Email scam alert: sextortion spam emails

itro > IT Security  > Email scam alert: sextortion spam emails

Email scam alert: sextortion spam emails

‘Your Password’ – An Extortion Email Scam Circulating¬†

Police are warning of a sophisticated extortion email scam currently circulating whereby the sender is claiming to have:

  • Installed malware on the recipient’s computer.
  • Filmed videos of the recipient watching adult videos via their webcam.
  • Asking you to pay a Bitcoin ransom.
  • Failure to comply with the demand will lead to the publication of the video to your entire contact list.

Below is an example of the email:

The most frightening part of the above email? The password is correct. However, generally, it’s a very outdated password from years ago and may not be in use anymore.

How are they getting this information?

KrebsonSecurity explains they believe it is semi-automated process whereby “the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.”

What you should do:

  1. Ignore emails like this

    • If you receive an email similar to the above, do not respond, rather, ignore it and send the email to your IT team to investigate. Because most of the time, these emails are fake
  2. Start using a password manager

    • Security experts recommend using a password manager. A password manager assists in generating complex and secure passwords. We suggest using a password manager like Dashlane or Lastpass but here is a list of password manager products in the market.
    • Change your password every 6 months
  3. Ensure you have up-to-date anti-virus and firewall on your systems

    • Without these, you are extremely vulnerable to attacks. So, if you are unsure whether your systems are up-to-date, call itro on 1300 10 3000
  4. Finally, check what data breaches your account credentials have been included in:

    • Have I been Pwned is a site where you can enter an email address and check whether your credentials have been exposed in attacks

If you are a victim of the above scam or similar, you should report the matter promptly through the Australian Cybercrime Online Reporting Network

No Comments

Sorry, the comment form is closed at this time.