window._mfq = window._mfq || []; (function() { var mf = document.createElement("script"); mf.type = "text/javascript"; mf.async = true; mf.src = "//cdn.mouseflow.com/projects/0148bb62-7ff8-46ae-a466-bf3fd13c7d09.js"; document.getElementsByTagName("head")[0].appendChild(mf); })();
407-478-6600    Get SUPPORT

TaylorWorks Blog

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

Don’t Be Fooled When Scammers Threaten to Spill a Dirty Little Secret

What would you do if a stranger claimed to have compromising webcam footage of you and threatened to share it with your contacts? A new, very convincing email scam is making some users very nervous.

The Sextortion Scam
It’s as screwed up as it sounds. A scammer emails you saying that they got access to your passwords, and then started to run amok to see how much trouble they could get you into. They even show you one of your passwords to prove it (the password will likely come from lists found on the dark web from online businesses and services that have been hacked and stolen over the years). Then the scammer admits they’ve been watching what you do on your computer and recording your webcam, and they happened to catch you at a very inopportune time... Well, let’s let the email explain it for us. 

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The reader is then given the address to a Bitcoin wallet, where they are to send the ransom.

The email continues:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This email comes in a few different versions in the wild, but all of them follow the same pattern and end with the same threat… fork over the cash, or everyone will see you in your most private moments.

Is This a Serious Threat?
This is a very real concern for many people, who will be relieved to hear that, no, there is no indication that these threats are for real. The first clue is the fact that the passwords that the email provides are usually a decade old, indicating that they came from some (relatively) ancient database from some long-forgotten hack.

However, in some ways, this is even worse news, because this threat has made a tidy sum of money: as of the 31st of July, the scam had brought in $250,000, as compared to just over $50,000 by the 19th. Clearly, this scam has been plenty effective for the perpetrators, and this won’t deter others from following its example.

Keeping Yourself Safe from an Actual Attack
Granted, this attack is just an unfair wager, but scams like this are more than possible for a criminal who actually means what they say/threaten. As a result, the security lessons we can take away from this particular attack still apply.

The first thing to remember is also the first rule of passwords - change them frequently. Again, this scam has made quite a bit of money based on a total bluff... a bluff that, paid in increments of $1,400, was worth $250,000 and counting. From this, we can infer that quite a few people who received this message had online activities that they wanted to hide, and more critically, that their passwords had remained the same for all those years.

This is an excellent example of why it is so crucial to regularly update your passwords, without repeating them - if an old database is hacked, as happened here, you won’t have to worry if your password is revealed - it won’t be any good anymore.

The second thing to remember? If you aren’t actively using your webcam, keep its lense covered up.

For more best practices to follow, including those that will improve your business’ security, make sure you keep checking back to this blog - and if you want to take more action, reach out to us at 407-478-6600.

A.I. Is Starting to Move Businesses Forward
Tip of the Week: Cloud Software for File Sharing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, August 21 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Newsletter Sign Up

  • Company Name *
  • First Name *
  • Last Name *

      Tag Cloud

      Tip of the Week Security Technology Cloud Best Practices Privacy Managed IT Services Network Security Business Computing Data Backup Email Hackers VoIP Malware Hosted Solutions Outsourced IT Data Recovery Backup Tech Term Mobile Devices Microsoft Google Cloud Computing Data Software Innovation Saving Money Internet of Things Business Continuity IT Support Hardware Internet Efficiency Android BDR Small Business Cybersecurity User Tips Smartphones Disaster Recovery Cybercrime Communications IT Services Ransomware Managed IT Services Network Business Router Applications Artificial Intelligence Law Enforcement How To Managed IT Communication Gadgets Data Protection Smartphone Business Management Money Phishing Mobile Device Management BYOD Collaboration Chrome Windows Business Intelligence Two-factor Authentication Computers Avoiding Downtime Productivity Data Security IT Support Virtualization Browser Bandwidth Proactive IT Office 365 Telephone Systems Connectivity Windows 10 Social Media Mobility Vulnerability Spam Alert Identity Theft Document Management Word Compliance Computer Social Engineering Blockchain Passwords Save Money Analysis Apps Remote Monitoring App Productivity IT Management Facebook Redundancy Information Technology Password Big Data IT Plan Website Private Cloud Server Windows 7 Business Owner Miscellaneous Comparison Networking Education Bring Your Own Device Upgrade Holiday CES Unsupported Software File Sharing Workers Data Storage Encryption Machine Learning Mobile Device Content Management OneNote Training Work/Life Balance Update Servers Credit Cards Wi-Fi Paperless Office Data Breach Firewall Access Control Smart Tech Information Spam Blocking Employer-Employee Relationship Data loss Automation Budget Microsoft Office Value Operating System Solid State Drive VPN Flexibility Infrastructure Hard Drives Staff Healthcare HBO Battery Fiber-Optic Nanotechnology Professional Services Legal Entertainment Criminal Wire Voice over Internet Protocol FENG Users USB Practices Safe Mode Proactive Sync Amazon Web Services Windows 10s Remote Computing Accountants HVAC Virtual Assistant Remote Work Leadership Computing Infrastructure Password Manager Storage Cast Software as a Service Digital Signature Electronic Health Records Outlook Cables Tools Unified Threat Management Netflix Sports Multi-Factor Security Recovery Hosted Computing Remote Monitoring and Maintenance Telephony Online Shopping Data Management Public Cloud Government SaaS Keyboard Cortana Enterprise Content Management Telephone System Regulations Wireless Business Mangement Frequently Asked Questions Specifications Current Events Unified Communications Devices Root Cause Analysis Cleaning Settings Windows 10 Smart Office Software Tips Trending Inventory Line of Business Skype Evernote Managed Service Provider Audit IoT Password Management webinar Save Time End of Support Gmail Addiction Risk Management Strategy YouTube Excel Millennials Knowledge Patch Management Theft Thought Leadership Meetings Botnet Computer Care PDF Physical Security Lifestyle Health Office Tips MSP Start Menu Wireless Charging Emails Augmented Reality Data Warehousing Workplace Tips Technology Tips NIST Flash Fraud Conferencing Wireless Technology Recycling Cache Samsung Tip of the week Workforce Network Congestion Virtual Reality Scam HaaS Google Apps Streaming Media Travel Google Drive Human Resources Students Mobile Computing Downtime Marketing Black Market Hacker Content Filtering Authentication Mobile Charger The Internet of Things Google Docs Computer Fan Instant Messaging Insurance Cryptocurrency Managed Service Amazon Hacking eWaste Wireless Internet HIPAA Business Technology Windows Server 2008 Telecommuting Electronic Medical Records IT Consultant Worker Commute Content Filter Screen Mirroring IP Address Books History Wiring IT solutions Public Computer How to Relocation Worker Automobile Search Loyalty Customer Service Benefits Mobile Office Techology Best Practice Troubleshooting Humor Rootkit Domains Scalability Employer Employee Relationship Smart Technology Internet Exlporer Twitter Emergency User Error Shadow IT Hosted Solution Public Speaking Hybrid Cloud Experience Regulation Computer Accessories Presentation Hiring/Firing Two Factor Authentication Lithium-ion battery CrashOverride Vendor Management Content WiFi Assessment Tech Support Music Quick Tips Bluetooth 5G Fun Internet exploMicrosoft IBM Politics Company Culture Safety Files Remote Worker Webinar Audiobook Television Wearable Technology Office Advertising Video Games Customer Relationship Management Managing Stress Competition Transportation Colocation

      Mobile? Grab this Article!

      QR-Code dieser Seite