Sextortionists return for Christmas – price goes down, threats go up
Credit to Author: Paul Ducklin| Date: Tue, 24 Dec 2019 15:30:02 +0000
A week ago, a concerned Naked Security reader shared with us a “send us money or else” email that was a bit different from others he’d received in the past.
The claims and the demands followed a predictable theme – one that we call sextortion because of the connection between sexuality and extortion.
Simply put, the scammers open their game by telling you they’ve infected your computer with spyware, so they can spy on both your and your screen at the same time.
And, guess what?
They’ve got side-by-side screenshots of your browser window and images from your webcam, taken while you were watching porn, and they’ll share their juicy video with everyone you know…
…unless you pay hush money into a specified Bitcoin address.
But the modus operandi – the way last week’s email was delivered – was a bit different different from usual.
The crooks had hidden their whole email rant inside an inline image, presumably to stop text-scanning email filters from picking up on keyword combinations such as porn, Bitcoin and webcam.
Of course, if an email filter can’t extract keywords from the image, then you can’t copy and paste the vital Bitcoin address either, so the crooks provided a QR code instead.
And, just in case a really keen email filter tried to do optical character recognition (OCR) on the image to recover the original text, the crooks had used numerous slightly wacky versions of common English letters such as A, E, I, O and U – scattering them liberally with accents and other marks that are widely used in many languages but never appear in English.
Well, our diligent reader just reported that the same crooks have made a reappareance just in time for Christmas, warning him to “stop shopping and f***ing around” and to start taking their threats seriously.
They’ve not only got a new Bitcoin address to receive payments this time, but have also dropped the price slightly, from $1767 to $1500.
(Although they want payment using bitcoins, for reasons of anonymity, the amounts they’re demanding are given in US dollars; presuambly you’re expected to convert at the going rate when you pay up.)
Despite the price drop, however, there’s no mistaking that this demand, timed to align with Christmas, has a much more aggressive and menacing tone.
The crooks are now implying that they know more than just what’s happening on your computer, as though they’re able to spy on you much more generally than via your laptop webcam:
Yea, I know what you were doing the past couple of days. I have been obsserving you. [By the way,] nice car you have got there.
They’ve also signed off much more aggressively:
If you want to save yourself, better act fast, because right know you are f***ed. We will not leave you alone, and there are many people on the groups that will make your life feel really bad.
What to do?
This whole scam – both the first email and this even more odious follow-up – is just that: a total scam based on a pack of lies.
As always, our advice is simply to “delete the email and move on,” but we know that you probably have friends and family who might not be sure that’s a safe thing to do.
There’s something deeply unsettling about receiving threats to spread terrible stories about you – even if you never watch porn and know perfectly well that the threats are fake news, who knows how other people might react to falsehoods if they’re told a believable and salacious story about you?
What if the crooks don’t have the porn video but they do have malware on your computer?
If you’re visiting less tech-savvy friends and family this Christmas, why not show them the What to do When.. videos on our brand new YouTube channel?
Let us help you set their minds at rest on a range of “who knows what to believe?” topics including romance scams, data breaches and sextortion.