Advancements to Sextortion Scams Continue
Hackers continue to trick users into thinking their computers have been infected with malware that recorded videos of them watching porn. In an attempt to legitimize their claims, the hackers reveal they know a real password the victim has used and have begun spoofing victims’ email addresses. By spoofing the email address, it makes it appear the messages are being sent from the victim’s own email account.
After distributing these spoofed emails, the hackers then demand a payment in the untraceable cryptocurrency, bitcoin. They claim if a payment is not received, they will send the recordings to everyone in the recipient’s contacts list. The scam has been incredibly effective, raking in bitcoin payments totaling $4 million in just the last three months.
Below are a couple examples of these sextortion emails, provided by Barkley:
How Users Are Being Exploited
First, it is important to clarify, these victims have not been infected with malware. Instead, they’ve received a scam email that is exploiting the password that was leaked in one of today’s major data breaches. There is NO recording!
Many recipients of these emails have confirmed the passwords included in the emails, haven’t been used in years. This has led several experts to believe these scams are using data dumps from data breaches that occurred years ago.
What’s Next?
If you received one of these emails, it is important you remember — this is only a scam, your device is NOT infected with malware. PC Matic encourages you NOT to pay the bitcoin demands. Instead, ensure you are no longer using the password the hacker discloses in the email. If you are still using this password, it is important to change the login credentials for those accounts.
If you are wondering if your information has been breached, you may visit www.haveibeenpwned.com. By typing in your email address, the website will tell you if and when your information was breached.
