Monday, April 27, 2020

Sextortion Bitcoin Scam (from Malwarebytes)




Heads up: a particularly nasty sextortion Bitcoin scam from at least the middle of 2018 is making the rounds once again. The scam involves making use of old breach dumps, then emailing someone from the list and reminding them of their old password.
When something lands in your mailbox with “Hey, remember this?” it’s a surefire way to focus the reader’s attention. Pressure is then applied to start sending over some Bitcoin…or else.
What is the threat being made?
The generally accepted theory is that the scammer digs up personally identifiable information from old data breaches, including email addresses and passwords, plugs it into some sort of automated script, and then fires out thousands of emails.
Those mails reach people from said breach, and they then see talk of somebody “knowing” their login details. That’s then used as leverage to claim the attacker has access to their PC, files, folders, webcams, browsing history—in a nutshell, anything personal and sensitive. The scarier they can make it sound, the better. In fact, one of the more eye-popping claims is that the scammer has video of the user viewing adult websites, and they will share this video with all the user’s contacts unless they pony up and pay a Bitcoin ransom.
And in classic ransomware fashion, there’s typically a ticking clock. Giving users a short time limit to deliver the payment is social engineering at its finest.
What next?
The recipient may well have a panic attack, that’s what. To be suddenly confronted with an ancient (but potentially still active) password is certainly going to give a bit of a shock to the system. It’s at this point the confusion sets in, as they start to wonder what on Earth the attacker has. Did they really see what they claimed to see? Do they actually have video footage? What other potentially embarrassing (or worse) content could they use to extort and blackmail?
What do they really have? A large throne of lies, is what. Yes, they have your password from a long time ago. No, they do not have access to your computer. And no, even if you were checking out adult sites, they don’t have video of you doing so.
What they might have is access to your email account associated with the breach, if you haven’t changed the password since it took place. They could also potentially start trying to log into other accounts you have with the same password. If this is the case, you should fire up a password manager and get to work changing things.
In fact, you should do that if you share passwords across accounts in any case.
Okay, back to the scam. What does the email say?
It’s a fairly standard template, and hunting for portions of the below mail will throw up any number of hits in Google and other search engines.
The email reads as follows:
"I am well aware [REDACTED] is your passwords. Let's get right to point. Neither anyone has paid me to investigate you. You may not know me and you are probably thinking why you’re getting this e-mail? 
"Actually, i installed a software on the adult videos (pornographic material) web-site and do you know what, you visited this website to have fun (you know what i mean). While you were viewing videos, your web browser began working as a Remote Desktop that has a key logger which gave me accessibility to your display and also cam. Just after that, my software gathered every one of your contacts from your Messenger, Facebook, as well as email, After that i created a double video. 1st part displays the video you were viewing (you’ve got a nice taste ha ha), and next part shows the recording of your cam, yeah it's you. 
"You have not one but two choices. Shall we read up on these options in aspects: 
"First alternative is to just ignore this message. in such a case, i am going to send out your actual video to every single one of your personal contacts and think regarding the awkwardness you will definitely get and definitely if you happen to be in a loving relationship, how it would affect? 
"Number 2 solution is to purchase $2000 in bitcoin. Let's name it as a donation. in this situation, i most certainly will asap remove your video footage. You could carry on daily life like this never occurred and you surely will never hear back again from me.
"You’ll make the payment through Bi‌tco‌in (if you don’t know this, search for ‘how to buy b‌itcoi‌n’ in Google). 
"B‌T‌C‌ ad‌dre‌ss to send to: [REDACTED] [CaSe sensitive, copy & paste it] 
"If you are wondering about going to the law enforcement officials, well, this message can not be traced back to me. I have dealt with my actions. i am also not attempting to demand a huge amount, i would like to be compensated. within this%} emaiQUNdkpeC [SIC] if i do not receive the ‌bi‌tco‌in‌, i will send your video recording to all of your contacts including family members, coworkers, and so forth. Having said that, if i receive the payment, i will erase the recording immediately. If you really want proof, reply Yup then i will send out your video to your 9 friends. This is a non-negotiable offer, so don’t waste mine time and yours by replying to this e mail."

That’s pretty sneaky. It is, and I’d be surprised if there aren’t many others waking up to emails identical to the above. Should you receive one yourself, do the following:
  1. Don’t panic. They absolutely do not have the keys to your computer.
  2. See if the email in question pops up over on Haveibeenpwned.
  3. See if your password does the same thing.
  4. At this point, you may have a fairly good idea which breach they grabbed your old login from, which is always useful information to have.
  5. Delete the email you were sent, and under no circumstances pay them a penny/dime/insert currency of choice here.
Scare tactics: an evil practice
The anonymous sender of these emails doesn’t care about the trauma they could cause at the other end. These missives would be particularly traumatic for anyone involved in (say) a revenge porn case previously. And make no mistake, generic Internet blackmail threats can kill.
If you’re able to report these mails for spam/abuse before deleting, do so. There’s a remote chance you could actually save someone’s life while making the Internet a little safer into the bargain.
Posted: February 11, 2019 by Christopher Boyd

Malwarebytes

P.S.
Since you're quarantined and have nothing else to do, you can also file a complaint at the FBI's Internet Crime Complaint Center. Click here for the form:  (IC3).

1 comment:

Note: Only a member of this blog may post a comment.