People have been using email to scam people for as long as it has been around. In the early days these scams were generic and fairly easy to spot. The classic scam was to send an email, supposedly from a foreign prince, claiming they could not move their money out of their country. All you had to do was provide your bank details and they would put thousands of pounds into your bank account, some of which you could keep. They have tried other similar scams over the years. As people become more tech savvy, they are rarely successful. Today scammers are trying a new tactic. They prey on your fear and insecurity to blackmail you into giving them money.
Passwords and pornography
In recent years security breaches have affected many large companies, such as LinkedIn, eBay, Yahoo, and PayPal. Resulting in users’ passwords being publicly posted online. This latest scam involves people taking passwords from these sites and emailing you. Providing you with a password you either use currently or have used in the past, gives them a sense of credibility. Once they have your attention, they will claim they have used your password to install malware on your computer that allows them to access your webcam. In these emails they claim they have recorded video of you visiting adult websites and that they will release these videos to your contacts list unless you meet their demands. Scams such as this are particularly nasty and manipulative. The important thing to remember is that they are entirely false. They usually demand you pay them in Bitcoin, as this currency allows them anonymity. Trying to make you panic and give into their demands without thinking your actions through, they will normally only give you a short time to comply.
How to recognise these emails
The emails can vary slightly as different scammers are using the same tactics, but they have several key things in common:
- They will include either a current or previous password of yours, often included in the subject line to grab your attention.
- They will say using this password has allowed them to gain access to your computer, webcam, and contact list
- They demand money to be paid to them in bitcoin
- Only a short amount of time is given to meet the demands
What to do if you receive one of these emails
Under no circumstances should you meet their demands. What they claim to have on you is always a lie. Even if it wasn’t, if you give into them they can use the same threat to demand more money. If you receive one of these emails the best thing to do is simply delete the e-mail. If you’re concerned, consider changing all your passwords and make sure the new ones are strong with a mixture of lower and uppercase letters, numbers and symbols. You should change your passwords regularly, to improve security.
Consilium are experts in IT security and are a leading partner of Palo Alto Networks; a market leader in network security. For more information click here.