Sextortion, blackmail & porn scams on the rise in the wake of Covid-19 outbreak; why you shouldn't be scared
These emails are scams, and are just a pack of lies to frighten you into sending money.
By Glynda Alves, ET Bureau |
iStock
A sextortion or porn scam email is where cybercriminals email you out of the blue to claim that they’ve implanted malware on your computer, and have therefore been able to keep tabs on your online activity. The crooks go on to claim that they’ve taken screenshots of you looking at a porn site – along with video recorded from your webcam. There’s been a recent surge of concern about sextortion emails over the last few weeks and given that many people are isolated at home due to coronavirus, scamsters see this as an easy opportunity.
Paul Ducklin, Principal Research Scientist, Sophos (a British security software and hardware company) says that the scamsters say that they have ‘put the screenshots and the webcam footage side-by-side to create an embarrassing video that they’re going to send to your friends and family…unless you pay them blackmail money, usually somewhere from $1,500 to $4,000, paid in bitcoins to a BTC address that the crooks provide in the email.’
But Duckling says, “In reality, the video doesn’t exist and the whole thing is a scam to prey on your fears.”
In the example above, the crooks have included a password of yours (it may actually have been a password you used, but it probably dates back many years); in other sextortion samples, we’ve seen the crooks including phone numbers instead.
Usually, the crooks get this “evidence” from information that’s already circulating in the cybercriminal underworld as the result of a data breach, so the “proof” they have didn’t come from your computer at all, and doesn’t “prove” anything.
Even if they never watch porn and don’t have a webcam, they may feel scared and confronted by the claims of malware implanted on their computer.
Paul Ducklin, Principal Research Scientist, Sophos (a British security software and hardware company) says that the scamsters say that they have ‘put the screenshots and the webcam footage side-by-side to create an embarrassing video that they’re going to send to your friends and family…unless you pay them blackmail money, usually somewhere from $1,500 to $4,000, paid in bitcoins to a BTC address that the crooks provide in the email.’
But Duckling says, “In reality, the video doesn’t exist and the whole thing is a scam to prey on your fears.”
Why would you believe the crooks?
As many Naked Security readers have pointed out, if the crooks really wanted to convince you they had such a video, they’d put a still frame or a short clip from it in the sextortion email. But they don’t have a video so they have to invent some “proof” that they have access to your computer.In the example above, the crooks have included a password of yours (it may actually have been a password you used, but it probably dates back many years); in other sextortion samples, we’ve seen the crooks including phone numbers instead.
Usually, the crooks get this “evidence” from information that’s already circulating in the cybercriminal underworld as the result of a data breach, so the “proof” they have didn’t come from your computer at all, and doesn’t “prove” anything.
ADVERTISEMENT
What to do
These emails are scams, and are just a pack of lies to frighten you into sending money. Our advice is simply to delete the offending emails and move on, but you may have friends or family who have received one of these emails and are afraid of ignoring it.Even if they never watch porn and don’t have a webcam, they may feel scared and confronted by the claims of malware implanted on their computer.
2019 was the year of serious data breaches. Each made headlines that jolted users into reality and the importance of protecting personal data. A recent survey indicates that 52 per cent of users polled believe they need to strengthen their data policies, 45 per cent expect advertising and marketing regulation to become 'more strict', while 88 per cent agree, or strongly agree, that digital privacy will become increasingly important this year.
While, January 28 is observed as the Data Privacy Day in India, the US, Canada and 47 European countries each day, Sunil Sharma, managing director sales, India & SAARC, Sophos advises you to treat every day as Data Privacy Day and apply these simple tips to secure your data.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
ADVERTISEMENT
