Earlier this week, one of us received a very disturbing email. It basically said that using a malware they have recorded the individual via webcam watching an adult site. As evidence and to sound more convincing an old password of was revealed. This obviously was a sextortion scandal and we however were at ease as we knew we had not done anything wrong. However we were amazed as how convincing it seems.
1. Evidence provided was a password used by that individual years back. Its most likely that some site where the password was used was hacked and if the password was not stored correctly it would be revealed to the hacker. We even narrowed down the likely culprit to a Chinese global printing site where this password was used years back. This is why you should ideally have different passwords for different sites as a compromise on one can likely mean a compromise on another. Always keep bank and other sensitive passwords complicated and different.
We suggest you refer to our previous guidelines
General everyday user security guidelines
Password guideline for general users
2. Be careful when clicking links from unknown individuals, either emails, or links send via messenger. If you are not sure, its better to avoid. Some of these are malware which may install on your system.
3. Keep your personal and professional assets separate. By this we mean, use a different system for your home use and keep your office assets strictly professional. There are more chances you will get a malware when visiting site like adult related, dating, etc. Be careful when visiting such sites.
4. Disconnect your camera when not in use. If its inbuilt like on laptops, you can disable them in the system settings, or even put a masking tape over it.
5. Never click compromising images of yourself and/or store them any device. Don't feel pressured to click any such images no matter the circumstances. You will read all over the news of leaked images/videos of celebrities.
6. Be careful of sharing your device with someone else, ideally never share your phone and other personal devices with anyone. Its your personal device, no one else should touch it or use it, be impolite if needed to send the message across. Always password protect your device.
7. If you are giving your laptop/mobile and other device away, format it before you send it, or do a factory reset. A simple google search should help you. Even if you are throwing it in the bin you should do that. Perhaps invest in a good hammer. We have received laptops in the past personally where friends etc have asked to clean up and it had a huge history of theirs available for us to exploit if needed.
8. Sextortion works on fear, on shaming you in front of your family friends, colleagues & clients. Obviously there is nothing wrong in going to an adult site, but this this something many of us would not like others to know, and definitely not want others to see a video of you in a compromising position. Hence follow the above steps to avoid such a situation.
Below is the full email received for your reading pleasure...
This is your badluck. I do know xxxxxx is your pass word. More importantly, I know your secret and I have evidence of your secret. You don't know me and nobody employed me to examine you.
It's just your hard luck that I stumbled across your bad deeds. Let me tell you, I setup a malware on the adult videos (sexually graphic) and you visited this site to have fun (you know what I mean). When you were busy watching videos, your web browser started functioning as a Rdp (Remote control desktop) that has a key logger which gave me access to your display and webcam. Right after that, my software collected your entire contacts from your facebook, and mailbox.
After that I gave in much more hours than I should have digging into your life and created a double-screen video. 1st part shows the video you had been watching and 2nd part displays the capture of your webcam (its you doing inappropriate things).
Honestly, I'm ready to forget all about you and let you move on with your life. And I am about to give you two options that will achieve that. Those two choices either to ignore this letter, or simply just pay me $3200. Let’s explore those 2 options in more detail.
First Option is to ignore this email message. Let me tell you what will happen if you choose this path. I will definitely send your video to all your contacts including close relatives, co-workers, and so forth. It won't shield you from the humiliation your self will feel when relatives and buddies discover your dirty details from me.
Second Option is to make the payment of $3200. We will call this my “privacy fee”. Now lets see what will happen if you opt this option. Your secret will remain your secret. I'll destroy the video immediately. You keep your daily life like nothing like this ever occurred.
At this point you must be thinking, “I will complain to the police”. Without a doubt, I've taken steps in order that this email cannot be tracked to me plus it will not stop the evidence from destroying your health. I'm not trying to steal all your savings. I am just looking to be paid for my time I put in investigating you. Let's assume you have decided to make pretty much everything disappear and pay me the confidentiality fee. You'll make the payment via Bitcoin (if you do not know how, type "how to buy bitcoins" on google search)
Required Amount: $3200
Send To This Bitcoin Address: xxxxxxxxxxxxxxxxxxxxxx (You must Edit * from this string and copy and paste it carefully)
Tell no-one what you should be sending the bitcoin for or they might not give it to you. The method to have bitcoin can take a day or two so do not put it off.
I've a unique pixel within this e mail, and at this moment I know that you have read this message. You have 24 hours to make the payment. If I don't get the BitCoins, I will certainly send out your video recording to your contacts including friends and family, coworkers, and so forth. You better come up with an excuse for friends and family before they find out. Nonetheless, if I do get paid, I'll destroy the proof and all other proofs immediately. It is a non-negotiable one time offer, thus kindly don't ruin my time & yours. Your time is running out. Let me tell you, my software will definitely be keeping tracking of the actions you take when you find yourself done reading this letter. You should know If you search something suspicious then I will share your sextape to your close relatives, colleagues before time ends.