Post info:

Email SpearPhishing/Extortion

We have noticed a new phishing scam come through. However, this scam involves a portion of the user’s credentials (username and/or password). Below is an example of the text in the body of the email. The email address and known password have been redacted.

“Lets get directly to point. Not one person has compensated me to check about you. You may not know me and you are most likely wondering why you are getting this e-mail?

actually, I actually placed a software on the xxx streaming (porn material) web site and there’s more, you visited this site to have fun (you know what I mean). While you were watching video clips, your web browser began functioning as a Remote Desktop with a key logger which provided me accessibility to your screen and also web camera. Just after that, my software program obtained your complete contacts from your Messenger, Facebook, and e-mailaccount. And then I created a double-screen video. 1st part shows the video you were watching (you have a fine taste rofl), and next part displays the recording of your web camera, and it is you.

You get only 2 alternatives. We will take a look at each of these options in details:

Very first solution is to neglect this message. As a consequence, I will send out your video recording to just about all of your contacts and thus consider concerning the disgrace you can get. Keep in mind if you happen to be in a loving relationship, precisely how it will certainly affect?

In the second place solution would be to compensate me $5000. Lets regard it as a donation. Subsequently, I most certainly will instantaneously erase your videotape. You can keep daily life like this never occurred and you would never hear back again from me.

You’ll make the payment through Bitcoin (if you do not know this, search for “how to buy bitcoin” in Google search engine).

BTC Address: 17fEQoykAxnMLfW7owpTECC7PJW4JAzwTG
[case-SENSITIVE copy & paste it]

If you are wondering about going to the authorities, well, this message can not be traced back to me. I have covered my moves. I am just not attempting to ask you for a whole lot, I wish to be rewarded. You have one day in order to make the payment. I have a specific pixel in this message, and at this moment I know that you have read through this message. If I don’t receive the BitCoins, I will definately send out your video recording to all of your contacts including family members, colleagues, and so on. However, if I do get paid, I’ll erase the video right away. If you want evidence, reply with Yeah then I definitely will send your video recording to your 5 friends. This is the non:negotiable offer therefore don’t waste my personal time and yours by replying to this mail.

There are two things that are going on in this email. The person sending the email have your actual password to at least one of the accounts. This information can’t be disputed. The other is there is an extortion offer that may or may not be true depending on your browsing history.

Be very careful on filling out your personal information to update, re-authenticate, or reinstate any account. This is often the tactics the bad guys use to obtain your personal information. They don’t steal it or hack you. You simply get tricked into giving it to them.

This is a great example of not using the same password across multiple platforms. Each password should be unique. Try utilizing a password manage to log the different passwords. Consider using pass phrases instead of #$5POI&UY)*.

Picture Source: https://goo.gl/s6RsSo