IT firm warns of new sextortion scam causing 'misery and stress'
An IT company has warned of a new online sextortion scam which it says is “causing a lot of misery and stress” to computer users by sending them their own hacked passwords.
The phishing email is causing panic to many users because it identifies one of their account passwords and claims it has information on their online activity, which they will share to family and friends unless paid $3,200 in bit coin.
Dash.ie in Dundalk, County Louth has asked people to be vigilant after receiving up to 15 calls a day from “stressed out” customers across the country who have received the email over the last few weeks.
The email states: ‘I’m aware ... is your password. You don’t know me and you’re probably thinking why you are getting this mail, right?
‘Well I actually placed a malware on the adult video clips (porno) web site and guess what, you visited this website to experience fun (you know what I mean).
‘While you were watching video clips, your internet browser started out working as a remote desktop with a key logger which gave me access to your display screen as well as web camera.
‘Just after that, my software program gathered every one of your contacts from your Messanger, Facebook and email.’
It then offers the user a choice to pay them $3,200 through bitcoin within 24 hours or face the video being sent to all their contacts.
Unbelievably, the phisher says it only wants the money as compensation for time spent investigating them and warned that the ‘cops’ won’t trace him.
Managing director of Dash.ie, Dalton Dullaghan says people should not panic, not email the fraudster back, change all of their passwords and turn off their webcam when not in use.
“We’ve been getting a lot of calls from stressed out people on this sextortion scam that’s doing the rounds at the moment,” he said.
“Customers have been really worried about how their passwords have fallen into the wrong hands.
“On average, the passwords I have seen have been ones that the users actually do have in use on the internet at various places, which adds a sense of realism and panic to the email.
“Most likely, an account associated with the email address has been compromised at some point – such as the well documented breaches in Facebook and LinkedIn – and the criminal is using details already available on the dark web.
“I would be very worried that this kind of email could have tragic consequences on a vulnerable person who may be driven over the edge by this.
“Never pay the bad bounty and turn on the two-step authentication of all accounts where possible.”