May 5, 2020
(Originally Posted on November 23, 2018)
Do you watch the show ‘Black Mirror’? If so, have you see the episode ‘Shut up and Dance’? Unfortunately, a new phishing scam scheme recently seen in the wild makes the topic of that episode very real for those targeted with this sextortion scam.
The phishing email claims that your computer has been hacked and that you were recorded while viewing pornography online. The scammer gives you just 24 hours to make a payment of over $1000 via Bitcoin. “If I don’t get the payment,” the email continues, “I will send your video to all of your contacts including relatives, coworkers, and so forth.” To ensure they have your attention, the email is addressed to you by name and knows one of your online passwords. The password the attacker used in the email is actually from a public data breach dump previously released online, and is used to scare the victim into believe the threat is real.
For a more detailed write up on this scam, you can read all about it here - https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/ [1]
What To Do If You Receive An Email Like This
-
Do not respond to the email. Delete it.
-
If you still use the password in the email, in any context whatsoever, change it immediately and stop using it for any accounts. More information on password security can be found on our InfoSec blogs here - https://www.uoguelph.ca/ccs/infosec [2]
-
Don’t pay the ransom! If you pay the ransom, not only are you supporting the scammers, but the scammers may continue to blackmail you. Read more about why you should never pay the ransom here - https://www.uoguelph.ca/ccs/infosec/dontpaytheransom [3]
-
If you are concerned about spyware on your computer, install anti-malware software, and protect yourself by covering your computer’s camera when not in use.
Extortion and sextortion are serious crimes. If you are the victim of a real extortion or sextortion scam, or if you know someone who is, please contact the University of Guelph Campus Community Police at x52245.
2020 Update
These scams continue to make the rounds here at the University. Below are some security blog links which detail the most recent campaigns:
Written by: Hanna Guan (Cyber Security Analyst, Information Security)