Threatening emails alleging that the recipient has been observed conducting personal activities while watching pornographic videos are surging with the increase of people working from home, where they’re far from their corporate firewalls and security software. So are emails alleging that your corporate, personal or health information has been found in a breach. In both cases the sender threatens to send the videos or other sensitive information information to your entire contact list unless you pay them money using Bitcoin.
The way it normally works is that you’ll receive an email, frequently from what appears to be your own email account. The email says that the hacker sending it has compromised your security and taken over your webcam, which is how they claim to have recorded videos of you. As proof of their hack, they will send you your password. Then they will demand that you send them several thousand dollars via a Bitcoin account. They also threaten that if you don’t, they will email the video to all of your contacts
“I was hit by the web pages of personal content material that you normally take a look at,” is a typical claim of the hacker conducting such an attack, “I’m in great shock of your Fantasies. I have never seen anything like this!”
There will be other claims of implanting malware on your computer, and an explanation of how the hacker accomplished his deed. “Consequently, when you had fun on piquant website (you know what i mean) I made screenshot with using my program through your CAMERA of your system.”
The password that they sometimes include may be real, but it’s also probably very old, and hopefully you’ve changed it long ago. Those passwords are available on the dark web.
You’ll also notice that the sender is not familiar with English, and that there’s a complete lack of any detail about the material that was taken. These are all signs of such an attack.
“It’s your standard Bitcoin blackmail phish,” said Eric Howes, a security expert at KnowBe4. “We see variants on this one pretty much every day.”
One of the latest variants is a claim that the criminals have your data. They say they’ve breached your website and downloaded your company data. They’ll demand a payment to give it back and erase it from their files. But they usually don’t specify what data they have, except sometimes to claim they have your medical files or proof of criminal activity. And they threaten to expose it.
What to Do
If you get one of those extortion emails, don’t do anything immediately. If it follows the pattern you won’t see…