Cyber criminals are sending victims their own passwords in an attempt to trick them into believing they have been filmed on their computer watching porn and demanding payment.
There have been over 110 of reports made to Action Fraud from concerned victims who have received these scary emails.
In a new twist not seen before by Action Fraud, the emails contain the victim’s own password in the subject line. Action Fraud has contacted several victims to verify this information, who have confirmed that these passwords are genuine and recent.
The emails demand payment in Bitcoin and claim that the victim has been filmed on their computer watching porn.
An example email reads:
I’m aware, XXXXXX is your password. You don’t know me and you’re probably thinking why you are getting this mail, right?
Well, I actually placed a malware on the adult video clips (porno) web site and guess what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your internet browser started out working as a RDP (Remote Desktop) with a key logger which gave me access to your display screen as well as web camera. Just after that, my software program gathered every one of your contacts from your Messenger, Facebook, and email.
What did I do?
I made a double-screen video. First part shows the video you were watching (you have a nice taste omg), and 2nd part displays the recording of your webcam.
Exactly what should you do?
Well, I believe, $2900 is a fair price tag for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
BTC Address: 1HpXtDRumKRhaFTXXXXXXXXXX
(It is cAsE sensitive, so copy and paste it)
Important:
You now have one day to make the payment. (I have a special pixel within this email message, and now I know that you have read this e mail). If I do not receive the BitCoins, I will definately send out your video recording to all of your contacts including close relatives, co-workers, and many others. Nevertheless, if I receive the payment, I’ll destroy the video immidiately. If you need evidence, reply with “Yes!” and I will send your video to your 10 friends. It is a non-negotiable offer, therefore do not waste my time and yours by responding to this message.
Suspected data breach
Action Fraud suspects that the fraudsters may have gained victim’s passwords from an old data breach.
After running some of the victim’s email addresses through ‘Have i been pwned?’, a website that allows people to check if their account has been compromised in a data breach, Action Fraud found that almost all of the accounts were at risk.
Last month, fraudsters were also sending emails demanding payment in Bitcoin, using WannaCry as a hook.
How to protect yourself
- Don’t be rushed or pressured into making a decision: paying only highlights that you’re vulnerable and that you may be targeted again. The police advise that you do not pay criminals.
- Secure it: Change your password immediately and reset it on any other accounts you’ve used the same one for. Always use a strong and separate password. Whenever possible, enable Two-Factor Authentication (2FA).
- Do not email the fraudsters back.
- Always update your anti-virus software and operating systems regularly.
- Cover your webcam when not in use.
- If you have receive one of these emails and paid the fine, report it to your local police force. If you have not paid, report it as a phishing attempt to Action Fraud.