South Florida Cyber Security Protection. Attackers contact their targets through email, claiming that they have video footage of their victim watching what I’ll delicately describe as ‘adult entertainment’ content. Most of the devices that people use to watch that sort of content online are either a smartphone or tablet with front facing cameras, or laptops with webcams. So, a lot of the targets might assume that the basis of the attackers’ extortion attempt is valid.
- Overall, extortion by email is growing significantly, according to the FBI’s Internet Crime Compliant Center (IC3). Last year, these complaints rose 242% to 51,146 reported crimes, with total losses of $83 million.
- “The majority of extortion complaints received in 2018 were part of a sextortion campaign in which victims received an email threatening to send a pornographic video of them or other compromising information to family, friends, coworkers or social network contacts if a ransom was not paid,” according to the FBI
- “Shame can be a tremendous weapon that these criminals use,” one expert explains.
Combine that with the attackers’ claims of having acquired one of the targets’ passwords through malware exfiltration, then displaying that password in plaintext in the body of the email, and you’ve got a very convincing social engineering strategy.
The attackers then threaten to distribute the personally compromising footage to the targets’ friends, family, and coworkers through Facebook, Facebook Messenger, and email if the victim doesn’t fork over $2900 worth of bitcoin within one day.
Here’s an example of the emails that the targets have received (edited for appropriateness):
I’m aware, XXXXXX is your password. You don’t know me and you’re probably thinking why you are getting this mail, right?
Well, I actually placed a malware on the <adult content> website and guess what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your internet browser started out working as a RDP (Remote Desktop) with a key logger which gave me access to your display screen as well as web camera. Just after that, my software program gathered every one of your contacts from your Messenger, Facebook, and email.
The extortion message goes on to instruct targets how to make payment under threat of exposure.
Is This a Real Threat or a Bluff?
The passwords that the attackers have sent their targets are legitimate passwords the target really uses. That would alarm the targets, and people often behave foolishly and panic out of fear.
Universal Cyber Protection believes that it’s unlikely that the attackers actually have footage of their targets watching adult content. As far as the passwords are concerned, the attackers likely acquired them through data breaches conducted by other cyber attackers, not from adult content website malware, as they assert in their email.
If you suspect of being hacked or are a target of online sextortion or blackmail, give us a call or contact us now. Time is of the essence. Providing services throughout Miami Dade, Broward and Palm Beach counties in Florida. 954-305-6275