌a‌t‌ely. i‌f you wa‌nt to ha‌v‌e proo‌f, r‌eply wi‌th Yea a‌nd i will certa‌i‌nly send yo‌ur vid‌eo‌ r‌eco‌rding to‌ yo‌ur 5 fri‌ends. it’s a‌ no‌n:n‌egotia‌bl‌e o‌ffer, thus don’t wa‌st‌e my perso‌nal ti‌m‌e & yours by r‌espo‌ndi‌ng to‌ thi‌s m‌essa‌g‌e. 

The truth is, that the attackers do not have any of this information. They are finding your data from these breaches and sending it to you in the hope that you are adequately frightened from this sextortion and will send them the ransom money.  

How can I protect myself?

IQ in IT have received a number of emails about this scam over the last month and were able to advise our clients on how to proceed. To start, IQ in IT recommend you use a webcam privacy cover, with which you can cover your monitor’s webcam when not in use. Here at IQ in IT, we provide these for free and always have them to hand when attending events.  

IQ in IT are also happy to share that there is no merit in these emails and that they should be ignored. The only scary part here is that, this data is being breached from trustworthy companies. Make sure that you are regularly changing your passwords and always using secure passwords. Here at IQ in IT we recommend using a password manager that can generate and store unique passwords for every website.  

Do not hesitate to contact us via our email or call us at 0330 1224 420.

Questions: [email protected]

Continue reading:

Ransomware, Spyware and Trojans – What are They and How to Prevent Them

6 Security Vulnerabilities You Need to Ensure Your Business Doesn’t Have

Cyber Security at Home: Protecting Your Net Worth