This article is more than 1 year old
Scam alert: No, hackers don't have webcam vids of you enjoying p0rno. Don't give them any $$s
Extortionists snatch weak passwords to shame victims
Scumbags are trying to extort money from netizens by threatening to leak to friends and family videos of their marks watching X-rated videos.
A Reg reader this week shared their story of being contacted by an extortionist who claimed to have obtained, through hacking our reader's PC, compromising webcam footage of them engaging in an act of self-love while watching an adult website. No such video existed. Our tipster is also not the only one to receive one of these messages this month.
To help push the scam, the crooks had harvested some low-hanging fruit – a weak password scraped from a hacked forum our reader had frequented. The attacker showed the password to the reader in an attempt to convince them that the miscreant really was a hacker, and to pay up or else.
It's probably easier to just paste the email so you can see what we mean:
I'm aware, [REDACTED], is your password. You don't know me and you are probably wondering why you're getting this email, right?
Let me tell you, I actually placed a malware on the adult video clips (porn) website and there's more, you visited this site to experience fun (you know what I mean). While you were watching videos, your web browser began operating as a RDP (Remote control Desktop) that has a key logger which gave me accessibility to your screen and also webcam. Immediately after that, my software collected every one of your contacts from your Messenger, Facebook, as well as email.
What exactly did I do?
I made a double-screen video. First part displays the video you were viewing (you've got a fine taste ; )), and second part displays the recording of your web cam.
What should you do?
Well, in my opinion, $2900 is a fair price tag for our little secret. You will make the payment via Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).
In this case, the extortionist is banking on the target reusing their leaked password for other more important websites and being convinced that those accounts have been compromised as well. In reality, the attacker probably only has the one password, harvested from a forum you likely visited several years ago, and only wants to get a quick payout.
As our source notes, this is likely going to be successful enough to win the scammers a few easy bucks. After all, no one relishes the thought of friends and family seeing them indulge in the pleasures of the palm or pinkie.
"These people have obviously managed to hack a small time forum somewhere, as the password is, indeed, one of the low level passwords I use on forums where I don't give a flying about the account," our tipster told us on Thursday.
"However, if they are sending these out to people, then the scare factor is going to be significant enough to push real buttons on some people."
Fortunately, at least one of the accounts used by the scammers has been suspended by Microsoft.
If you receive this email, don't panic. Don't pay up. There most likely isn't a video. Change your password, and consider using two-factor authentication and a password manager to keep your accounts secure going forward. ®
Biting the hand that feeds IT
