Using stolen passwords to get a victim's attention, a new sexploitation scam threatens victims with exposing them "doing nasty things." In an emailed threat, the hacker claims to have downloaded malware on the victim's computer that enabled the scammer to take over the victim's webcam.
The scammer also claims to have pilfered email and social media contacts and to have a recording of the victim, filmed from the victim's own webcam, watching porn. Demanding a ransom in bitcoin, the scammer says if the victim doesn't send $1,000 to $2,000 within 24 hours, the crook will share compromising images of the victim with all of the victim's contacts.
"I think $1,400 is a fair price for our little secret," the con artist's email says.
In reality, the crook doesn't have your contacts or access to your webcam, according to Brian Krebs, who operates a top technology security site. However, the scammer does have a password that the victim once used -- or may still use -- with one or more websites.
The email reads as follows:
“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
Sending bitcoin if you get this email is, of course, a bad idea. However, if you received one, changing your passwords is wise. In fact, it might be smart to change passwords for all important accounts even if you don't get targeted.
Why? A series of massive data breaches have exposed password information on hundreds of millions of consumers. These passwords are now floating around the dark web, available to purchase for scammers like this one, as well as those with even more nefarious intent.
Consumers who want to find out whether their passwords have been compromised can go to security website Have I Been Pwned, which has collected data on the email addresses and passwords that were involved in data breaches. Frequently, consumers will find that their email has been subject to many breaches, which means that multiple passwords may be at risk.