Blog
Today I’m posting about a new kind of threat which we’re seeing coming out with a catchy name- sextortion!
Until now, most scams (think Nigerian scam emails) have relied on tricking the recipient into taking action/giving money. Now we’re beginning to see scams coming out which include some personal information trawled off hacked sites. This is put into an email purporting to have captured webcam footage of the recipient. An example below, from an email I received.
We performed a lookup of the bitcoin address in the email which came to me. It has received over $1108, representing several ransoms paid since the email was sent. Given it’s essentially just a mailout to a list purchased on the dark web (much as we might do to our contacts list), this is easy money for the scam author.
The email address below was an old one of mine and part of the LinkedIn breach in 2012. 117 million credentials from that breach are still fully available for purchase on the dark web. A response to the author would have resulted in another email back to me, with part or all of the password I had in LinkedIn’s database at the time of that breach. If you’re still using the same email address/password as you were in 2012, best to change it right away!
Be on the lookout for these Sextortion scams. They’re replete with the normal indicators of junk: strange/foreign language characters, unknown names and overseas domains. These all warrant your scepticism until proven otherwise. If in doubt- send it through to our support desk.
After observing 20 years of security changes and threat evolution, this looks like the tip of the iceberg to come in identity theft and extortion. Crooks are looking to monetise the massive amounts of personal information being spilled into the dark web. Each massive data breach expands the forever-available amount of information for sale.
If you’d like to know more about protecting your network and credentials, feel free to contact us by phone or through our contact page: https://www.infocusict.net/contact
The example:
Ticкеt Dеtails: MVN-494-97062
Email: brett@ambreth.com.au
Camera ready,Notification: 14-08-2018 08:13:44
tatus: ŵaiting for Reply 10xuCaTy8A0f60wDnRmQkJ3HrN3Ly57Zu4_Priority: Normal
–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*
ŵhat’s up,
If you were more attentive while caress yourself, I wouldn’t write dis message. I don’t think that playing with yourself is very bad, but when all your friends, relatives, сolleagues receive video of it- it is unpleasant news.
I seized virus on a porn web-site which you have visited. When the target tap on a play button, device begins recording the screen and all cameras on ur device begins working.
мoreover, soft makes a remote desktop supplied with keylogger function from ur device , so I could get all contacts from ur e-mail, messengers and other social networks. I’ve chosen dis e-mail because It’s your corporate address, so u should check it.
ٱ think that 370 usd is pretty enough for this little misstep. I made a split screen video(records from screen (u have interesting tastes ) and camera ooooooh… its funny ǎF)
o its ur choice, if u want me to delete ur disgrace use my ƀitcȎin wǎllet aƉdrеss- 1JYdB4KZUVmgdthNQMpxHS9puxHMcrLAZY
ou have one day after opening my message, I put the special tracking pixel in it, so when you will open it I will see.If ya want me to share proofs with ya, reply on this letter and I will send my creation to five contacts that I’ve got from ur device.
P.S… You are able to complain to police, but I don’t think that they can help, the inquisition will last for one year- I’m from Belarus – so I dgf lmao
I