Don’t fall for this porn scam – even if your password’s in the subject!

Credit to Author: Paul Ducklin| Date: Tue, 17 Dec 2019 23:03:19 +0000

Sextortionists are back with some new twists and turns in their odious and confronting scams.

If you haven’t encountered the word before, sextortion is the popular term for cybercrimes that combine sex or sexuality and extortion.

When they arrive by email, sextortion attempts generally involve a blackmail demand along the lines of, “I know you did sexy/naughty/prurient thing X, pay me Y or I will tell Z.”

Most often:

  • X is something that the crooks say they have evidence of via screenshots from your browser and your webcam.
  • Y is typically about $2,000, payable within a few days.
  • Z varies between ‘your closest friends’ and ‘everyone in your contacts’.

The scam version we’re discussing here looks like this:

As you can see, the crooks justify their claim to have both browser screenshots and stolen webcam footage by saying they’ve planted remote control malware on your computer.

That sort of malware does exist, and it’s often referred to by the term RAT, short for Remote Access Trojan.

However, in this case, the crooks don’t have a RAT on your computer – the story about remote control malware is just that: a story to scare you into paying up.

The crooks also claim to have infected your computer with malware by implanting it on the website you supposedly visited.

Again, what they describe is theoretically possible but it’s not what actually happened in this case – it’s just more made-up scare tactics.

The ‘proof’

The last piece of ‘evidence’ the crooks give in this attack is to ‘prove’ that they do have access to your computer by including a password of yours.

Often, the password you’ll see really is (or was) one of yours, but it’s usually very old and you almost certainly changed it years ago.

As many Naked Security readers have pointed out before, the only solid way for the crooks to prove that they had the sneaky evidence they claimed would be to share a clip of the alleged video with you…

…but they never do that, for the very simple reason that they don’t have anything.

That long-breached, widely-known, already-changed (you did change it, right?), no-longer-important password is all they have; the rest is just bluff.

How it works

This particular example has a few novelties:

  • The subject line is your old password. Presumably, the crooks want to grab your attention, as well as giving anti-spam filters nothing predictable to look for in the subject.
  • The entire body of the email is actually sent across as an inline JPEG image with the text inside it. Presumably, the crooks hope to avoid getting spotted by an anti-spam filter that relies on analysing the textual content of the message.
  • The Bitcoin address to which you’re supposed to send the money is a QR code, not the usual text string you’d expect. Presumably, the crooks figure that because you can’t copy-and-paste text from an image, they need to provide it as an image you can scan with your phone.
  • Many of the English letters have been replaced with not-quite-right equivalents using accents and other modifiers. We can’t actually think of a good reason for the crooks to do this given that the characters are then converted to an image anyway. Perhaps they thought it looked freakily mysterious and therefore more likely to scare you, or they were trying to make life harder for any optical character recognition software that might be used along the way.
  • The crooks say they will send you ‘real proof’ in the form of the actual video, but only by sending it to 11 of your closest friends. Clearly this is an absurd offer given that they’re simultaneously demanding that you to pay up to stop the video reaching anyone.

What to do?

Here’s our advice:

  • Delete and move on. This sort of email is scary and confronting. Sadly, however, you can’t control what other people try to send to you. You can only control what you receive (for example by using a spam filter), and how you react to the things that actually reach you.
  • Don’t send any money. The Bitcoin (BTC) address in this email has received five incoming payments, but none of them seem to correspond to the amount demanded, given recent BTC exchange rates. Keep it that way!
  • Don’t reply. It’s tempting to test the crooks out, either to see what they’ve got out of fear, or to see how they react if provoked out of amusement. But you already know these guys are crooks, and you know they’re bluffing, so don’t play back into their hands by engaging any further.
  • Change your exposed password. You probably already have, given that the crooks are using an ancient password that was breached long ago. But if you haven’t, or if you’ve changed it only superficially (e.g. jimmy to jimmy99), revise your attitude to passwords right now. Consider a password manager if you haven’t already.
  • Never follow instructions in an email just because the message is insistent or because you’re frightened. If you aren’t sure about a link, a demand or an attachment, ask someone you trust for advice. And ask them face-to-face if you can, rather than just reaching out to someone you think you know online.

LEARN MORE ABOUT SEXTORTION – NAKED SECURITY LIVE

Here’s an informative video we recorded earlier this year…

(Watch directly on YouTube if the video won’t play here.)

http://feeds.feedburner.com/NakedSecurity

Leave a Reply