Last month it was reported that hackers are using a new form of Sextortion ransomware that reveals victims passwords to trick them into parting with their money.
The hackers usually send an email that shares users’ real (but old) passwords at top of the email to convince them it’s legit and easily scares people that don’t change their passwords
The mail that reads
“I’m aware that X is your password. You don’t know me and you’re thinking why you received this email, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
Exactly what should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.”
A new report by DailyMail shows that the cyber scammers made approximately $500,000 from the ‘sextortion’ emails.
”Numerous people reported receiving messages this month that includes a password they used in the past and the sender claims to have hacked the target’s webcam to record them watching porn and ‘doing nasty things.’
The sender would then instruct the recipient to pay up, or they would make the alleged video public to their family and friends.
‘What is worrying is that scammers were able to siphon off [$500,000] from old password dumps, with very little effort,’ Suman Kar, CEO of cybersecurity firm Banbreach, told Motherboard.
Banbreach examined 770 digital wallets and found that about 230 had logged more than 1,000 transactions, receiving about 70.8 bitcoin, Motherboard noted. This amounts to approximately $457,583.
Cybersecurity journalist Brian Krebs was the first to report on the sextortion emails, detailing the scam on the blog KrebsOnSecurity.
‘It is likely that this improved sextortion attempt is at least semi-automated,’ Krebs says.
‘My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.’
How do You protect yourself from these scams
You can secure your online accounts by following any of the steps below.
1. Change Passwords regularly
Endeavour to change your passwords regularly as most breaches usually reveal old passwords. Also, use different passwords for different platforms to avoid a total breach.
2. Use Multifactor Authentication
When enabled in your platform, endeavour to use multi-factor authentication to secure your account as username/email and passwords are no longer that secure. Multi-factor authentication makes it harder for hackers to access your accounts
3. Subscribe to alerts
Subscribe to login alerts to make sure you are notified whenever your account is being accessed. This will let you know when your account is being breached.
Remember only you can guarantee your own security