• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Sextortion Scam Spam – Daily Security Byte

July 20, 2018 By Corey Nachreiner

A few weeks ago a friend of mine contacted me about a concerning email one of their friends had received. The email claimed that a hacker had hijacked their computer, gathered some embarrassing and compromising video of them from their webcam, and threatened to share it with their friends if they didn’t send $1900 USD in Bitcoin. The email also shared one of the victim’s real (but old) passwords to make the email and hack claim seem more legitimate. Though some of the allegations in the email didn’t check out with this victim, it was convincing enough to concern and anger them. Watch today’s video to learn more about these sorts of sextortion scam spams, and why you don’t really have to worry about the false claims in the scam.


Episode Runtime: 4:31

Direct YouTube Link: https://www.youtube.com/watch?v=-wPw55kEgPU

 

EPISODE REFERENCES:

  • Great Reddit post covering all these sextortion scams – Reddit
  • Article on stolen password blackmail emails – Tech Dirt
  • Krebs covers the sextortion spam – Krebs on Security
  • An example of on Sextortion blackmail email:

From: Apostolos Lyng <[email protected]>
To: Anonymous Victim <mindyourownbiz.co>

Subject: Victim – [A REAL PASSWORD],
Date: Tue, 10 Jul 2018

It seems that, [A REAL PASSWORD], is your pass word. You may not know me and you’re probably wondering why you are getting this email, right?

Well, I actually setup a malware on the adult video clips (sexually graphic) web-site and do you know what, you visited this site to have fun (you know what I mean). While you were watching video clips, your internet browser started operating as a RDP (Remote control Desktop) with a keylogger which gave me access to your screen and cam. Right after that, my software program gathered your entire contacts from your Messenger, Facebook, and email.

What exactly did I do?

I made a double-screen video. First part displays the video you were watching (you’ve got a nice taste lmao), and next part shows the recording of your webcam.

What should you do?

Well, I believe, $1900 is a fair price tag for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address: 1JHwenDp9A98XdjfYkHKyiE3R99Q72K9X4 (It is cAsE sensitive, so copy and paste it)

Note:

You have one day to make the payment. (I have a specific pixel in this email message, and at this moment I know that you have read this e mail). If I don’t receive the BitCoins, I will, no doubt send your video to all of your
contacts including friends and family, coworkers, and so forth. However, if I do get paid, I will erase the video immidiately. If you need evidence, reply with “Yes!” and I will send your video to your 7 contacts. It is a
non-negotiable offer, therefore don’t waste my personal time and yours by replying to this message.

—Corey Nachreiner, CISSP (@SecAdept)

 

 

 

 

Share This:

Related

Filed Under: Security Bytes Tagged With: Email Attacks

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use