Scam alert: Password hacking victims are getting sextortion emails

|
Scam alert: Password hacking victims are getting sextortion emails
Image Credit: Dreamstime
Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
Advertisement

A new twist on an old email scam is ensnaring people anew. The latest variation was reported by cybersecurity blogger Brian Krebs, who said that he’s heard from three different people affected by the ruse in as many days.

This is how the scam goes: A criminal reaches out to you via email and purports to have hacked your computer and gotten access to your webcam, where they recorded videos of you watching pornography. The email also contains a real password you’ve used in the past, one revealed in one of the many data breaches that have occurred over the last several years, in an attempt to lend credence to the scammer’s claim.

New email scam claims to access compromising videos through your webcam

The hacker then threatens to send the video to your contact list, unless you send a ransom — paid in Bitcoin.

RELATED: ‘Mail fishing’ is becoming a real problem — here’s how to prevent it

According to Krebs, this is the email’s script:

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

The criminal then threatens to expose the victim to everyone in their contacts within 24 hours if a Bitcoin ransom is not paid. In the script that Krebs displayed, the hacker wanted $1,400, but who knows what other amounts could be extorted from people.

Money expert Clark Howard has long preached that computer users should be wary about opening any email from a suspicious user. Here are some time-tested and concrete ways to protect ourselves, courtesy of consumer advocacy agency the Federal Trade Commission.

How to protect yourself from email scams

  • Keep sensitive data offline: Never, ever put your Social Security number in an email or even the phone — and certainly not snail mail. Remember to shred charge receipts, any copies of credit applications, medical records and other sensitive documents.
  • Don’t click on links in emails that are suspicious. Instead type the name of the company into your web browser and see if you can vet the sender. If they’re legit, contact them via customer service.
  • Get creative when it comes to passwords. Strong passwords should be largely indecipherable to other people. The FTC says this: “Substitute numbers for some words or letters. For example, ‘I want to see the Pacific Ocean’ could become 1W2CtPo.”

The #1 security issue online these days is identity theft. That’s why Clark says the best way to make sure your most valuable personal information is safeguarded is to take the following two steps:

  1. Sign up for a Credit Karma or Credit Sesame account to get free credit monitoring and be notified when anyone tries to access your personal info. Here’s a step-by-step rundown of how to do it.
  2. Freeze your credit at the major credit-reporting bureaus and smaller ones. Here’s an in-depth guide on how to contact Equifax, TransUnion and Experian to freeze your accounts.

Here are some more scam-related articles from Clark.com:

Advertisement
Craig Johnson is a conscious money-saver who still reads paperback books and listens to vinyl. He likes to write about how technology is making things easier and more affordable — but also sometimes more dangerous — for the modern consumer. You can reach Craig at [email protected]
View More Articles
  • Show Comments Hide Comments