Search
  • OSG

Sextortion


As the name suggests, this is a pretty sensitive subject. Don't be alarmed, no one actually knows what you've been looking at on the internet, and what more, no one cares. This simply is a phishing scam, nothing more. However, it really does look like someone has been spying on you for quite a while.


Let's explain. An email will come through to your inbox (or your spam folder if your email provider has done it's job) and it looks like the following -


"

I know XXXXXXXX is one of your password on day of hack..


Lets get directly to the point.

Not one person has paid me to check about you.


You do not know me and you're probably thinking why you are getting this email?


in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean).

When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam.


immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account.

after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you.


Best solution would be to pay me $1037.

We are going to refer to it as a donation. in this situation, i most certainly will without delay remove your video.


My -BTC -address: 1GxS19LyZqt36WfPs1QxCUCXG5Fy7wgD7d

[case SeNSiTiVe, copy & paste it]


You could go on your life like this never happened and you will not ever hear back again from me.

You'll make the payment via Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google).


if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it's hacked too.


I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid.


if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on.


Nevertheless, if i do get paid, i will destroy the recording immediately.

If you need proof, reply with Yeah then i will send out your video recording to your 8 friends.


it's a nonnegotiable offer and thus please don't waste mine time & yours by replying to this message.

"


Straight away, we can see there's something very aggressive in the wording of this email which is a very different approach to most phishing attacks. The forceful nature immediately instils a sense of panic into the recipient. In this instance, people tend to act with reaction rather than calm and logical thinking, resulting in some bad decisions being made.


This tactic preys on a different human emotion than the usual phishing attacks. The standard phishing emails often aim to entice a sense of greed on the victim by offering a huge amount of money for doing very little - say providing a Nigerian Prince some bank account information. However, this attack focuses on shame and vulnerability. By explaining that the criminal has been filming your webcam and recording your browser search history, you'd be forgiven for worrying about you've been doing over the past few weeks, despite your laptop being used and left at the office.


On the face of it, this email looks very personal and frightening. However, here's what happened - a cyber criminal purchased a very old list of usernames and passwords, and coupled them together with a sextortion email template (google 'sextortion email' and you'll see almost the exact same template as above) and sent out a mass email. That's it. You'll notice that the email doesn't ever mention what your password is being used for. The other threats in the email are complete bluffs, nothing more.


So what to do if you receive this threatening email? Delete it. Simple as that. If you're concerned because your password is displayed at the top of the email (rightly so), you may want to change your passwords (check out the password blog) and carry on with your day.


The main point, don't panic and use calm, logical thinking to deal with nonsense.