There have been dozens of data breaches over the past few years, and believe it or not, some of your passwords are out there. Recently, KrebsOnSecurity reported that many sextortion scams use people’s stolen passwords from data found on the dark web. Before it happens to you, read on to find out what these scams entail, how they work, and how you can prevent it.
Email scams have been around for a long time. However, the latest trend among cybercriminals takes it up a notch by including one of your stolen passwords in the body of the text, so you’ll take notice and take it seriously.
The good news is that most people who have received these threatening emails say the passwords included are ten years old and haven’t been in circulation for a long time. It appears that scammers are using old, outdated databases from data breaches that took place historically and do not actually have access to your current information.
Innocent victims receive an email purportedly from a hacker who says they have hacked into your computer and used your camera to videotape you as you watched pornography. The letter goes onto threaten to send the video to everyone in your contacts list.
There are dozens of variations, but according to KrebsOnSecurity, one version reads like this:
“I’m aware that <substitute password formerly used by recipient here> is your password.
You don’t know me, and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)
Important:
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immediately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”
The demand for payment is almost always via Bitcoin however, the address changes. Another more alarming version is when hackers actually demand compromising images. If you send them, the scammer will actually have something of value to release to the public, whereas they were bluffing before.
As this scam evolves, experts theorize that hackers will use more current and perhaps even more detailed personal information to lure the victim into believing it’s real and paying them extortion money. As stated on KrebsOnSecurity’s blog, “Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.”
Although most of these scams are simply that, scams, nothing actually happened, and the perpetrator does not have any video of you, you should still take your internet security seriously.
A few tips from the FBI to stay safe from sextortion are:
Some other things to consider are:
Report any incidents of sextortion to the FBI immediately.