ESET warns users of fraudulent emails seeking to earmark money, especially from people watching online videos with pornographic content.
The cybercriminals behind these emails claim to have violated the victim's device and have recorded the person while watching pornographic content. The message assures that in addition to capturing the webcam behavior, the videos that have been played are also recorded.
"Cyber criminals are asking for an amount of about 0,40-0,45 Bitcoin - US $ 2.000 not to disclose the material, but we've already seen messages asking for other amounts," he explains. Ondrej Kubovic, Security Awareness Specialist of ESET.
"Once the email opens, the victim has 48 hours to pay, otherwise cybercriminals are threatening to send the incriminating video to all the contacts he managed to steal from the broken device," adds Kubovič.
In previous scams with sextortion scam που είχε εντοπίσει η ESET, τα email ήταν κυρίως στα αγγλικά, ωστόσο τις τελευταίες ημέρες εντοπίστηκαν email προσαρμοσμένα στην αντίστοιχη language of each country mainly in Australia, United States, United Kingdom, Germany, France, Spain, Czech Republic and Russia.
ESET warns the public that this fraud is an attempt to extortion and that cybercriminals do not really have such a video of the victim.
Email scams like these have been appearing for years and are not a new form of fraud. The specific case in which an attacker usually asks the victim to pay money is called sextortion.
Sextortion can also be where the cybercriminal has real photos of the victim, obtained for example from a one-on-one conversation via a fake profile. This is a particularly dangerous scam if the victim is a child.
What differentiates this particular scam from the previous is the efficiency of social engineering that has been used, especially given the targeting ability of users who have hidden pornographic content on their devices.
In some of the previous versions, the email seemed to be "coming from the victim's e-mail address", which confirmed the allegations of cybercrime for violating the device.
In an even older version of this scam, the attacker claimed to know the victim's password, and to prove his claim, he incorporated the code into the main text of the message.
In this case, cybercrime had probably acquired the code through one of the big data leaks that included billions of authentic login names and passwords. If a user has actually used the password mentioned in this scam, they may be afraid and make a payment.
Another reason this scam is effective is because of the sensitive issue of pornography. As many people visit hidden pages with pornographic content, the idea that their family, acquaintances, colleagues or their colleagues can learn about their behavior is extremely unpleasant.
“If you receive such an email in your mailbox, please act wisely and avoid rash actions. First of all, don't reply to the scam, don't open the attachments, don't click in embedded content, and definitely don't pay.
If you see the actual password listed in your message, we recommend that you change it and enable the dual agent authentication check on this mail service.
Cybercriminals often try them information and use the compromised account at least to spread their messages.
Scan your device with reliable security software that can detect actual infections and other problems, such as the malicious use of the built-in webcam, so it can be corrected, for example, simply by adding a tape to the lens, "concludes Kubovic .
Very nice article!
I would also like to add a classic case of scammers' failure, which is that usually such messages go to the unwanted because the sender is hiding behind non-existent addresses so the recipient almost never sees it.