The Notorious "We Watched You Watch Porn" Blackmail Attempt
There have been countless incidents where people have received a nefarious looking Email informing them that they have been caught on their webcam watching porn, and that if they don't pay some ransom in bitcoin, the person behind the threat will release the offending videos to everyone in their contact list.
Here's a sample of such email:
I'm aware, XXXXX is your password. You don't know me and you're probably thinking why are getting this mail, right?
Well, I actually placed a malware on the adult video clips(porno) website and guess what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your internet browser started out working as a RDP (Remote Desktop) with a key logger which gave me access to your display screen as well as web camera. Just after that, my software progrma gathered every one of you contacts from your messenger, Facebook, and email.
What did I do?
I made a double-screen video. First part shows the video you were watching (you have a nice taste omg), and 2nd part displays the recording of your webcam.
Exactly what should you do?
Well, I believe, $2900 is a fair price tag for our little secret. You'll make the payment by Bitcoin (if you do not knowthis, search "how to buy bitcoin" in Google).
BTC Address: 1HpXtDRUmklGZaFTXXXXXXXX
(It is cAsE sensitive, so copy and paste it)
These emails look a bit scary as they might list your name, email address, past or present password, or IP address. If they included a present or past password, it is likely a website you were once registered to was hacked and the attackers dumped members user information online.
If you think that is the case, you should check to see if any of your online accounts have been compromised by running your email address through havibeenpwned.com. This site provides a free service that allows internet users to see if their personal information has been compromised in any data breaches.
Regardless, take a breath and relax, these emails are a scam and they do not have video of you watching porn. It is just a ruse trying to trick you into sending someone some bitcoins.
If you are feeling paranoid, it is still a good idea to go ahead and update your email password to a preferably strong passphrase. Or better yet, enable multi-factor authentication.
Signs that your email has been hacked
There are a few signs that should they occur, it likely means your account has been compromised. On a positive note, in most cases, the attacker is not going to change the email password as that would be a dead giveaway your account has been broken into. They want to use the account to send out phishing email campaigns, spam, or for other nefarious actions and they don't want to get caught.
Here are some telltale signs your account has been hacked:
- New email are showing as read, even though you don't recall looking at them, mail that you were sure were there has gone missing, or you have people reaching out to you asking if you received their mail when you haven't.
- You start to get alerted by your contacts that they are receiving spam or suspicious emails from you containing requests to view unsolicited invoices or documents.
- You start receiving NDR's, or bounce-back messages from your or others email providers stating that your message was unable to be sent due to an invalid recipient address, messages about your message quota being reached, or message being blocked as potential spam.
What to do next?
First, don't panic. If you still have access to your account, immediately change your password to something strong and complex. You will want to use at least 8 characters with a mix of capital and lowercase letters, numbers, and special characters.
Next, many mail hosts provide a means to see what devices have been used to access your account and when this access has occurred.
Gmail
You can check the activity detail of your gmail account by logging into webmail, scroll down to the bottom of the window, and then in the bottom right click on the "Details" link under "Last Activity".
Clicking on the "Details" link will open a new window that will allow you to see all devices that have connected to your account along with the originating IP address and nation it was accessed from. You also have the ability to sign out all devices, which you should immediately do.
Once this is done, it is highly recommend that you configure multi-factor authentication for your account. This will then require both a password and an additional approval method (usually a push notification to your phone via text or an app like Google Authenticator) to access your account.
You can read more on configuring your Gmail account to use multi-factor authentication here: Google 2-Step Verification
Microsoft Office 365 (Outlook.com, Hotmail, live.com, etc)
For any of the Microsoft hosted accounts, you can view your account activity by signing into email, then in the top right of the window click on the circle that contains the username initials.
From the menu that expands, click on "My Account", scroll down and click on the "Security" box (if prompted enter your Microsoft email address and password). On the site you are redirected to, you will then have the ability to view Sign-in activity, change passwords, enable 2 factor authentication and access a range of other security options related to your account
For other email hosting providers, you will need to investigate the steps needed to secure your account and if all else fails, contact their respective support.
For other email hosting providers, you will need to investigate the steps needed to secure your account and if all else fails, contact their respective support.
What to do if you lost access to your account
This is where things can get a little difficult. If you lost access to your account, it likely means the attacker changed the password.
Most Email providers have an account recovery process that will ask you to provide the answer to the multiple security questions that were configured when the account was initially setup. If you no longer remember the answers, or if the security questions were changed, you are going to need to reach out to the providers support to have them assist in the recovery.
Conclusion
The reason most Email accounts get compromised to begin with is due to a lack of security awareness. Easy to guess passwords along with being fooled into entering your username and password into a fake site are the primary ways accounts are getting broken into. Even with a long and complex password, these can still be cracked when given enough time. They best way for securing your account to unwanted intrusion is to enable multi-factor authentication, which nearly all major email providers are now supporting.
STOP REUSING PASSWORDS! This cannot be said enough. It is rare a day goes by where you are not hearing about yet another companies network getting broken into and customer data getting leaked out into the wild. Therefore, it is extremely important to use unique passwords for any site or service you subscribe to. Something different than what you are using for your email.
Also, always be very cautious of opening any attachments sent by anyone, even those sent by someone you know and trust. Many compromised accounts will be used to spam out Emails to the victims contacts with the goal of gathering even more unsuspecting peoples login credentials. These emails will often contain an attached PDF or Word document that when clicked on will prompt you to sign in to what looks like a cloud storage site to view the document. Attackers will build a site that looks identical to an Office 365 or Google Drive login page and after you enter your credentials, you will be automatically redirected to the official site. All it takes is a simple glance at the sites address to determine if you are where you think you are, and it is something many people fail to do. When in doubt, reach out to the sender to confirm they legitimately sent you a document.
Securing your account really isn't a time consuming or overly technical process and is something that should certainly be done for anyone even remotely concerned about keeping their accounts safe. Following these few tips provided here will greatly help you improve the security of your Email and prevent hackers from accessing them.
STOP REUSING PASSWORDS! This cannot be said enough. It is rare a day goes by where you are not hearing about yet another companies network getting broken into and customer data getting leaked out into the wild. Therefore, it is extremely important to use unique passwords for any site or service you subscribe to. Something different than what you are using for your email.
Also, always be very cautious of opening any attachments sent by anyone, even those sent by someone you know and trust. Many compromised accounts will be used to spam out Emails to the victims contacts with the goal of gathering even more unsuspecting peoples login credentials. These emails will often contain an attached PDF or Word document that when clicked on will prompt you to sign in to what looks like a cloud storage site to view the document. Attackers will build a site that looks identical to an Office 365 or Google Drive login page and after you enter your credentials, you will be automatically redirected to the official site. All it takes is a simple glance at the sites address to determine if you are where you think you are, and it is something many people fail to do. When in doubt, reach out to the sender to confirm they legitimately sent you a document.
Securing your account really isn't a time consuming or overly technical process and is something that should certainly be done for anyone even remotely concerned about keeping their accounts safe. Following these few tips provided here will greatly help you improve the security of your Email and prevent hackers from accessing them.
No comments:
Post a Comment