Sextortion Scams Fueled by Passwords

Some online hackers have scored a large sum of cash after scamming victims with their passwords

We all do it. We open our email and see a message from someone or something familiar, however it seems out of nowhere and the topic line does not make a whole lot of sense. We want to open it, we want to know what it holds. But then we remember the barrage of stories involving hackers and passwords and emails, so you turn away and let curiosity sit in a corner waiting for all eternity. 

Thanks to the innovations of scammers online these days, it is becoming more and more difficult to know when something is legitimate or a scam. This extends beyond emails, for example, phone calls that tend to use fear as a primary driver causing you to give out information you otherwise wouldn’t. In this new headliner covering the web, fear was certainly the abused emotion. 

A new group of scammers has spammed emails to tons of recipients claiming that they have caught the recipients looking at porn via their webcam, and if the demanded amount is not paid, the dirty laundry will be let out to dry. In an attempt to push people towards cooperating, the scammers also try to give evidence that their claims are true, by providing passwords they say they have stolen as proof to the potential victim of their capabilities.  So far, there have been more than 150 people who have fallen for the scam, totaling to $250,000 in Bitcoin transfers. 

So here is the kicker, the claims made by the scammers of stolen passwords and access to webcams have all been lies. The passwords that were provided to potential victims were all passwords that have been leaked to the internet in the past in-part thanks to data breaches. However, this has not caused any slowing of Bitcoin transfers says cyber security experts, who have stated that more than 30 Bitcoin in a matter of weeks have already been gained by the scammers. If you compare this scam to the previous online threats, this new scam has out-shinned in effectiveness when compared to WannaCry, one of the more notorious ransomwares spread rapidly around the world in 2017 disrupting hospitals and other businesses. 

So far, a security researcher from the Netherlands who goes by the name of ‘SecGuru’ has assessed that there are two variations of the spam email going around. The first variant does not involve a password and demands for $200-$700. Whereas the second variant does include a “stolen” password and demands $1900-$8000. One of the more concerning aspects about his scam is that the second email variation uses real Outlook and Hotmail addresses, making them difficult to block. 

SecGuru has listed three reasons as to why this blackmailing has been successful:

  1. People often watch porn on their computer, so convincing someone that they know about their secret habit would convince them easily. 
  2. Gaining access to someone’s webcam is feasible, and has happened before. 
  3. As hackers claim to have passwords that were (or are currently) in use, it’s easy to manipulate the sense of security of the recipients into thinking their computer has been taken over. 

 It is advised that if anyone receives such sextortion messages they should not pay. If your worried if they have an actual in use password of yours, go and change your passwords that might be using the same one they sent on all sites and you will be just fine. Remember to actually make a password that is strong too, not just “password”. 

Also while your at it, you can check to see if your password is one of the millions that has been leaked over the last few years on the site HaveIBeenPwned.com, this will give you a good indication if they received the password from a breach.

As for the webcam, if you are worried you’re being spied on, use some black tape. 

As always, stay safe on the web, and be careful where you go and what you give your information to.

If you have any problems with your computer or networking services, give us a call at Re2tech or visit our web page!

Phone: 952-223-4422

Website: www.re2tech.com