Scam of the week 2- This week we are going to take a look at something a bit more devious than last week's scam. Today we are going to see what happens months or even years after you have already fallen for a previous scam and given the bad guys your password.
Recently, the following email arrived in my Junk mail folder. What got my attention here was the subject line because grayknot31 is a real password that I used to use.
Way back in 2012 (practically ancient history) the social networking website LinkedIn was hacked and over 6 million usernames and passwords were stolen. My username and password (grayknot31) were among the millions of compromised accounts.
Now, more than 7 years later there are people out there still trying to make gains from this event, in my case they are trying to extort money from me.
Here is what the email says-
^^ is your password. You don't know me and you're thinking why you received this email, right?
I placed malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as an RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam.
Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account. What exactly did I do? I made a split-screen video. First part recorded your webcam (Yep! It's you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price to pay for our little secret. You'll make the payment via Bitcoin to the below address (if you don't know this, search "how to buy bitcoin" in Google).
BTC Address -->>
(It is case sensitive, so copy and paste it)
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don't get the payment, I will send your video to all of your contacts including relatives, coworkers and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with "Yes!" and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don't waste my time and yours by replying to this email.
Is it real?
Some of what is said in this message is real and I suspect that there is enough truth or possible truth in it to intimidate a percentage of the recipients in to paying.
The password is real - or in my case, it used to be. After the Linked In hack was made public I changed my password.
Without putting any real effort in, I used Google to search for "Internet porn statistics" and you know what? According to one site, somewhere between 4% and 10% of all websites contain 'adult content' and nearly 90% of American men and 30% of American women watch porn at least weekly. These numbers are not in any way surprising and I'm sure Australian's have a similar appetite.
So with this in mind, the odds are in the scammers favour that their target victim has watched internet porn recently.
What about the rest of their claims? Is it even possible?
" While you were watching the video, your web browser acted as an RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. "
They have dropped a few techie terms that most people have probably heard and the fact is that it would be possible for someone to write malicious software to covertly record someone's webcam and their desktop and subsequently send that video to the attacker. For me, this is what makes this scam especially worrisome, even though this one is not legitimate, this kind of extortion could happen for real.
Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
Unfortunately, data collection as described here is a common trait of malware, this is not only possible, if the scam were real it would be probable.
So how do we know this one isn't real?
There are a couple of indications that makes me confident that there is nobody out there with a video of me watching porn and trying to extort me for it.
The biggest clue is that they have not given any indication at all that they have addressed this email specifically to me. The only bit of personal information is a 7+ year old password that is no longer valid. And because I don't use the same password for more than one service I know that that password was only ever used for LinkedIn and I also know that that password was compromised way back in ancient history.
If the email didn't have this one single bit of personally identifiable information I wouldn't be worried, would I?
The second big clue is that if it were real, the scammer would do everything possible to convince me that it is real - they would have included a video clip or still-frame to prove their point. Adding such a video clip would cost them nothing in terms of effort or exposure to law enforcement and would definitely increase their chances of a successful extortion. They didn't include a video clip therefore there is no video.
But what if it is real?
This particular scam has been doing the rounds for a few years now and over that time I've had quite a few customers call me worried that it is real. I explain to them that it is definitely not real. They are worried because they have obviously looked at Internet porn (let's be realistic here, who hasn't?) and are concerned about the existence of the video.
At this point during the conversation I ask them to pretend for a moment that they knew beyond doubt that the scam was real, that the extortionists really do have a video of you watching porn and doing nasty things, what now?
If you pay the ransom what do you think you will achieve? I'm no criminal psychologist but my guess is that the extortionists have already decided what they are going to do, regardless of whether you pay or not. Paying them doesn't change anything other than your bank account balance so you may as well hold on to the money and hope for the best. Besides, in most people's case, the victim's friends and family would probably pay to NOT have to endure watching such a video!
I hope you have enjoyed this scam dissection and learned something from it. Feel free to leave a comment or suggestions for a future post below or contact us for more information.