Security experts have uncovered a convincing new scam that uses the recipients’ real passwords as leverage to demand a Bitcoin ransom.
And, it claims to be holding extremely intrusive footage over their heads to back it all up.
Numerous people have reported receiving a worrying email this month in which the sender claims to have used malware to access their devices and record them watching porn and ‘doing nasty things.’
Perhaps most troubling is that in every case, the password shared in the email is one the recipient has actually used in the past.
It’s a ‘clever new twist on an old email scam that could serve to make the con far more believable,’ explains cybersecurity journalist Brian Krebs on the blog, KrebsOnSecurity.
Each message follows a similar script, beginning with the claim: ‘I’m aware that XXXXX is your password.’
It then goes on to say the sender installed malware on a porn site and used this to access visitors’ device and information, including the display screen, webcam, Messenger contacts, Facebook, and email account.
And, it claims the scammer ‘made a split-screen video,’ of the user’s intimate activity.
‘First part recorded the video you were viewing (you’ve got a fine taste haha),’ the message states.
‘And next part recorded your webcam. (Yep! It’s you doing nasty things!).’
In the past 72 hours alone, the blog received word from three different readers who received an email along these lines.
Others have taken to Twitter to flag the bizarre messages.
Examples shared on several sites reveal scammers are demanding thousands of dollars in Bitcoin as a ‘fair price for our little secret,’ and claim it must be paid within 24 hours or the video will be sent out to everyone you know.
‘Nonetheless, if I do get paid, I will erase the video immidiately [sic],’ the message continues.
‘If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.’
So far, the passwords used in the scam have been upwards of 10 years out of date, Krebs says. But as it improves, the scammers could gain access to more recent information to make it seem more convincing.
Such could be the case if the attacker obtains a database from a recently hacked site.
‘It is likely that this improved sextortion attempt is at least semi-automated,’ Krebs says.
‘My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.’
Security experts are once again warning users to take precautions to keep themselves safe online, including by turning off or blocking web cams when they’re not in use.