A titillating new scam has hit the scene, but don’t let it work you up. It hits you with a one-two punch of first showing that it knows your password, then telling you a compromising video exists (taken with your own webcam) of you watching porn. The scammer threatens to send the video to everyone in your contacts if you don’t make a bitcoin payment to the provided address. In the examples we’ve seen, the amount requested ranges from $1900 to $7000 (and it could be more). To further the discomfort, the scammer adds that the video has been rendered in a split-screen format that shows the actual XXX clip you were watching alongside your real-time reactions to it.

Now let’s take a closer look at this scam. First things first — is there really a compromising video of you taken by your own webcam? You are the only person who knows if that’s even possible, but even if you feel it could be true, our research on this current scam has proven so far that these claims are false. The scammer wants to embarrass you with this idea of a video, hoping to scare you into paying without thinking. The ace up the scammer’s sleeve here is your password. The fact that they have it gives the whole scam an illusion of legitimacy ... but don’t fall for it.

Sample scam email with confidential info redacted and
password and username made generic

So where did they get your password? Unfortunately, password collection is a bustling pastime on the dark web. Endless lists exist which contain all the sensitive info from the multitude of data breaches over recent years, consisting of literally tens of millions of login credentials. If you’re one of those folks who doesn’t change their passwords frequently, the scammer’s trick might fool you.

Avast Security Evangelist Luis Corrons sees the potency of this new scam. “This is really scary for anyone,” he says, “as the password used is real. What scares me is how easily this could become a massive attack, fully automated. There are sources where you can get leaked data; and building a script that parses the pages with usernames and passwords, and creates an email for each one, is trivial.”

Furthering the point that this is simply a ruse, it seems that this same threat is coming from multiple factions in multiple variations. “Based on the language from the different messages,” Luis adds, “there are different groups performing these attacks, and it is very likely that their number will increase in the near future. If your email address has been compromised in a breach, you may get an email like the one discussed here.”

How to spot a scam email

Here are a few tell-tale signs that point to the scam — at least for this round of emails:

• The email mentions both a webcam and secret video recording.
• There is a request for money — to be sent in bitcoin.
• It includes a real (usually older) password that you have used.
• It usually includes a scare tactic that includes a threat to send the video recording to your contacts.

What to do if you receive a scam email

Cybercrime is growing more sophisticated everyday, but the primary key to its success has remained the same for decades: empty scare tactics. So much of the cybercriminal’s game depends on successfully tricking and bullying you. The way they do this is by knocking you off balance and planting nightmare scenarios in your mind, playing up your fear so you can’t think straight. This new email scam hitting inboxes around the globe is doing just that, but we’re here to tell you it’s all bark and no bite.

Our advice:

• If you receive this type of threat, do not pay the extortion amount. It is all a sophisticated scam.
• Keep yourself off the would-be victim list by changing your passwords, and make them long, unique, complicated passphrases at that.
• If it gives you more peace of mind, disable your webcam or cover it. Then you’ll know those videos can not exist.  Or, try Avast Premier with Webcam Shield to take full control of your webcam.