Sextortion: Whether you watch porn or not, you should read this
15 August, 2018
A personalised email from a hacker landed up into our mailbox a few days ago, which claims that he has some explicit material of us watching porn on our desktop and also has managed to record a video from the webcam on our laptop. The hacker says that he has recorded a video using the webcam which shows us in a compromising position. The email later goes on to state that the hacker will faithfully delete all such evidence if we send him the desired money to his Bitcoin account. Failing to pay the ransom will make him send the video to all our friends and family members which are listed in our contacts, that he has gotten hold of. Lastly, he also states that we could approach the cops, but it would be useless.
What hit us is that the hacker mentioned about recording a video of us in a compromising position. The funny part is that we don’t use laptops, and neither do we have cameras attached to our systems. While we ignored this email, it seems that we were not the only ones who were sent this email. The threatening email (sextortion) seems like a huge scam, where hackers are sending the same content to millions of people on their email address list. The list may have been procured from an online database, which is easily available from the dark web.
A similar article was online a few days ago, which mentions the hilarious incident that hit an 82-year-old man’s mail box. His email read the similar lines, where the hacker demanded $7,000 to his Bitcoin account. The 82-year-old stated that he was married for 6 decades to the same woman and never watched porn in his life.
Similar incidents have been reported in the last few weeks where the hacker claims to have evidence of targets watching porn, cheating on their spouses, or otherwise behaving badly. The email includes personal information of the victim in order to make it seem more genuine and a personalized target. If the victim really watched porn, and if he had done anything that the hacker claimed, he would be fooled into paying up. Unfortunately, the hacker actually has nothing with him and has just scammed the victim into paying money to an anonymous Bitcoin account.
It is a hoax.
PilotOnline reported that Devon Ackerman, an associate managing director at Kroll, a cybersecurity and investigations firm claims the email is a big hoax. “There is probably a small percentage that is true, but the current mailing campaign we’re seeing globally right now that Kroll is tracking is by far and large a hoax. It is very low tech. It is relying on human vulnerabilities,” said Ackerman.
The FBI had warned the public last week about such email scams. They also mentioned that they recently received a surge of reports about the sextortion issue. The bureau’s Internet Crime Complaint Center said that victims have received such extortion attempts via emails and physical letters too.
These types of scams are not new. The hacker/scamster sends out a mass email to millions of email addresses that he may have procured through illegal methods. Such database of email addresses, usernames and passwords, and a lot more personal information are easily available on the dark web for a small sum. The database is probably picked from a number of hacked websites in the recent past, especially high-profile breaches at major websites.
“They put enough facts in the email to make you think they really have compromised the system, when in reality the usernames or the passwords or email addresses are just from other publicly available website compromises,” Ackerman said.
PilotOnline also stated that Brian Krebs, a former Washington Post reporter who runs the news website Krebs on Security, reported the sextortion scheme has managed to trick dozens of people into paying anywhere from a few hundred to thousands of dollars, based on his review of Bitcoin addresses his readers received. Websites such as bitcoinwhoswho.com allow users to see transaction histories for Bitcoin accounts.