There is a new scam going around the internet. I got my first call from a distraught client 3 months ago about it. In this particular instance the nefarious sender somehow got a hold of a legitimate password, albeit a rather old one, that the client used at one time on an internet site. That was the hook. It’s unclear and certainly unnerving that they would have an old password, but this added legitimacy to the claim that the scammer is attempting portray as real. In this particular instance, as we were going down through the message that was forwarded to me, two questions came to mind instantly because the sender claimed that the receiver of the message had been observed logging into a porn site and that they had the goods on them.
- How could this be possible when the content filters on the SonicWALL in use on this local network would not allow porn sites to be accessed?
- How could this happen since Bitdefender, the AntiMalware solution currently in place in this environment which also uses content filtering would prevent access to such sites?
The answer, of course, is it wouldn’t be possible and I said as much. Once that was established it anxiety levels dropped quickly. It was then a matter of performing due diligence and changing account passwords on the internet just for good measure and making sure they’re properly formatted passwords and not simple, easy to guess passwords.
I’ve sanitized certain parts of this message by removing the actual recipient’s email address and the password that was part of the message.
Date: October 5, 2018 at 8:25:57 AM EDT
To: “real-password” <firstname.lastname@example.org>
Subject: Your Account Was Hacked!
I’m a member of an international hacker group.
As you could probably have guessed, your account email@example.com was hacked, because I sent message you from it.
Now I have access to you accounts!
For example, your password for firstname.lastname@example.org is real-password
Within a period from July 17, 2018 to October 3, 2018, you were infected by the virus we’ve created, through an adult website you’ve visited. So far, we have access to your messages, social media accounts, and messengers.
Moreover, we’ve gotten full damps of these data.
We are aware of your little and big secrets…yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..
But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched! I think you are not interested show this video to your friends, relatives, and your intimate one…
Transfer $800 to our Bitcoin wallet: 14bXUoPwruptLamUfKTuMW39Qy1q4ohX9w
If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy.
I guarantee that after that, we’ll erase all your “data” 🙂
A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.
Your data will be erased once the money are transferred. If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.
You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.
Since seeing the first iterations of this scam message they’re changing a little and may not contain a once real or in-use password, but generally do contain essentially the same content about the subject being caught access a porn site. The latest iteration the senders have taken to spoofing the from address in such a convincing manner that unless you spend quite a bit if time reading and interpreting email headers you’d swear the message is genuine. Which, or course, causes instant panic. And that’s what they mean to do. Thankfully, and I’m quite proud of my clients, because they’ve been listening and the first thing they do is call me to find out what’s going on and if it’s real.
So, if you happen to see something like this show up in your inbox, the very first thing you need to ask yourself, is: Is this real, or is this a scam? Technically speaking it is real; a real form of phishing/social engineering. They’re attempting to cause a state of panic that would get the recipient to send them money.
it’s worth mentioning that one of the things that sticks out in this message is the phrase, we recorded you with your webcam. That statement sticks out like a sore thumb. Most desktop workstation don’t have web cams unless you actually have one mounted on top of one of your monitors. Laptops, on the other hand do. A lot of people I know and work with or do work for, put a piece of tape on their laptop’s web cam and only remove i when they need to use it. No, i don’t wear a tin-foil hat. That phrase sticks out so much and is a quick indicator that this is junk because 99 times out of 100 when the web cam turns on there’s also a red light that indicates it’s on. This isn’t Hollywood; the two are connected so when the web cam is drawing power and operating the red light is lit.
It’s also worth mentioning that if it has been a long time since you’ve set/reset a password for a site that you use then you should consider resetting the password on a more regular basis.Even if you’re no longer using that site, it’s likely you’re still using that site’s password for something else. It’s a good practice to get into. If you have trouble coming up with a good, complex password you can use a password generator such as dinopass. I know, when you first visit the site it states its an Awesome password generator for kids, however there’s a button labeled Another strong Password please which will generate a stronger, more complex password. As I tell folks though, the best passwords are made from word phrases that are unique to the user so the user can remember them. The longer the phrase the better the password. And use numbers and special characters for letter replacements. Password managers like Dashlane are great tools to keep track of your passwords, their strength and it will also warn you when breaches happen such as the last few at Yahoo and some major financial institutions. If you’ve got to store your passwords somewhere for later reference this is the way to do it safely.
phrase: I like large breed dogs
CamelHump style with number replacements: IL1keL@rg3BreedD0gs/
The phrase starts with a capital “I” and then ever word in the phrase begins with a capital letter. That’s what is known as camel-hump or CamelHump notation. It’s used a lot in programming languages. I saw it first when I was taking a program course in Java and Java script. In this phrase the ‘i’ in Like is the number 1, the A in large is the @ (at) symbol. If course the E at the end of large is a 3 and the “O” in dog is a zero. To end it all I use a forward slash. that’s the slash character on the same key as the question mark (?). Not to be confused with the backslash \ that is on the same key as the pipe symbol just above the ENTER key. But… I digress…
Another thing I want to point out in this message is the time limit stated for the recipient to take action: in this instance it’s been well over 3 months and nothing has happened. Other than the initial shock of the whole thing which was the sender’s intent to begin with. Scare them into doing something that can’t be undone.
Some Additional Information About Strong Password Generators
- Password Managers: 10 Best Password Managers of 2018
- Strong Password Generator (web based) They’re ugly and not easy to remember, but they definitely meet complexity requirements.
- Secure Password Generator (web based)