A new sextortion scam has been detected that attempts to fool the recipient of the message into believing their email account has been compromised and that their computer is under full control of the attacker.
The scammers spoof the user’s email address so that it appears that the message has been sent from the user’s email account – The sender and the recipient names are identical.
A quick and easy check that can be performed to determine whether the sender name displayed is the actual account that has been used to send the email is to click forward. When this is done, the display name is shown, but so too is the actual email address that the message has been sent from. In this case, that check fails making it seem that the user’s email account has actually been compromised.
The messages used in this campaign attempt to extort money by suggesting the hacker has gained access to the user’s computer by means of a computer virus. It is claimed that the virus gives the attacker the ability to monitor the user’s internet activities in real time and use the computer’s webcam to record the user.
The attacker claims that the virus was downloaded to the computer as a result of the user visiting an adult website and that while viewing internet pornography the webcam was active and recording. “Your tastes are so weird,” states the scammer in the email.
The scammer claims that they will synch the webcam footage with the content that the user was viewing and send a copy of the video to all the user’s partner, friends, and relatives. It is claimed that all the user’s accounts have been compromised. The message also includes an example of one of the user’s passwords.
While it is extremely unlikely that the password supplied in the email is valid for any of the user’s account, the message itself will still be chilling for some individuals and will be enough to get them to make the requested payment of $800 to have the footage deleted.
However, this is a sextortion scam where the attackers have no leverage as there is no virus and no webcam footage. However, it is clear that at least some recipients were not willing to take a chance.
According to security researcher SecGuru, who received a version of the email in Dutch and found a similar English language version, the Bitcoin account used by the scammer had received payments of 0.37997578 Bitcoin – $3,500 – in the first two days of the campaign. Now 7 days after the first payment was made, the earnings have risen to 1.1203 Bitcoin – $6,418 – with 15 individuals having paid.
This scam will no doubt be familiar to viewers of Black Mirror, a recent episode of which covered a very similar sextortion scam.
This tactic is nothing new. Many similar scams have been conducted in the past and many more will be in the future. What makes this campaign more chilling is the apparent hijacking of the email account and the highly effective spoofing.
A similar sextortion scam was conducted in the summer which also had an interesting twist. It used an old password for the account that had been obtained from a data dump. In that case, the password was real, at least at some point in the past, which made the scam seem genuine.