With people becoming increasingly aware of the risks posed by phishing emails and ransomware, cyber criminals have looked to develop new, malicious tricks to cheat people out of their money, data and passwords.
Nicknamed ‘sextortion’, their latest trick is to send emails claiming to have obtained compromising videos of the user watching adult entertainment after hacking their system and hijacking their webcam.
Consequently, they send an email threatening to release embarrassing footage of the user to their colleagues and family, unless they pay a stated amount, typically into a specified PayPal or Bitcoin account.
In the same way as a typical ransomware attack, this webcam ‘sextortion’ is designed to make you feel uncomfortable, only this time the threat is to embarrass you to your family or damage your reputation at work. And just like typical ransomware attacks, this scam is designed to play with your mind to make you pay up.
To make it seem more believable, often the hacker will attempt to prove their power by including some of your private information, typically the password to your email account, and given the high-profile attacks on the likes of Facebook, it is not uncommon for users to feel vulnerable.
But importantly, the hacker typically has not taken control of your computer, nor do they have any compromising footage from your webcam, but the criminal hopes the scam will convince you it is a real issue.
Action Fraud, the UK’s national reporting centre for fraud and cybercrime, claims it has seen a dramatic increase in these types of attack. And, as some victims were being sent these intimidating emails featuring their passwords in the subject line, it said many victims said they took far more notice of the threat. However, Action Fraud also said it was far more likely the ‘hackers’ had obtained passwords through old data breaches – hacking websites the victims had previously used.
Thankfully, there are some simple actions you can take to stop you falling victim.
Firstly, do not reply to the email or be pressured into paying. Doing either of these only proves you are vulnerable to their threats and increases the risk of the criminals targeting you again. The police advise you not to pay criminals. Instead, try flagging the email as spam/junk, particularly if you receive it multiple times.
Secondly, perform password resets as soon as possible on any accounts where you have used the password mentioned in the email. Always use a strong, separate password for important accounts, such as your different email accounts or prominent online shops. Where available, enable two-factor authentication – more on this next week.
Always install the latest software and app updates. Install or enable anti-virus software on your laptops and computers and keep it updated
And, of course, with Penta’s enterprise-grade, anti-spam, anti-virus email systems blocking even the most determined hacker and denying spammers access to your webcams as well as your email accounts and address database, your staff can concentrate on their business, rather than focus on dealing with unwanted distractions.
Next level phishing attacks
Hackers out to strike fear in victims with webcams
Krebs on Security