Hackers have been targeting individuals with a new ‘sextortion’ email scam, where they claim to have found a way to record them watching porn.
The scam involves sending emails to people which claim malware has been installed on their computer and has allowed the hackers to film them during private moments.
Victims are then told to pay up to stop footage of them masturbating being sent to all of their friends and family members.
Although email spam protections have improved when it comes to blocking scammers from targeting victims for cash, some hackers have a way of getting through security mechanisms by writing emails in Russian, as well as other languages, before asking the victim to read the text using Google Translate.
One such email – obtained by Bleeping Computer – reads:
The last time you visited a pornographic website with young teens, you downloaded and installed automatically spy software that I created. My program turned on your camera and recorded the act of your indignation and the video that you observed during the indignation.
I also received your contact lists, phone numbers, emails, contacts on social networks. I have a video file g_c.mp4 with ur mαsturbatioɳ and a file with all your contacts on my hard drive. If you want me to delete both files and keep your secret, you must pass me the bitcoin agent. [sic]
The translated email then goes on to inform the recipient that they have 72 hours to hand over 0.14 bit coins before the footage is shared. The bitcoin address is given in two parts, with the victim asked to combine it.
Such emails are – perhaps unsurprisingly – just a scam, intended to frighten victims into coughing up large sums of money to avoid public humiliation. And their bark is far worse than their bite.
In actuality, the scammers have not managed to hack their victims’ computers, and they haven’t installed malware to record individuals perusing adult content. And those targeted should not transfer so much as a penny.
As researchers from tech security company Proofpoint say:
Sextortion preys on the fears and insecurities of recipients, using stolen passwords and other social engineering tricks to convince recipients that their reputations are actually at risk.
Adding a URL linking to ransomware that purports to be a presentation showing the recipients illicit activities is a new technique, increasing the risk associated with this type of attack.
Individuals receiving sextortion emails should 1) assume the sender does not actually possess screenshots or video of any compromising activity and 2) should not click any links or open attachments to verify the sender’s claims.
Ransomware expert Lawrence Abrams from Bleeping Computer has advised those who receive a sextortion email they ‘do not have anything to worry about’.
Rather than sending payment to the bitcoin address, those targeted have been urged to mark the email as spam so filters can learn about these new tactics in order to better detect them going forward.
If you have a story you want to tell, send it to UNILAD via story@unilad.com
Jules studied English Literature with Creative Writing at Lancaster University before earning her masters in International Relations at Leiden University in The Netherlands (Hoi!). She then trained as a journalist through News Associates in Manchester. Jules has previously worked as a mental health blogger, copywriter and freelancer for various publications.