Blog Overview

Internet users need to be wary of a new phishing scam that is actually a sextortion scheme, which utilizes old passwords of users and blackmails them for watching pornography.

The scammers claim to have recorded footage of the victim while watching porn. They often state that they have the victim’s password and have used the password to install spyware on the targeted computer, claiming that when the victim visited pornography websites, they activated the webcam to record footage.

See below for the actual email a few of our clients received today:
========
From: Ciel Quan <[email protected]>
Date: July 12, 2018 at 12:43:49 PM EDT
To: “[email protected]” <[email protected]>
Subject: user – password
I’m aware, password, is your password. You don’t know me and you’re probably thinking why you are getting this e-mail, correct?
Actually, I placed a malware on the adult video clips (porn) web site and you know what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your internet browser started out functioning as a RDP (Remote Desktop) with a key logger which provided me accessibility to your display screen and also webcam. Immediately after that, my software program obtained every one of your contacts from your Messenger, Facebook, as well as email.
What did I do?
I made a double-screen video. First part displays the video you were watching (you’ve got a nice taste : )), and second part displays the recording of your webcam.
What should you do?
Well, I believe, $2900 is a fair price for our little secret. You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
BTC Address:
(It is CASE sensitive, so copy and paste it)
Important:
You now have one day in order to make the payment. (I’ve a unique pixel within this email message, and at this moment I know that you have read this email). If I don’t get the Bitcoins, I will, no doubt send your video recording to all of your contacts including close relatives, co-workers, etc. However, if I do get paid, I will erase the video immediately. If you really want proof, reply with “Yes!” and I definitely will send out your video recording to your 9 contacts. This is a non-negotiable offer, thus do not waste my personal time and yours by responding to this email message.
===========

What’s utterly concerning is that usually, the password highlighted in the email sent by the scammers is a legitimate password that the victim had previously used.

Our security team opine that it is quite probable that cyber-criminals are utilizing old passwords obtained from various large-scale data breaches, such as the ones suffered by Yahoo, Uber, LinkedIn, Tumblr, and Dropbox, etc., to blackmail users. They are simply matching old passwords with useful identifiers like email IDs. After successfully locating the victim, they can initiate a blackmailing campaign easily.

We highly recommend not replying to the hackers at all and furthermore adding the domain to the spam list.
The FBI suggests that users must remain alert, avoid opening attachments from unknown senders, and be very careful while opening attachments sent by known contacts. Furthermore, users must not send compromising pictures of themselves to anyone, no matter how trusted the contact must be. When not in use, webcams should be turned off manually or covered.