As you may expect, the average Internet scammer isn’t above resorting to dirty tricks to claim their ill-gotten prize from their victims. A recent scam demonstrates just how dirty these tricks can truly be, and unfortunately, how ill-prepared many are to handle them.
To preface this scam, we need to first appreciate the scope of another Internet vice: pornography. Explicit adult material makes up a full 30 percent of the content on the Internet, and pornographic websites see more traffic than the combined totals for Amazon, Twitter, and Netflix. In short, there’s a lot of porn out there, which may be why this particular scam has been somewhat successful.
How this Scam Plays Out
The majority of scams are run in order to steal money from a victim, and this one is no exception. Also like many others, this scam features some extortion--give us what we want, or we’ll share your dirty little secret with the world.
This time, the secret is particularly dirty, according to the email that kicks off the scam (which starts, by the way, by identifying one of the target’s passwords in the subject line):
“You don’t know me and you’re thinking why you received this email, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”
At this point, the email provides the user with the means to deposit a ransom of $1400 worth of Bitcoin. The email even advises them to copy and paste the required alphanumeric code so there are no mistakes made. The email then ends with a blood-chilling ultimatum:
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”
Clearly, this is not the kind of news that anyone wants to hear. A few versions of this threat have been circulating, but all share the same essential message: cough up the dough, or your private activities will be made very public.
No Need to Panic… Yet
First, you need to know that this threat is an empty one, as gut-wrenching as it is. The biggest clue? The fact that the passwords this threat shared come from a decade-or-so-old hack of some database. Ideally, you would be able to see the password and think, “Wow, it’s been a while since I used that!” However, there are still lessons to be learned from these scam attempts, especially considering how successful this one has been so far.
By collecting ransoms of $1400, this scam racked up a total of well over a quarter of a million dollars in just over a month. This tells us a few things, the two most important being that people are not changing their passwords nearly often enough, and that threats like these are only going to continue, and may soon be more than just empty threats. Consider how many of your devices have a front-facing camera - there’s a better chance than not that some cybercriminal has some footage of you from some point in time. Whether or not you’re doing anything potentially embarrassing in it… that’s another story.
Protecting Yourself from these Attacks
When avoiding attacks like these, the name of the game is proactivity. This goes double whenever your passwords are a part of the equation, too. Proper password management is not something to procrastinate on. Yes, it can be a pain to remember so many different passwords, and to keep changing them just when you’ve remembered them, but there are password managers and other solutions to make it easier for you without short-changing your security.
Speaking of your security, you may want to take a few seconds to make sure that your webcam is covered up if you don’t need to use it. Whether or not you’re going to do anything private, you’ll be safe from peering eyes.
For more help protecting yourself from cyberthreats and otherwise optimizing your business’ use of the IT at its disposal, reach out to Directive at 607.433.2200.