A new twist on an old email scam is ensnaring people anew. The latest variation was reported by cybersecurity blogger Brian Krebs, who said that he’s heard from three different people affected by the ruse in as many days.
This is how the scam goes: A criminal reaches out to you via email and purports to have hacked your computer and gotten access to your webcam, where they recorded videos of you watching pornography. The email also contains a real password you’ve used in the past, one revealed in one of the many data breaches that have occurred over the last several years, in an attempt to lend credence to the scammer’s claim.
New email scam claims to access compromising videos through your webcam
The hacker then threatens to send the video to your contact list, unless you send a ransom — paid in Bitcoin.
According to Krebs, this is the email’s script:
“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
The criminal then threatens to expose the victim to everyone in their contacts within 24 hours if a Bitcoin ransom is not paid. In the script that Krebs displayed, the hacker wanted $1,400, but who knows what other amounts could be extorted from people.
Money expert Clark Howard has long preached that computer users should be wary about opening any email from a suspicious user. Here are some time-tested and concrete ways to protect ourselves, courtesy of consumer advocacy agency the Federal Trade Commission.
How to protect yourself from email scams
- Keep sensitive data offline: Never, ever put your Social Security number in an email or even the phone — and certainly not snail mail. Remember to shred charge receipts, any copies of credit applications, medical records and other sensitive documents.
- Don’t click on links in emails that are suspicious. Instead type the name of the company into your web browser and see if you can vet the sender. If they’re legit, contact them via customer service.
- Get creative when it comes to passwords. Strong passwords should be largely indecipherable to other people. The FTC says this: “Substitute numbers for some words or letters. For example, ‘I want to see the Pacific Ocean’ could become 1W2CtPo.”
The #1 security issue online these days is identity theft. That’s why Clark says the best way to make sure your most valuable personal information is safeguarded is to take the following two steps:
- Sign up for a Credit Karma or Credit Sesame account to get free credit monitoring and be notified when anyone tries to access your personal info. Here’s a step-by-step rundown of how to do it.
- Freeze your credit at the major credit-reporting bureaus and smaller ones. Here’s an in-depth guide on how to contact Equifax, TransUnion and Experian to freeze your accounts.
Here are some more scam-related articles from Clark.com:
- Why you should avoid third-party auto warranties
- How to choose a good password
- How to avoid becoming a victim to cell phone fraud
- Fake FDA warning letters hindering pharmacies
- Job scams: How to spot them