Scammer gain access to legitimate usernames and passwords that were exposed during security breaches
by Rachel Gelb, writing for the Better Business Bureau. Reprinted with permission. Read more here.
08/26/2019 – Better Business Bureau (BBB) is warning the public about sextortion emails from scammers trying to blackmail recipients into giving them money. Sextortion emails typically include threats to reveal images and videos of the victim watching or utilizing pornography, copies of their browser history or evidence that they downloaded videos from pornographic sites. The increase in this type of scam is believed to be due to scammers getting access to legitimate usernames and passwords that were exposed during major security breaches.
How the scam works:
The scammer will contact people whether or not they visited pornographic sites and claim they have hacked their computer and activated their webcam. They will share that they have been able to access all the porn sites the victim has visited. The scammer then threatens to send embarrassing images, videos and screenshots to stolen contacts, family, friends and co-workers if a payment is not made.
Generally speaking, the threat is likely an empty one, because the blackmail message usually fails to include personal information or any other details that hackers could use to increase their credibility. However, there are cases where the victims are specifically targeted because their data was compromised in a major security breach some time ago, which exposed details for billions of users. In those situations, the scammer may have your email, telephone number and at least one password, and will refer to it in the email. By using real information, the scammer’s email sounds more threatening and convincing.
Bitcoin: The Preferred Currency
Recent submissions to BBB Scam Tracker inform that the criminals want to be paid in bitcoin, a virtual currency that is very difficult to trace. A recent victim shared in his Scam Tracker report that “a scammer obtained my password and demanded to be paid almost $1,700 in bitcoin, otherwise, he would send porno pictures of me to my friends”.
Hackers are getting bolder and smarter and because of this, everyone is at risk of getting a sextortion email. Unfortunately, threatening the release of embarrassing footage that could negatively impact one’s personal and professional reputation, can trigger the need for self preservation, even if it comes at a cost of hundreds or even thousands of dollars. Scammers will happily play on a person’s emotions to trick them out of their money, and this is why it is important that you assess the situation and not just give your money away in a panic.
- The scammer does not provide any details about what site you supposedly visited.
- The scammer cannot support their threat with any evidence, for example, a compromising screenshot to prove they have the information they claim.
- The scammer requests an urgent ransom be paid in gift cards, bitcoins or wire transfer.
- Never send compromising images of yourself to anyone, no matter who they are—or who they say they are.
- Try searching the web for one or two sentences from the email to confirm it is actually spam.
- No matter what the email threatens, do not respond. Also delete the email.
- Do not open attachments or click links in emails from people you do not know. Doing so could lead you to a fake website designed to trick you into giving up personal information or you may download malware to your computer or mobile device.
- Never send money, buy a gift card or do anything to comply with the demands in the email.
- Do a security check on your computer and install security software.
- Enable two-factor authentication on your important accounts.
- Change passwords often and consider getting a password manager to ensure your passwords are strong and unique. Avoid using ‘password’, ‘Password123’, ‘12345’, and other most commonly used passwords. Click here for more password tips.
- To give you peace of mind, keep webcams covered when you are not using them.
- Check to see if your email was compromised in a security breach.