Wednesday, December 12th, 2018

W WebWorks by Terry Young
Sextortion



SEXTORTION

I have video of you—
send me bitcoins, or else!


There is a new scam in town which seems to use a combination of methods to scare people out of their money. Email scams have been a problem since day one of the Internet. The first was the classic Nigerian prince who will send you a large amount of money once you send him some.

Variations of this still go on today and have transitioned to social media and dating sites. With these sites, the scammer can pick their target more directly. They build a fake relationship with their victims and have a longer time to reel them in.



Now there is the Sextortion scam. This scam threatens to discredit and embarrass the victim if they do not pay the extortionist with almost untraceable bitcoin money. This scam uses a password to make it seem more legitimate to the recipient.

The email starts with "I do know, [password here], is your password."

It then goes on to tell of how the blackmailer placed a video on a porn site which you watched, and that it contained malware which gave them access to your computer and webcam.

The scammer says they recorded a compromising video of you, and also got your contacts list from Messenger, Facebook, and email.

Then the blackmail comes. The email says that $2,900 is required to keep your secret, and instructs you to deposit that amount into their bitcoin account.

To create urgency, the scammer says they know when you read the email and that you have exactly one day to pay or they will "send out your video to all of your relatives, co-workers, and so forth."


If you receive one of these emails,
don't panic. Look at the password;
is it an older one?
If you own a laptop,
put tape over the webcam
and have someone scan it for viruses,
just in case.



Most people will spot this as a scam, especially if they do not own a webcam, or if the password is an old one they haven't used in years. However, since a lot of people still use older passwords, or use the same password for everything, they may fall for it.

Where did they get the password?

In the cases reported, the password used was an older one, sometimes over 10 years old. This would indicate that at some point you signed up for something, which was then hacked and your password and email address recorded. With so many recent large company data breaches, it could also have come from one of those.

If you receive one of these emails, don't panic.

Look at the password; is it an older one?

If you own a laptop, put tape over the webcam and have someone scan it for viruses, just in case.

If you still use that password for anything online, especially banking or social media, go to those sites and change it immediately.

Safe practice is to not use the same password for everything. Ideally, use different, more complicated passwords for more sensitive things.




Terry Young is the founder and CEO of Internet Marketing and Design,
the award winning web and multimedia design agency in Chesapeake.