Scammers. The scourge of the internet! Always looking for new ways to make innocent people part with their hard-earned cash. A recent scam involves sending people an email claiming they visited adult websites. They pretend these websites downloaded malware that gave the scammer access to various aspects of the recipients computer. These include what they type and also access to the microphone and webcam.
Why is this password scam so clever?
Now, most people would think “You must be really gullible to believe this!” The trick here is that within the email they will give an example of one of your current or old passwords. This could cause people to panic and no longer think this is a bluff. After all, how could they have got your password or an old password without access your computer?
Below is an example of one of these emails, spelling errors and all:
Subject: *Name & Password*
It seems that, SuperSecurePassword123, is your pass word. You don't know me and you are most likely thinking why you are getting this e-mail, right?
Let me tell you, I actually placed a malware on the adult video clips (porn material) site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your web browser started out working as a RDP (Remote control Desktop) that has a key logger which provided me with access to your screen and webcam. Right after that, my software gathered all your contacts from your Messenger, social networks, and email.
What did I do?
I made a double-screen video. First part displays the video you were viewing, and next part displays the recording of your webcam.
exactly what should you do?
Well, in my opinion, $3900 is a fair price for our little secret. You'll make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).
BTC Address: xXxxXXxxXxxxXxxxXXXxxxxXXxxxxxXxxx
(It is cAsE sensitive, so copy and paste it)
You now have one day to make the payment. (I've a special pixel within this e mail, and now I know that you have read this e-mail). If I do not get the BitCoins, I will send out your video recording to all of your contacts including close relatives, colleagues, etc. Nonetheless, if I receive the payment, I'll erase the video immidiately. If you need evidence, reply with "Yes!" and I definitely will send your video recording to your 10 friends. It's a non-negotiable offer, thus please do not waste my personal time and yours by responding to this message.
Now you may be wondering how they came up with a genuine current or old password? The answer is straight forward. There have been countless data breaches in the last couple of decades. Most of this information is now easy to find on the dark web.
Did you have an MySpace account back in the day? If the answer is yes, then chances are your credentials are floating around. In 2008 360 Million MySpace users had their data stolen, this included IPs, email addresses, usernames and passwords.
The scammer will send you an old password. Perhaps one you once used many moons ago but, if they send one which is a current password then you should change it as soon as possible. It may be worth using www.haveibeenpwned.com to see if any of your accounts are compromised.
If you would like any more information, help or advice, please call us on 01293 562 700.
Steve is one of our Network Engineers. He was born and raised in Crawley, West Sussex. After completing his GCSE’s he found a job as a Domestic IT Technician for an independent Computer Repair company in Redhill. This saw him travelling around Surrey and West Sussex repairing people’s PCs, laptops, Macs and even the odd mobile phone. More about Steve.