A popular new email scam claims to have video of you — don’t worry, it doesn’t.
A titillating new scam has hit the scene, but don’t let it work you up. It hits you with a one-two punch of first showing that it knows your password, then telling you a compromising video exists (taken with your own webcam) of you watching porn. The scammer threatens to send the video to everyone in your contacts if you don’t make a bitcoin payment to the provided address. In the examples we’ve seen, the amount requested ranges from $1900 to $7000 (and it could be more). To further the discomfort, the scammer adds that the video has been rendered in a split-screen format that shows the actual XXX clip you were watching alongside your real-time reactions to it.
Now let’s take a closer look at this scam. First things first — is there really a compromising video of you taken by your own webcam? You are the only person who knows if that’s even possible, but even if you feel it could be true, our research on this current scam has proven so far that these claims are false. The scammer wants to embarrass you with this idea of a video, hoping to scare you into paying without thinking. The ace up the scammer’s sleeve here is your password. The fact that they have it gives the whole scam an illusion of legitimacy ... but don’t fall for it.
Sample scam email with confidential info redacted and
password and username made generic
So where did they get your password? Unfortunately, password collection is a bustling pastime on the dark web. Endless lists exist which contain all the sensitive info from the multitude of data breaches over recent years, consisting of literally tens of millions of login credentials. If you’re one of those folks who doesn’t change their passwords frequently, the scammer’s trick might fool you.
Avast Security Evangelist Luis Corrons sees the potency of this new scam. “This is really scary for anyone,” he says, “as the password used is real. What scares me is how easily this could become a massive attack, fully automated. There are sources where you can get leaked data; and building a script that parses the pages with usernames and passwords, and creates an email for each one, is trivial.”
Furthering the point that this is simply a ruse, it seems that this same threat is coming from multiple factions in multiple variations. “Based on the language from the different messages,” Luis adds, “there are different groups performing these attacks, and it is very likely that their number will increase in the near future. If your email address has been compromised in a breach, you may get an email like the one discussed here.”
Here are a few tell-tale signs that point to the scam — at least for this round of emails:
Cybercrime is growing more sophisticated everyday, but the primary key to its success has remained the same for decades: empty scare tactics. So much of the cybercriminal’s game depends on successfully tricking and bullying you. The way they do this is by knocking you off balance and planting nightmare scenarios in your mind, playing up your fear so you can’t think straight. This new email scam hitting inboxes around the globe is doing just that, but we’re here to tell you it’s all bark and no bite.
Peiter Zatko, also known as the famous hacker “Mudge,” is the new head of security at Twitter, where he plans to bring creative solutions to the social platform’s notoriously poor security and preponderance of misinformation.
Even though the U.S. presidential election has been called for Joe Biden and no states have claimed voter fraud, both misinformation and disinformation on the legitimacy of the process continue to spread, especially through social media.