Sextortion, the Latest Email Scam

Standard

sextortion-caution-signHave you received an email with your password in the subject line?  If you have, you may be the latest victim of “sextortion,” the latest email scam making its way around the internet.

Here’s an example of what the email you may receive might look like:

Subject: yourusername – yourpassword
I am well aware yourpassword is your pass. Lets get straight to point. You may not know me and you are probably thinking why you’re getting this email? Not one person has paid me to investigate you.
actually, I installed a malware on the X videos (pornography) web site and guess what, you visited this web site to experience fun (you know what I mean). While you were watching videos, your internet browser initiated operating as a Remote control Desktop that has a keylogger which provided me accessibility to your display screen as well as cam. Just after that, my software obtained your entire contacts from your Messenger, Facebook, as well as e-mail . After that I created a double-screen video. 1st part shows the video you were viewing (you have a nice taste : )), and 2nd part displays the view of your cam, & it is you.
You got only 2 choices. Let us explore these types of choices in aspects:
1st solution is to just ignore this email. In this situation, I will send your actual recorded material to every one of your contacts and just consider about the awkwardness you can get. And consequently if you are in a committed relationship, how it will affect?
In the second place alternative should be to compensate me $7000. We are going to call it a donation. Then, I most certainly will asap remove your video recording. You can keep on your life like this never happened and you will not ever hear back again from me.
You’ll make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1MVikLH1GbsvYa8bXVGScgZLXP1tVNH9o4
[case-sensitive so copy & paste it]
Should you are planning on going to the police, anyway, this email message cannot be traced back to me. I have taken care of my steps. I am not attempting to demand a whole lot, I simply want to be paid. You have one day to make the payment. I have a unique pixel within this e-mail, and at this moment I know that you have read through this e-mail. If I do not get the BitCoins, I will, no doubt send your video recording to all of your contacts including family members, co-workers, etc. Nevertheless, if I receive the payment, I will destroy the recording right away. If you want proof, reply Yea! then I will send your video recording to your 7 friends. This is a nonnegotiable offer and thus do not waste mine time and yours by responding to this e-mail.

Despite the dire warning, this is a harmless scam.  The sender is trying to intimidate you into sending them a Bitcoin payment, plain and simple.  Numerous, credible security researchers have determined that the hackers of getting your username and password from databases on the Dark Web that sell stolen credentials.  In some cases, these passwords may be years old.

You can check to see if your information has been exposed on the Dark Web by checking the Have You Been Pwned? web site.  The link is to a post I wrote about that some time ago.

If you get a message like this, delete it and ignore it.  This is just the latest email scam going around, but due to its selatious nature, it’s garnering a lot of concern.

The following is an email alert the Onepath, my employer, put out earlier today on this matter.  There are some prudent recommendations in this message, to help maintain your online safety.  Stay Safe Online!

Onepath Alert

We have become aware of a new scam making the rounds that we want to alert you to.  You or your colleagues may receive an email that includes a password that you may currently use or have used in the past. This email may make reference to you having visited an adult web site or that the hacker sending the email may have installed malicious software on your computer. In some instances, the email may also state that the hacker has activated your webcam and captured video of you. The email will ask you to pay a ransom, in Bitcoin, to avoid any embarrassing information about you being leaked to your contact list. Rest assured that this is a scam. At this point in time, Onepath is not aware of this being a valid threat.

Research suggests that this is just the latest type of automated email scam that seeks to scare the recipient in to making a payment. Onepath urges you to never make payments to hackers as a result of an email like this. Multiple security researchers feel that the password emailed to you was obtained from a database of hacked passwords that were obtained from one of the large hacks that have taken place over the last several years. In other words, this is not a current threat. That said, we still recommend you do the following, to help ensure that your accounts are as safe as possible:

  1. Do not use the same password across multiple online accounts.
  2. Instead of a password, consider using a passphrase, a collection of words and make them complex, replacing letters with numbers and symbols and mixing upper and lower case.
  3. Where you can, enable two factor authentication to further protect your account.
  4. Consider use of a password manager to make managing your online accounts a bit easier and more secure.

Onepath recommends that our clients have an information security game plan that focuses on the following:

  1. Take steps to protect your company, customers and suppliers data.
  2. Regularly discuss data protection and system access with your employees.
  3. Implement incremental steps to mitigate data breach and system access risk in your environment.

Your Onepath Client Engagement Manager can help evaluate your present security posture and recommend testing and training solutions to help your employees maintain a proactive defense against many threats. Onepath’s Information Security Division also provides a full suite of services that can assist you with the development of a more complete security game plan. If you have any further questions please contact your Client Engagement Manager.

logo-onepath
978.683.9100
www.1path.com

One thought on “Sextortion, the Latest Email Scam

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.