Whether or not they can actually see you, the threat hits home...
It’s an indelicate subject, but scammers don’t really pay much attention to polite social norms. Regardless the topic, if it’s a real threat we’ll try to protect our clients.
We’re tracking a new version of an older email scam threatening to turn over videos and captures of webcams of users on porn sites. The text is below, but they start by revealing a password that may well be yours, and then threatening to release a video of the user and the site they’re viewing at the same time. Needless to say it’s not meant to be flattering.
ProCircular has received calls, and there’s a ton of chatter from other firms receiving the same thing. They’re being sent by multiple groups for varying amounts – usually between $1900 and $3800. In more than one case they seem to be drawing the passwords from a DropBox breach from awhile back.
Our advice? Don’t pay. It’s highly unlikely that the claims are true, if for no other reason than the similarity between the emails from multiple sources.
On the subject of safe surfing: We know that none of our customers would every go to a site like this, but a person did it would be a good plan to install a package like Malwarebytes to better protect the workstation, and for scanning to confirm that you’re clean we recommend BitDefender. Also, it’s considered ‘best practice’ to stay on the road most travelled. The more obscure the website viewed, the greater the chances of winding up with Ransomware or some such.
According to the FBI, here are some things you can do to avoid becoming a victim:
- Never send compromising images of yourself to anyone, no matter who they are or who they say they are.
- Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
- Turn off [and/or cover] any web cameras when you are not using them.
The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).
Hope this helps, below is a sample email from one of the scammers:
-ARW
Aaron R. Warner, CEO
ProCircular – Security. Privacy. Trust.
---cut here—
From: Darren Gansheroff [ppljasminagu@outlook.com]
Sent: Tuesday, July 10, 2018 3:56 PM
To: {Internal Use}r
Subject: EXTERNAL:{ email_user} – {password}
I do know, {password}, is your pass word. You may not know me and you are most likely thinking why you're getting this email, correct?
In fact, I installed a malware on the adult videos (pornography) website and there's more, you visited this website to experience fun (you know what I mean). While you were watching video clips, your web browser started out functioning as a RDP (Remote control Desktop) with a keylogger which provided me with accessibility to your screen and also web camera. Just after that, my software gathered all your contacts from your Messenger, FB, as well as email.
What did I do?
I created a double-screen video. 1st part shows the video you were viewing (you have a good taste : )), and 2nd part shows the recording of your cam.
What should you do?
Well, I believe, $1900 is a reasonable price for our little secret. You will make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).
BTC Address: 1JHwenDp9A98XdjfYkHKyiE3R99Q72K9X4
(It is cAsE sensitive, so copy and paste it)
Note:
You now have one day in order to make the payment. (I have a special pixel within this mail, and now I know that you have read through this message). If I don't receive the BitCoins, I will send your video to all of your contacts including friends and family, colleagues, and many others. Nevertheless, if I receive the payment, I will destroy the video immidiately. If you want proof, reply with "Yes!" and I will certainly send your video to your 12 contacts. This is a non-negotiable offer, so please do not waste my time and yours by replying to this email message.