July 2018 – Cyber criminals are sending victims their own passwords in an attempt to trick them into believing they have been filmed on their computer watching porn and demanding payment.
As at 13th July there have been over 110 of reports made to Action Fraud UK from concerned victims who have received these scary emails.
Safe Communities Portugal has so far received two such reports from people living in the ALgarve
In a new twist not seen before, the emails contain the victim’s own password in the subject line. Action Fraud has contacted several victims to verify this information, who have confirmed that these passwords are genuine and recent. In other cases these have been old discarded passwords.
The emails demand payment in Bitcoin and claim that the victim has been filmed on their computer watching porn.
Information from Business Adviser dated 25th July 2018 has analysed these threats and states emails are slightly different depending on who’s being attacked, but they all have a few similar features:
The subject line includes a password that you probably have used at some point.
The sender says they have used that password to hack your computer, install malware, and record video of you through your webcam.
They say they will reveal your adult-website habits and send video of you to your contacts unless you send them bitcoin, usually $1,200 or $1,600 worth.
Here’s one example of these scam emails, sent in the past month:
Basically, the attackers don’t actually have video of you or access to your contacts, and they haven’t been able to install malicious code on your computer. In reality, they’re taking a password from a database that’s available online, sending it to you, and hoping you’re scared enough to believe their story and send them bitcoin.
Action Fraud suspects that the fraudsters may have gained victim’s passwords from an old data breach.
After running some of the victim’s email addresses through ‘Have i been pwned?’, a website that allows people to check if their account has been compromised in a data breach, Action Fraud found that almost all of the accounts were at risk from data .
Last month, fraudsters were also sending emails demanding payment in Bitcoin, using WannaCry as a hook.
How to protect yourself
- Don’t be rushed or pressured into making a decision: paying only highlights that you’re vulnerable and that you may be targeted again. The police advise that you do not pay criminals.
- Secure it: Change your password immediately and reset it on any other accounts you’ve used the same one for. Always use a strong and separate password. Whenever possible, enable Two-Factor Authentication (2FA).
- Do not email the fraudsters back.
- Cover your webcam when not in use
- If you have paid the money then report this to the local police