We at Komando.com do our best to keep you up to date on all the attacks making the rounds. You always need to be on the lookout for the latest scams so you don’t fall victim to these threats and attempts by these scammers to profit at your expense. Remember, scammers often rely on scare tactics, counting on you to overlook details out of fear.
Two weeks ago, we reported about this scary extortion email scam that’s going around. It’s pretty far-fetched but people are actually getting duped.
Now, it looks like there are new variations to this “sextortion” scam that make them appear more convincing. But don’t be fooled! They’re just more ways for these scammers to scare you into giving in to their demands.
Different variations, same scam
The scam emails have varying content but they all share these common characteristics:
- The subject line may have your real name or even an old password you have used before
- The attackers claim that they placed malware on a porn site that you visited
- With that malware, they were able to access your webcam and record you while you’re on the porn website
- The attackers will send the video to your friends unless you pay them a specific bitcoin amount
How come they have your name and old passwords?
So how did these scammers manage to get your information?
Well, with the number of data breaches that are seemingly occurring every day, your email address, real name and even your old passwords are not that hard to acquire. These databases are typically available on the Dark Web and even on public file sharing sites.
Even if you do get a threatening email addressed to your name or with your old password attached, please don’t fall for it!
Can you tell that this is fake?
So one variation of the extortion email goes like this:
Subject: I’m aware that <XXXXXX> is your password
XXXXX, you don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1900 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
(It is cAsE sensitive, so copy and paste it)
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid (after payment, send an email to [email protected]), I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
Just another extortion scam
As you can see in the email, the sender claims to have put malware onto a porn site (yet again!) that the recipient visited and with some unknown “software magic,” turned her web browser into the ultimate spying tool!
It’s scary, for sure, but from the looks of this email, this is just another variation of the popular extortion scam that’s going around these days.
If you receive an email of this sort, don’t be intimidated by big hacker terms like “RDP” or “keylogger;” it’s just another way for these scammers to bully you into believing that they are what they claim to be.
So what are the tell-tale signs in this particular message that proves that it is nothing more than an extortion scam?
First, although the scammer has your email address, the message does not really have your personal details. It doesn’t have your name, the porn website nor any actual proof of the “video evidence.”
Second, the scammer is offering “evidence” of the recording by sending the video to five of your friends. As you would suspect, this offer is simply just another scam in itself and it actually discourages you from asking for the proof in the first place.
If it’s real, the blackmailer will at least send you concrete proof of the video such as a short clip, a screenshot, or heck, even the whole video itself.
Third, it’s full of blatant misinformation, technical errors and urgent threats that force you to act quickly.
And like so many other scams out there, these emails are full of grammatical and spelling errors that it’s hard to take them seriously. (Most of the time, they read like someone ran them through a terrible version of Google Translate.)
Don’t pay the ransom!
If you receive any threatening emails of this sort, please don’t give in by paying the bitcoin ransom!
A quick web search reveals that this extortion scam is getting popular lately. There may be variations in the words and the ransom amount but the M.O. is still the same – they claim to have video proof of your porn website excursions and they will release the video if you don’t pay the bitcoin amount.
In the words of Admiral Ackbar, “IT’S A TRAP!”
But just in case…
Although this particular email threat is fake, remote access software, keyloggers and spying software are real.
In fact, webcam hacking is a real threat facing computer users every day. Believe me, you don’t want hackers taking over your webcam and watching your every move. That’s creepy!
If you want to be completely confident that your computer is free from spying malware, make sure you have some sort of anti-malware or anti-virus protection in place and do a deep scan.
There are free third-party anti-virus tools online that will aid you in checking and removing malware, spyware and virus infections. Malwarebytes, for instance, is a proven malware removal tool for both Macs and PCs.
Windows 10 also has a free malware detection and extraction program called the Microsoft Windows Malicious Software Removal Tool. Introduced way back in Windows Vista, this tool runs in the background, quietly scanning your system and will alert you if it detects any suspicious activity.
Some types of malware can be stealthy and persistent even after a scan, though. In this case, you can try troubleshooting your PC in Safe Mode or use a diagnostic boot CD or USB portable drive to track down any pesky viruses.
Have a question about email scams or anything tech-related? Kim has your answer! Tap or click here to send Kim a question, she may use it and answer it on her radio show.