Scam alert: No, hackers don't have webcam vids of you enjoying p0rno. Don't give them any $$s

Extortionists snatch weak passwords to shame victims


Scumbags are trying to extort money from netizens by threatening to leak to friends and family videos of their marks watching X-rated videos.

A Reg reader this week shared their story of being contacted by an extortionist who claimed to have obtained, through hacking our reader's PC, compromising webcam footage of them engaging in an act of self-love while watching an adult website. No such video existed. Our tipster is also not the only one to receive one of these messages this month.

To help push the scam, the crooks had harvested some low-hanging fruit – a weak password scraped from a hacked forum our reader had frequented. The attacker showed the password to the reader in an attempt to convince them that the miscreant really was a hacker, and to pay up or else.

It's probably easier to just paste the email so you can see what we mean:

I'm aware, [REDACTED], is your password. You don't know me and you are probably wondering why you're getting this email, right?

Let me tell you, I actually placed a malware on the adult video clips (porn) website and there's more, you visited this site to experience fun (you know what I mean). While you were watching videos, your web browser began operating as a RDP (Remote control Desktop) that has a key logger which gave me accessibility to your screen and also webcam. Immediately after that, my software collected every one of your contacts from your Messenger, Facebook, as well as email.

What exactly did I do?

I made a double-screen video. First part displays the video you were viewing (you've got a fine taste ; )), and second part displays the recording of your web cam.

What should you do?

Well, in my opinion, $2900 is a fair price tag for our little secret. You will make the payment via Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).

In this case, the extortionist is banking on the target reusing their leaked password for other more important websites and being convinced that those accounts have been compromised as well. In reality, the attacker probably only has the one password, harvested from a forum you likely visited several years ago, and only wants to get a quick payout.

Blackmail

Sextortion on the internet: Our man refuses to lie down and take it

READ MORE

As our source notes, this is likely going to be successful enough to win the scammers a few easy bucks. After all, no one relishes the thought of friends and family seeing them indulge in the pleasures of the palm or pinkie.

"These people have obviously managed to hack a small time forum somewhere, as the password is, indeed, one of the low level passwords I use on forums where I don't give a flying about the account," our tipster told us on Thursday.

"However, if they are sending these out to people, then the scare factor is going to be significant enough to push real buttons on some people."

Fortunately, at least one of the accounts used by the scammers has been suspended by Microsoft.

If you receive this email, don't panic. Don't pay up. There most likely isn't a video. Change your password, and consider using two-factor authentication and a password manager to keep your accounts secure going forward. ®

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • Five Eyes alliance’s top cop says techies are the future of law enforcement
    Crims have weaponized tech and certain States let them launder the proceeds

    Australian Federal Police (AFP) commissioner Reece Kershaw has accused un-named nations of helping organized criminals to use technology to commit and launder the proceeds of crime, and called for international collaboration to developer technologies that counter the threats that behaviour creates.

    Kershaw’s remarks were made at a meeting of the Five Eyes Law Enforcement Group (FELEG), the forum in which members of the Five Eyes intelligence sharing pact – Australia, New Zealand, Canada, the UK and the USA – discuss policing and related matters. Kershaw is the current chair of FELEG.

    “Criminals have weaponized technology and have become ruthlessly efficient at finding victims,” Kerhsaw told the group, before adding : “State actors and citizens from some nations are using our countries at the expense of our sovereignty and economies.”

    Continue reading
  • Israeli air raid sirens triggered in possible cyberattack
    Source remains unclear, plenty suspect Iran

    Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. 

    While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat. 

    Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident. 

    Continue reading
  • China reveals its top five sources of online fraud
    'Brushing' tops the list, as quantity of forbidden content continue to rise

    China’s Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone.

    The e-commerce scam known as “brushing” topped the list and accounted for around a third of all internet fraud activity in China. Brushing sees victims lured into making payment for goods that may not be delivered, or are only delivered after buyers are asked to perform several other online tasks that may include downloading dodgy apps and/or establishing e-commerce profiles. Victims can find themselves being asked to pay more than the original price for goods, or denied promised rebates.

    Brushing has also seen e-commerce providers send victims small items they never ordered, using profiles victims did not create or control. Dodgy vendors use that tactic to then write themselves glowing product reviews that increase their visibility on marketplace platforms.

    Continue reading
  • Hackers weigh in on programming languages of choice
    Small, self-described sample, sure. But results show shifts over time

    Never mind what enterprise programmers are trained to do, a self-defined set of hackers has its own programming language zeitgeist, one that apparently changes with the wind, at least according to the relatively small set surveyed.

    Members of Europe's Chaos Computer Club, which calls itself "Europe's largest association of hackers" were part of a pool for German researchers to poll. The goal of the study was to discover what tools and languages hackers prefer, a mission that sparked some unexpected results.

    The researchers were interested in understanding what languages self-described hackers use, and also asked about OS and IDE choice, whether or not an individual considered their choice important for hacking and how much experience they had as a programmer and hacker.

    Continue reading
  • Stolen-data market RaidForums taken down in domain seizure
    Suspected admin who went by 'Omnipotent' awaits UK decision on extradition to US

    After at least six years of peddling pilfered personal information, the infamous stolen-data market RaidForums has been shut down following the arrest of suspected founder and admin Diogo Santos Coelho in the UK earlier this year.

    Coelho, 21, who allegedly used the mistaken moniker "Omnipotent" among others, according to the US indictment unsealed on Monday in the Eastern District of Virginia, is currently awaiting the outcome of UK legal proceedings to extradite him to the United States.

    The six-count US indictment [PDF] charges Coelho with conspiracy, access device fraud, and aggravated identity theft following from his alleged activities as the chief administrator of RaidForums, an online market for compromised or stolen databases containing personal and financial information.

    Continue reading
  • Ex IT chief at Homeland Security watchdog stole US govt software to pirate
    Murali Venkata found guilty of conspiracy to resell case management app

    A former acting branch chief of IT for the US Department of Homeland Security's (DHS) oversight office was convicted on Monday of conspiring to steal US government software in order to develop a commercial copy that could be resold to other government agencies.

    Murali Venkata, 56, of Aldie, Virginia, served as acting branch chief of the Information Technology Division of the DHS Office of the Inspector General (DHS-OIG). He was indicted in March 2020 alongside former acting inspector general of DHS-OIG Charles Edwards, 59, of Sandy Spring, Maryland.

    Both men faced charges that they and others conspired to steal government property and to defraud the US, that they stole government property, and that they committed wire fraud and aggravated identity theft. Venkata also faced an additional charge that he destroyed records.

    Continue reading
  • Yale finance director stole $40m in computers to resell on the sly
    Ill-gotten gains bankrolled swish life of flash cars and real estate

    A now-former finance director stole tablet computers and other equipment worth $40 million from the Yale University School of Medicine, and resold them for a profit.

    Jamie Petrone, 42, on Monday pleaded guilty to one count of wire fraud and one count of filing a false tax return, crimes related to the theft of thousands of electronic devices from her former employer. As director of finance and administration in the Department of Emergency Medicine, Petrone, of Lithia Springs, Georgia, was able to purchase products for her organization without approval if the each order total was less than $10,000.

    She abused her position by, for example, repeatedly ordering Apple iPads and Microsoft Surface Pro tablets only to ship them to New York and into the hands of a business listed as ThinkingMac LLC. Money made by this outfit from reselling the redirected equipment was then wired to Maziv Entertainment LLC, a now-defunct company traced back to Petrone and her husband, according to prosecutors in Connecticut [PDF].

    Continue reading

Biting the hand that feeds IT © 1998–2022