301-571-5040    Get SUPPORT

Washington Works Blog

Want to Keep Your “Personal” Browsing a Secret? Scam Says: Pay Up!

Want to Keep Your “Personal” Browsing a Secret? Scam Says: Pay Up!

A new email scam is making its rounds and it has a lot of people concerned with just how much a hacker can peer into one’s private life. How would you react if a stranger emailed you saying they had inappropriate webcam footage of you?

This Scam is a Dirty Trick
This is going to be a taboo subject for many, but it’s a real scam that is quickly getting passed around to users and to some, the risk is so high they might be willing to fall for it. Essentially, an email comes in stating that a hacker got access to your passwords (likely pulled from a list on the dark web from any one of the dozens of web services and businesses that have been hacked over the years). They show off the password to you as proof, right in the email, and mention they have incriminating webcam footage of you, and they’ll share it to your contacts if you don’t pay up.

How It Works
The target of this scam will open their email to find a message that opens by identifying an actual password of the targeted user. The rest of the email reads as one would expect an email of this nature to:

“You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).”

The email then provides an address for the recipient to send their Bitcoin to, with the recommendation to copy-paste the case-sensitive alphanumeric sequence. The email ends with a warning:

“Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately [sic]. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”

This is not the only version of the email that is out there, but they all follow the same thread and end with the same threat - pay up, or everyone will see what you do behind closed doors.

Is This For Real?
For many people, this is a fair question - and fortunately for many, no, the threats are not legitimate. First of all, the passwords that these attacks are citing are often 10 years old, which means that the criminals likely got their information from an outdated database from some hack from a decade ago.

However, that doesn’t mean that this threat hasn’t been comfortably effective. As of July 19th, a mere 42 Bitcoin addresses had net over $50,000 from 30 victims. While these returns certainly aren’t breaking any records, they are enough to encourage more cybercriminals to leverage similar attacks.

How to Protect Yourself from the Real Deal
Even if this particular threat is little more than an underhanded bluff, that doesn’t mean a legitimate password scam isn’t still well within the realm of possibility. Therefore, the security lessons that can be learned from this particular trend are still extremely applicable.

First and foremost, passwords are like the underwear this probably automated scam claims to have seen its users potentially without - they need to be changed regularly. The fact that 30 people were willing to pay a combined $50,000 tells us two things: they had something they wanted to hide, and they hadn’t changed their passwords in years. Changing your passwords on a regular basis, without repeating them, means that you are safe if one of your past passwords is hacked. After all, the old key to a door won’t work anymore of you’ve changed the lock.

Secondly, and more personally, make sure your webcam is covered up while you aren’t actively using it.

For more best practices, including ones to help preserve your security, keep reading our blog. Reach out to us at 301-571-5040 to ask about the solutions we can provide to keep messages like these out of your business in the first place.

Security Threats and Defensive Measures You Can Ta...
How Technology Could Change the Classroom
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, November 18 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Cloud Privacy Business Computing Malware Hackers Business Email Network Security Software Tech Term Productivity Internet Hosted Solutions Computer Data Backup Managed IT Services Backup Mobile Devices Data IT Support User Tips Ransomware Microsoft Google Productivity Data Recovery Smartphone Outsourced IT Efficiency Managed Service Provider IT Services Encryption Cloud Computing Business Continuity Innovation Workplace Tips Android Small Business Browser Data Management Office 365 Business Management Social Media Hardware Windows 10 Paperless Office Communication Remote Monitoring Server Save Money Disaster Recovery Bandwidth Collaboration Government Unified Threat Management Phishing BYOD Infrastructure Tip of the week Work/Life Balance Facebook Vulnerability Managed IT Services BDR Cybersecurity Smartphones App Artificial Intelligence Windows 10 Employer-Employee Relationship Password File Sharing Apps Document Management Healthcare Antivirus Money Customer Relationship Management Chromebook Virtual Reality Big Data Windows Applications IT Management Network Mobile Device Risk Management How To Saving Money Internet of Things Maintenance Word SaaS Holiday Compliance VoIP Two-factor Authentication Chrome Wi-Fi Politics Hosted Solution Passwords Office Managed Service Information Tech Support Training Recovery Websites Patch Management Hacker Remote Computing Meetings HIPAA Vendor Management Scam Communications Botnet Mobile Security Data loss Automation Website Automobile How To Machine Learning Smart Technology Identity Theft VPN Alert Point of Sale Quick Tips Data Security Health Server Management Telephone Systems Business Technology Router Virtual Private Network G Suite Samsung Remote Monitoring and Management Blockchain Physical Security Twitter Remote Workers Firewall Computing Gmail Computer Care Taxes Regulations IoT Robot Storage Hard Disk Drive Bluetooth Printer Wearable Technology Geography Instant Messaging Firefox Superfish Error Break Fix Cookies Digital Payment Alerts Managing Stress Help Desk Spyware Address IT Consultant Social Notifications Black Friday Social Networking Fleet Tracking IBM Sports Fraud Star Wars Electronic Health Records Monitors Cameras IT Solutions Legislation Chatbots Avoiding Downtime The Internet of Things Professional Services Monitoring Gadgets Budget Virtualization Access Control High-Speed Internet Finance Microsoft Office Staffing Computer Repair Dark Web Nanotechnology Heating/Cooling Cybercrime Licensing Enterprise Content Management Bookmarks Cyber Monday Motherboard Asset Tracking Disaster Administrator Search Cost Management Management Cyberattacks Law Enforcement CCTV Upgrades Processors Mouse Identity MSP Human Error Time Management Microsoft Excel Screen Reader USB Consulting Users Webcam SharePoint Development Authentication Networking Uninterrupted Power Supply Servers Customer Service Cooperation Unified Communications Favorites Education OneNote Hotspot Assessment Enterprise Resource Planning Files YouTube Gadget Tablet Proactive Permission Network Management Upgrade Smart Tech Dongle Managed Services Provider Managed IT Cortana Black Market Downloads IT Technicians Cables Authorization WiFi Spam Travel Emoji Unified Threat Management Staff Bring Your Own Device Project Management Analytics Wireless Relocation Cleaning Crowdsourcing Distributed Denial of Service Employee-Employer Relationship Supercomputer Language Internet Exlporer Mobile Read Only Settings Mobile Device Management Comparison Test IT Support Touchscreen GPS Electronic Medical Records Connectivity Service Level Agreement E-Commerce Corporate Profile Outlook Multi-Factor Security Mirgation Wires Employees Google Drive Solid State Drive Statistics Motion Sickness User Error Vulnerabilities Conferencing Lenovo Private Cloud Personal Information Managed IT Service Modem Downtime IT Budget Update Computing Infrastructure Value Company Culture Digital Mail Merge Specifications WPA3 Cabling Office Tips Tracking Legal Permissions Utility Computing Features WannaCry Shortcut Web Server Google Calendar Zero-Day Threat VoIP Techology Augmented Reality Wireless Technology 5G Safety Marketing Regulation Backup and Disaster Recovery Hard Drives CrashOverride Competition IP Address Emergency Miscellaneous Mobile Office Domains Public Speaking Hiring/Firing Presentation Printers Lithium-ion battery RMM Fun