Heads up: a particularly
nasty sextortion Bitcoin scam from at least the middle of 2018
is making the rounds once again. The scam involves making use of
old breach dumps, then emailing someone from the list and reminding them of
their old password.
When something lands in your
mailbox with “Hey, remember this?” it’s a surefire way to focus the reader’s
attention. Pressure is then applied to start sending over some Bitcoin…or else.
What
is the threat being made?
The generally accepted theory is
that the scammer digs up personally identifiable information from old data breaches, including email addresses and passwords,
plugs it into some sort of automated script, and then fires out thousands of
emails.
Those mails reach people from said breach, and they then see talk of
somebody “knowing” their login details. That’s then used as leverage to claim
the attacker has access to their PC, files, folders, webcams, browsing
history—in a nutshell, anything personal and sensitive. The scarier they can
make it sound, the better. In fact, one of the more eye-popping claims is that the scammer has video of the
user viewing adult websites, and they will share this video with all the user’s
contacts unless they pony up and pay a Bitcoin ransom.
And in classic ransomware
fashion, there’s typically a ticking clock. Giving users a short time limit to
deliver the payment is social engineering at its finest.
What
next?
The recipient may well have a
panic attack, that’s what. To be suddenly confronted with an ancient (but
potentially still active) password is certainly going to give a bit of a shock
to the system. It’s at this point the confusion sets in, as they start to
wonder what on Earth the attacker has. Did they really see what they claimed to
see? Do they actually have video footage? What other potentially embarrassing
(or worse) content could they use to extort and blackmail?
What
do they really have? A large throne of lies, is what. Yes, they have your password
from a long time ago. No, they do not have access to
your computer. And no, even if you were checking out adult sites, they don’t
have video of you doing so.
What they might have is access
to your email account associated with the breach, if you haven’t changed the
password since it took place. They could also potentially start trying to log
into other accounts you have with the same password. If this is the case, you
should fire up a password manager and get to work changing things.
In fact, you should do that if
you share passwords across accounts in any case.
Okay, back to the scam. What
does the email say?
It’s a fairly standard template,
and hunting for portions of the below mail will throw up any number of hits in
Google and other search engines.
The email reads as follows:
"I am well aware
[REDACTED] is your passwords. Let's get right to point. Neither anyone has paid
me to investigate you. You may not know me and you are probably thinking why
you’re getting this e-mail?
"Actually, i installed a software
on the adult videos (pornographic material) web-site and do you know what, you
visited this website to have fun (you know what i mean). While you were viewing
videos, your web browser began working as a Remote Desktop that has a key logger
which gave me accessibility to your display and also cam. Just after that, my
software gathered every one of your contacts from your Messenger, Facebook, as
well as email, After that i created a double video. 1st part displays the
video you were viewing (you’ve got a nice taste ha ha), and next part shows the
recording of your cam, yeah it's you.
"You have not one but two
choices. Shall we read up on these options in aspects:
"First alternative is to just
ignore this message. in such a case, i am going to send out your actual video
to every single one of your personal contacts and think regarding the
awkwardness you will definitely get and definitely if you happen to be in a loving
relationship, how it would affect?
"Number 2 solution is to purchase $2000 in bitcoin. Let's name it as a donation. in this situation, i most certainly will asap
remove your video footage. You could carry on daily life like this never
occurred and you surely will never hear back again from me.
"You’ll make the payment through
Bitcoin (if you don’t know this, search for ‘how to buy bitcoin’ in
Google).
"BTC address to send
to: [REDACTED] [CaSe sensitive, copy &
paste it]
"If you are wondering
about going to the law enforcement officials, well, this message can not be
traced back to me. I have dealt with my actions. i am also not attempting to
demand a huge amount, i would like to be compensated. within this%}
emaiQUNdkpeC [SIC] if i do not receive the bitcoin, i will send your video
recording to all of your contacts including family members, coworkers, and so
forth. Having said that, if i receive the payment, i will erase the recording
immediately. If you really want proof, reply Yup then i will send out your
video to your 9 friends. This is a non-negotiable offer, so don’t waste mine
time and yours by replying to this e mail."
That’s
pretty sneaky. It is, and I’d be surprised if
there aren’t many others waking up to emails identical to the above. Should you
receive one yourself, do the following:
- Don’t panic.
They absolutely do not have the keys to your computer.
- See if the
email in question pops up over on Haveibeenpwned.
- See if
your password does
the same thing.
- At this
point, you may have a fairly good idea which breach they grabbed your old
login from, which is always useful information to have.
- Delete the
email you were sent, and under no circumstances pay them a
penny/dime/insert currency of choice here.
Scare
tactics: an evil practice
The anonymous sender of these emails doesn’t care about the trauma they could cause at the other end. These
missives would be particularly traumatic for anyone involved in (say) a revenge
porn case previously. And make no mistake, generic Internet blackmail threats can kill.
If you’re able to report these
mails for spam/abuse before deleting, do so. There’s a remote chance you could
actually save someone’s life while making the Internet a little safer into the
bargain.
Posted: February 11, 2019 by Christopher BoydMalwarebytes
P.S.
Since you're quarantined and have nothing else to do, you can also file a complaint at the FBI's Internet Crime Complaint Center. Click here for the form: (IC3).
Thanks for posting.
ReplyDelete