ESET warns users of fraudulent emails seeking to earmark money, especially from people watching online videos with pornographic content.
The cybercriminals behind these emails claim to have violated the victim's device and have recorded the person while watching pornographic content. The message assures that in addition to capturing the webcam behavior, the videos that have been played are also recorded.
"Cyber criminals are asking for an amount of about 0,40-0,45 Bitcoin - US $ 2.000 not to disclose the material, but we've already seen messages asking for other amounts," he explains. Ondrej Kubovic, Security Awareness Specialist of ESET.
"Once the email opens, the victim has 48 hours to pay, otherwise cybercriminals are threatening to send the incriminating video to all the contacts he managed to steal from the broken device," adds Kubovič.
In earlier escapes with sextortion scam that ESET detected, emails were mostly in English, but in the last few days emails adapted to their respective country languages were found mainly in Australia, the United States, the United Kingdom, Germany, France, Spain, the Czech Republic and Russia .
ESET warns the public that this fraud is an attempt to extortion and that cybercriminals do not really have such a video of the victim.
Sextortion may also be the case where cybercrime has real photographs of the victim, which has, for example, been extracted from a private conversation through a false profile. It is a particularly dangerous fraud if the victim is a child.
What differentiates this particular scam from the previous is the efficiency of social engineering that has been used, especially given the targeting ability of users who have hidden pornographic content on their devices.
In some of the previous versions, the email seemed to be "coming from the victim's e-mail address", which confirmed the allegations of cybercrime for violating the device.
In an even older version of this scam, the attacker claimed to know the victim's password, and to prove his claim, he incorporated the code into the main text of the message.
In this case, cybercrime had probably acquired the code through one of the big data leaks that included billions of authentic login names and passwords. If a user has actually used the password mentioned in this scam, they may be afraid and make a payment.
Another reason this scam is effective is because of the sensitive issue of pornography. As many people visit hidden pages with pornographic content, the idea that their family, acquaintances, colleagues or their colleagues can learn about their behavior is extremely unpleasant.
"If you receive such an email in your mailbox, act cautiously and avoid hasty moves. First of all, do not respond to scam, do not open attachments, do not click on embedded content, and definitely do not pay.
If you see the actual password listed in your message, we recommend that you change it and enable the dual agent authentication check on this mail service.
Many times cybercriminals test login information and use the infringing account at least to spread their messages.
Scan your device with reliable security software that can detect actual infections and other problems, such as the malicious use of the built-in webcam, so it can be corrected, for example, simply by adding a tape to the lens, "concludes Kubovic .